springboot使用2.0.9以下版本
这里使用2.0.9作为案例:
需要用到的maven地址:
<!--security与thymeleaf整合-->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>3.0.4.RELEASE</version>
</dependency>
<!--模板引擎-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<!--security认证,授权-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
1. 配置登录页请求
Controller层处理请求
2. 表单提交登录的请求,无需写Controller层接收
这里的action请求,需要与.loginProcessingUrl("/dologin")保持一致即可;
3. 前端向后台传登录表单值的配置
默认无需修改
若需修改,则需要配置如下:
配置与其一一对应
4. 记住我功能实现(即记录密码登录)
添加如下语句
需要注意的是.rememberMeParameter("");的值,需要与表单name值对应
所用到的部分代码如下:
package cn.hm1006.config;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//授权
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//排除拦截的页面 首页所有人皆可访问
.antMatchers("/").permitAll()
//拦截的页面,增加角色访问 功能页拥有对应权限的人才能访问
.antMatchers("/level1/**").hasRole("vip1")
.antMatchers("/level2/**").hasRole("vip2")
.antMatchers("/level3/**").hasRole("vip3");
//没有权限,开启默认进入登录页面
http.formLogin().loginPage("/toLogin").usernameParameter("user").passwordParameter("pwd").loginProcessingUrl("/dologin");
//注销 /logout 配置注销后进入到首页
http.logout().logoutSuccessUrl("/");
http.csrf().disable();//关闭csrf功能
//开启记住我功能
http.rememberMe().rememberMeParameter("remeberMe");
}
//认证
@Override
public void configure(AuthenticationManagerBuilder auto) throws Exception {
//正常情况这些数据需要从数据库读取 密码编码PasswordEncoder
auto.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("admin").password(new BCryptPasswordEncoder().encode("admin")).roles("vip1","vip2","vip3")
.and()
.withUser("test").password(new BCryptPasswordEncoder().encode("test")).roles("vip1");
}
}
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<title>登录</title>
<!--semantic-ui-->
<link href="https://cdn.bootcss.com/semantic-ui/2.4.1/semantic.min.css" rel="stylesheet">
</head>
<body>
<!--主容器-->
<div class="ui container">
<div class="ui segment">
<div style="text-align: center">
<h1 class="header">登录</h1>
</div>
<div class="ui placeholder segment">
<div class="ui column very relaxed stackable grid">
<div class="column">
<div class="ui form">
<form th:action="@{/dologin}" method="post">
<div class="field">
<label>Username</label>
<div class="ui left icon input">
<input type="text" placeholder="Username" name="user">
<i class="user icon"></i>
</div>
</div>
<div class="field">
<label>Password</label>
<div class="ui left icon input">
<input type="password" name="pwd">
<i class="lock icon"></i>
</div>
</div>
<input type="submit" class="ui blue submit button"/>
<input type="checkbox" name="remeberMe">记住我
</form>
</div>
</div>
</div>
</div>
<div style="text-align: center">
<div class="ui label">
</i>注册
</div>
<br><br>
</div>
</div>
</div>
<script th:src="@{/qinjiang/js/jquery-3.1.1.min.js}"></script>
<script th:src="@{/qinjiang/js/semantic.min.js}"></script>
</body>
</html>
Q.E.D.