<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
也可以在创建项目的时候选择SpringSecurity组件,如下图:
package com.shenmazong.demosecurity0718.controller;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* @author 军哥
* @version 1.0
* @description: 接口测试控制器
* @date 2021/7/18 17:38
*/
@RestController
@Slf4j
public class IndexController {
@PostMapping(value = "/success")
public Object success() {
return "success";
}
@PostMapping(value = "/failure")
public Object failure() {
return "failure";
}
@PostMapping(value = "/login")
public Object login(String name, String pass) {
if(name.equals("admin") && pass.equals("123456")) {
return "ok";
}
return "error";
}
@PostMapping(value = "/index")
public Object index() {
return "index";
}
@PostMapping(value = "/list")
public Object list() {
return "list";
}
}
此时访问接口,出现401错误,现象如下:
package com.shenmazong.demosecurity0718.config;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* @author 军哥
* @version 1.0
* @description: SpringSecurity配置类
* @date 2021/7/18 17:45
*/
@Slf4j
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
}
}
package com.shenmazong.demosecurity0718.config;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* @author 军哥
* @version 1.0
* @description: SpringSecurity配置类
* @date 2021/7/18 17:45
*/
@Slf4j
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// 所有请求都可以访问
http.authorizeRequests().antMatchers("/**").permitAll()
// 跨域請求关闭
.and().csrf().disable()
// 资源下载权限关闭
.headers().frameOptions().disable();
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// 放行url
.antMatchers("/login", "/index").permitAll()
// 其他所有url请求都需要验证
.anyRequest().authenticated()
// 跨域請求关闭
.and().csrf().disable()
// 资源下载权限关闭
.headers().frameOptions().disable();
}
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// 放行url
.antMatchers("/login", "/index").permitAll()
// 其他所有url请求都需要验证
.anyRequest().authenticated()
// 设定登录相关页面
.and()
.formLogin()
.loginProcessingUrl("/process")
.successForwardUrl("/success").
failureForwardUrl("/failure")
// 跨域請求关闭
.and().csrf().disable()
// 资源下载权限关闭
.headers().frameOptions().disable();
}
注意:
- loginProcessingUrl函数中配置的url无需存在,有SpringSecurity来接管验证
- 接收登录的参数为 username
和 password
- 系统默认的用户名是:user
,而密码是随机生成的,如下图: