• SpringBoot集成security

    1.创建项目集成依赖

    2.             org.springframework.boot
    3.             spring-boot-starter-security
    1. @RestController
    2. public class Test {
    3.     @GetMapping("/test")
    4.     public String test(){
    5.         return "test";
    6.     }
    7. }

    下面用到的测试方法

    1. @RestController
    2. public class Test {
    3.     @GetMapping("/test")
    4.     public String test(){
    5.         return "test";
    6.     }
    7.     @GetMapping("/admin/hello")
    8.     public String testadmin(){
    9.         return "admin";
    10.     }
    11.     @GetMapping("/user/hello")
    12.     public String testuser(){
    13.         return "user";
    14.     }
    15. }

    用户名user   密码为项目日志打印

    2.配置访问用户名和密码

    1. spring.security.user.name=liuboss
    2. spring.security.user.password=123456
    3. spring.security.user.roles=admin

    3.添加配置类---配置用户名和密码。

    1. @Configuration
    2. public class SecurityConfig extends WebSecurityConfigurerAdapter {
    3.  
    4.  
    5.     /*提供实例--不需要加密*/
    6.     @Bean
    7.     PasswordEncoder passwordEncoder(){
    8.         return NoOpPasswordEncoder.getInstance();
    9.     }
    10.  
    11.     @Override
    12.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    13.         auth.inMemoryAuthentication()
    14.                 .withUser("boss").password("123").roles("admin")
    15.                 .and()
    16.                 .withUser("liuboss").password("123").roles("admin");
    17.     }
    18. }

    4.配置访问角色和登录页面

    1. @Configuration
    2. public class SecurityConfig extends WebSecurityConfigurerAdapter {
    3.  
    4.  
    5.     /*提供实例--不需要加密*/
    6.     @Bean
    7.     PasswordEncoder passwordEncoder(){
    8.         return NoOpPasswordEncoder.getInstance();
    9.     }
    10.  
    11.     @Override
    12.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    13.         auth.inMemoryAuthentication()
    14.                 .withUser("admin").password("123").roles("admin")
    15.                 .and()
    16.                 .withUser("user").password("123").roles("user");
    17.     }
    18.  
    19.     @Override
    20.     protected void configure(HttpSecurity http) throws Exception {
    21.         http.authorizeRequests()
    22.                 .antMatchers("/admin/**").hasRole("admin")
    23.                 .antMatchers("user/**").hasAnyRole("admin","user")
    24.                 .anyRequest().authenticated()
    25.                 .and()
    26.                 .formLogin()
    27.                 .loginProcessingUrl("/doLogin")
    28.                 .permitAll()
    29.                 .and()
    30.                 /*关闭攻击使用postman测试*/
    31.                 .csrf().disable();
    32.     }
    33. }

    5.登陆表单的配置,增加登陆成功,登陆失败处理。

    1. @Configuration
    2. public class SecurityConfig extends WebSecurityConfigurerAdapter {
    3.  
    4.  
    5.     /*提供实例--不需要加密*/
    6.     @Bean
    7.     PasswordEncoder passwordEncoder(){
    8.         return NoOpPasswordEncoder.getInstance();
    9.     }
    10.  
    11.     @Override
    12.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    13.         auth.inMemoryAuthentication()
    14.                 .withUser("admin").password("123").roles("admin")
    15.                 .and()
    16.                 .withUser("user").password("123").roles("user");
    17.     }
    18.  
    19.     @Override
    20.     protected void configure(HttpSecurity http) throws Exception {
    21.         http.authorizeRequests()
    22.                 .antMatchers("/admin/**").hasRole("admin")
    23.                 .antMatchers("user/**").hasAnyRole("admin","user")
    24.                 .anyRequest().authenticated()
    25.                 .and()
    26.                 .formLogin()
    27.                 .loginProcessingUrl("/doLogin")
    28.                 /*跳转到登录页面*/
    29.                 .loginPage("/login")
    30.                 /*登陆成功的处理*/
    31.                 .successHandler(new AuthenticationSuccessHandler() {
    32.                     @Override
    33.                     public void onAuthenticationSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication) throws IOException, ServletException {
    34.                         resp.setContentType("application/json;charset=utf-8");
    35.                         PrintWriter out = resp.getWriter();
    36.                         HashMap map = new HashMap<>();
    37.                         map.put("status",200);
    38.                         map.put("msg",authentication.getPrincipal());
    39.                         out.write(new ObjectMapper().writeValueAsString(map));
    40.                         out.flush();
    41.                         out.close();
    42.                     }
    43.                 })
    44.                 /*登陆失败的处理*/
    45.                 .failureHandler(new AuthenticationFailureHandler() {
    46.                     @Override
    47.                     public void onAuthenticationFailure(HttpServletRequest req, HttpServletResponse resp, AuthenticationException e) throws IOException, ServletException {
    48.                         resp.setContentType("application/json;charset=utf-8");
    49.                         PrintWriter out = resp.getWriter();
    50.                         HashMap map = new HashMap<>();
    51.                         map.put("status",401);
    52.                         if (e instanceof LockedException){
    53.                             map.put("msg","账户被锁定,登录失败");
    54.                         } else if (e instanceof BadCredentialsException){
    55.                             map.put("msg","账户名或密码错误,登录失败");
    56.                         } else if (e instanceof DisabledException){
    57.                             map.put("msg","账户被禁用,登录失败");
    58.                         } else if (e instanceof AccountExpiredException){
    59.                             map.put("msg","账户过期登录失败");
    60.                         } else {
    61.                             map.put("msg","登录失败");
    62.                         }
    63.                         out.write(new ObjectMapper().writeValueAsString(map));
    64.                         out.flush();
    65.                         out.close();
    66.                     }
    67.                 })
    68.                 .permitAll()
    69.                 .and()
    70.                 /*关闭攻击使用postman测试*/
    71.                 .csrf().disable();
    72.     }
    73. }

    6.多个http   security  的配置。

    1. @Configuration
    2. public class MultHttpSecurityConfig {
    3.     /*提供实例--不需要加密*/
    4.     @Bean
    5.     PasswordEncoder passwordEncoder(){
    6.         return NoOpPasswordEncoder.getInstance();
    7.     }
    8.     @Autowired
    9.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    10.         auth.inMemoryAuthentication()
    11.                 .withUser("admin").password("1234").roles("admin")
    12.                 .and()
    13.                 .withUser("user").password("1234").roles("user");
    14.     }
    15.     /*多个http配置*/
    16.     @Configuration
    17.     /*@Order(1) 为访问优先级,数字越低,优先级越高*/
    18.     @Order(1)
    19.     public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter{
    20.         @Override
    21.         protected void configure(HttpSecurity http) throws Exception {
    22.             http.antMatcher("/admin/**").authorizeRequests().anyRequest().hasAnyRole("admin");
    23.         }
    24.     }
    25.  
    26.     @Configuration
    27.     public static class OtherSecurityConfig extends WebSecurityConfigurerAdapter{
    28.         @Override
    29.         protected void configure(HttpSecurity http) throws Exception {
    30.             http.authorizeRequests().anyRequest().authenticated()
    31.                     .and()
    32.                     .formLogin()
    33.                     .loginProcessingUrl("/doLogin")
    34.                     .permitAll()
    35.                     .and()
    36.                     .csrf().disable();
    37.         }
    38.     }
    39.  
    40. }

     

    7.密码加密  使用此方式

    1. @org.junit.jupiter.api.Test
    2.     public void contentLoads(){
    3.         for (int i = 0; i < 10; i++) {
    4.             BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
    5.             System.out.println(encoder.encode("123456"));
    6.         }
    7.     }

    8.配置密码加密方式

    1. @Configuration
    2. public class MultHttpSecurityConfig {
    3.     /*提供实例--不需要加密*/
    4.     @Bean
    5.     PasswordEncoder passwordEncoder(){
    6.         /*return NoOpPasswordEncoder.getInstance();*/
    7.         /*使用BCryptPasswordEncoder加密方式*/
    8.         return new BCryptPasswordEncoder();
    9.     }
    10.     @Autowired
    11.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    12.         auth.inMemoryAuthentication()
    13.                 .withUser("admin").password("$2a$10$/NB.L1nOJnBPsi3KTfvJfuoZCbOf.choREFrVZQXqCldfa0a3KNtq").roles("admin")
    14.                 .and()
    15.                 .withUser("user").password("$2a$10$4zwF70VbjE67IgiVmpLGVeuvg59DyJh/BN60drYw96XkHshXnln7K").roles("user");
    16.     }
    17.     /*多个http配置*/
    18.     @Configuration
    19.     /*@Order(1) 为访问优先级,数字越低,优先级越高*/
    20.     @Order(1)
    21.     public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter{
    22.         @Override
    23.         protected void configure(HttpSecurity http) throws Exception {
    24.             http.antMatcher("/admin/**").authorizeRequests().anyRequest().hasAnyRole("admin");
    25.         }
    26.     }
    27.  
    28.     @Configuration
    29.     public static class OtherSecurityConfig extends WebSecurityConfigurerAdapter{
    30.         @Override
    31.         protected void configure(HttpSecurity http) throws Exception {
    32.             http.authorizeRequests().anyRequest().authenticated()
    33.                     .and()
    34.                     .formLogin()
    35.                     .loginProcessingUrl("/doLogin")
    36.                     .permitAll()
    37.                     .and()
    38.                     .csrf().disable();
    39.         }
    40.     }
    41.  
    42. }

    9.方法的安全

    配置类

    1.  
    2. @Configuration
    3. /*开启方法安全*/
    4. @EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true)
    5. public class MultHttpSecurityConfig {
    6.     /*提供实例--不需要加密*/
    7.     @Bean
    8.     PasswordEncoder passwordEncoder(){
    9.         /*return NoOpPasswordEncoder.getInstance();*/
    10.         /*使用BCryptPasswordEncoder加密方式*/
    11.         return new BCryptPasswordEncoder();
    12.     }
    13.     @Autowired
    14.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    15.         auth.inMemoryAuthentication()
    16.                 .withUser("admin").password("$2a$10$/NB.L1nOJnBPsi3KTfvJfuoZCbOf.choREFrVZQXqCldfa0a3KNtq").roles("admin")
    17.                 .and()
    18.                 .withUser("user").password("$2a$10$4zwF70VbjE67IgiVmpLGVeuvg59DyJh/BN60drYw96XkHshXnln7K").roles("user");
    19.     }
    20.     /*多个http配置*/
    21.     @Configuration
    22.     /*@Order(1) 为访问优先级,数字越低,优先级越高*/
    23.     @Order(1)
    24.     public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter{
    25.         @Override
    26.         protected void configure(HttpSecurity http) throws Exception {
    27.             http.antMatcher("/admin/**").authorizeRequests().anyRequest().hasAnyRole("admin");
    28.         }
    29.     }
    30.  
    31.     @Configuration
    32.     public static class OtherSecurityConfig extends WebSecurityConfigurerAdapter{
    33.         @Override
    34.         protected void configure(HttpSecurity http) throws Exception {
    35.             http.authorizeRequests().anyRequest().authenticated()
    36.                     .and()
    37.                     .formLogin()
    38.                     .loginProcessingUrl("/doLogin")
    39.                     .permitAll()
    40.                     .and()
    41.                     .csrf().disable();
    42.         }
    43.     }
    44.  
    45. }

    service层配置

    1. @Service
    2. public class MethodService {
    3.     @PreAuthorize("hasAnyRole('admin')")
    4.     public String admin(){
    5.         return "hello admin";
    6.     }
    7.     @Secured("ROLB_user")
    8.     public String user(){
    9.         return "hello user";
    10.     }
    11.     @PreAuthorize("hasAnyRole('admin','user')")
    12.     public String hello (){
    13.         return "hello hello";
    14.     }
    15. }

    controller运用

    1.    @Autowired
    2.     MethodService methodService;
    3.  
    4.     @GetMapping("/hello1")
    5.     public String hello1(){
    6.         return methodService.admin();
    7.     }
    8.     @GetMapping("/hello2")
    9.     public String hello2(){
    10.         return methodService.user();
    11.     }
    12.     @GetMapping("/hello3")
    13.     public String hello3(){
    14.         return methodService.hello();
    15.     }

  • 相关阅读:
    笙默考试管理系统-MyExamTest----codemirror(30)
    matlab图像类型的转换九种
    【Android性能优化】:ProGuard,混淆,R8优化
    华为回击:制裁无法阻挡中国科技创新 | 百能云芯
    vuex存储用户信息封装
    这3个图表“小心机”,用对了雪中送炭,用错了是惨不忍睹
    vue大型电商项目尚品汇(后台终结篇)day06 重磅!!!
    人大金仓分析型数据库COPY装载数据
    IDEA启动C:\Users\badboy\.jdks\corretto-17.0.7\bin\java.exe -Xmx700m报错
    什么是单子?Java 开发人员的基本理论
  • 原文地址:https://blog.csdn.net/qq_39696115/article/details/128052008