1.工業(yè)級安全框架介紹
Spring Security基于Spring開發(fā),項目中如果使用Spring作為基礎(chǔ),配合Spring Security做權(quán)限更加方便,而Shiro需要和Spring進(jìn)行整合開發(fā)。因此作為spring全家桶中的Spring Security在java領(lǐng)域很常用。
2.建議搭建Spring Security環(huán)境
2.1在pom.xml中添加相關(guān)依賴
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.example</groupId>
<artifactId>springsecurityReview</artifactId>
<version>1.0-SNAPSHOT</version>
<parent>
<artifactId>spring-boot-dependencies</artifactId>
<groupId>org.springframework.boot</groupId>
<version>2.5.4</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
</dependencies>
</project>
2.2創(chuàng)建Handler類
package com.example.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class Handler {
@GetMapping("/index")
public String index(){
return "index";
}
}
2.3創(chuàng)建簡單的html和配置相關(guān)thymeleaf的路徑
2.4最后再加個啟動類,那么我們的整合測試就完成勒
package com.example; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication public class Application { public static void main(String[] args) { SpringApplication.run(Application.class,args); } }
2.5成果展示 用戶名默認(rèn)user,密碼則隨機(jī)生成的這串?dāng)?shù)字
3.進(jìn)階版使用
3.1用戶名和密碼自定義
3.2在config包下創(chuàng)建Encoder
進(jìn)行密碼的校驗和轉(zhuǎn)碼操作,將密碼轉(zhuǎn)成字符串形式,并通過match方法驚醒校驗。
3.3賦予賬號角色權(quán)限
package com.example.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//角色和資源的關(guān)系
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/admin").hasRole("ADMIN")
.antMatchers("/index").access("hasRole("ADMIN") or hasRole("USER") ")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll()
.and()
.csrf()
.disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder())
.withUser("user").password(new MyPasswordEncoder()
.encode("000")).roles("USER")
.and()
.withUser("admin").password(new MyPasswordEncoder()
.encode("123")).roles("ADMIN","USER");
}
}
最后達(dá)到admin賬號能訪問admin.html和index.html
user只能訪問index.html的操作
總結(jié)
本篇文章就到這里了,希望能夠給你帶來幫助,也希望您能夠多多關(guān)注服務(wù)器之家的更多內(nèi)容!
原文鏈接:https://blog.csdn.net/DrLai/article/details/120275069
