Springsecurity4学习心得-2

2020-05-29   75 次阅读


springboot使用2.0.9以下版本
image.png
这里使用2.0.9作为案例:
需要用到的maven地址:

        <!--security与thymeleaf整合-->
        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
            <version>3.0.4.RELEASE</version>
        </dependency>
        <!--模板引擎-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <!--security认证,授权-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

1. 配置登录页请求

image.png
Controller层处理请求
image.png

2. 表单提交登录的请求,无需写Controller层接收

image.png

image.png
这里的action请求,需要与.loginProcessingUrl("/dologin")保持一致即可;
image.png

3. 前端向后台传登录表单值的配置

默认无需修改
image.png
若需修改,则需要配置如下:
修改后如图
image.png
配置与其一一对应

4. 记住我功能实现(即记录密码登录)

添加如下语句
image.png
需要注意的是.rememberMeParameter("");的值,需要与表单name值对应

image.png

所用到的部分代码如下:

package cn.hm1006.config;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //授权
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                //排除拦截的页面           首页所有人皆可访问
                .antMatchers("/").permitAll()
                //拦截的页面,增加角色访问          功能页拥有对应权限的人才能访问
                .antMatchers("/level1/**").hasRole("vip1")
                .antMatchers("/level2/**").hasRole("vip2")
                .antMatchers("/level3/**").hasRole("vip3");
        //没有权限,开启默认进入登录页面
        http.formLogin().loginPage("/toLogin").usernameParameter("user").passwordParameter("pwd").loginProcessingUrl("/dologin");
        //注销 /logout     配置注销后进入到首页
        http.logout().logoutSuccessUrl("/");
        http.csrf().disable();//关闭csrf功能

        //开启记住我功能
        http.rememberMe().rememberMeParameter("remeberMe");
    }

    //认证
    @Override
    public void configure(AuthenticationManagerBuilder auto) throws Exception {
        //正常情况这些数据需要从数据库读取          密码编码PasswordEncoder
        auto.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("admin").password(new BCryptPasswordEncoder().encode("admin")).roles("vip1","vip2","vip3")
                .and()
                .withUser("test").password(new BCryptPasswordEncoder().encode("test")).roles("vip1");
    }
}


<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
    <title>登录</title>
    <!--semantic-ui-->
    <link href="https://cdn.bootcss.com/semantic-ui/2.4.1/semantic.min.css" rel="stylesheet">
</head>
<body>

<!--主容器-->
<div class="ui container">

    <div class="ui segment">

        <div style="text-align: center">
            <h1 class="header">登录</h1>
        </div>

        <div class="ui placeholder segment">
            <div class="ui column very relaxed stackable grid">
                <div class="column">
                    <div class="ui form">
                        <form th:action="@{/dologin}" method="post">
                            <div class="field">
                                <label>Username</label>
                                <div class="ui left icon input">
                                    <input type="text" placeholder="Username" name="user">
                                    <i class="user icon"></i>
                                </div>
                            </div>
                            <div class="field">
                                <label>Password</label>
                                <div class="ui left icon input">
                                    <input type="password" name="pwd">
                                    <i class="lock icon"></i>
                                </div>
                            </div>
                            <input type="submit" class="ui blue submit button"/>
                            <input type="checkbox" name="remeberMe">记住我
                        </form>
                    </div>
                </div>
            </div>
        </div>

        <div style="text-align: center">
            <div class="ui label">
                </i>注册
            </div>
            <br><br>
        </div>
    </div>


</div>

<script th:src="@{/qinjiang/js/jquery-3.1.1.min.js}"></script>
<script th:src="@{/qinjiang/js/semantic.min.js}"></script>

</body>
</html>

Q.E.D.

知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议

如人饮水、冷暖自知