- SSM + Shiro
- Spring Boot/Spring Cloud + Spring Security
項目創建
[XML] 純文本查看 複製代碼
1234<
dependency
>
<
groupId
>org.springframework.boot</
groupId
>
<
artifactId
>spring-boot-starter-security</
artifactId
>
</
dependency
>
初次體驗
[Java] 純文本查看 複製代碼
1234567@RestController
public
class
HelloController {
@GetMapping
(
"/hello"
)
public
String hello() {
return
"hello"
;
}
}
- 可以通過 form 表單來認證
- 可以通過 HttpBasic 來認證
用戶名配置
- 在 application.properties 中進行配置
- 通過 Java 代碼配置在內存中
- 通過 Java 從數據庫中加載
spring.security.user.name=javaboyspring.security.user.password=123
[Java] 純文本查看 複製代碼
010203040506070809101112131415@Configuration
public
class
SecurityConfig
extends
WebSecurityConfigurerAdapter {
@Override
protected
void
configure(AuthenticationManagerBuilder auth)
throws
Exception {
//下面這兩行配置表示在內存中配置了兩個用戶
auth.inMemoryAuthentication()
.withUser(
"javaboy"
).roles(
"admin"
).password(
"$2a$10$OR3VSksVAmCzc.7WeaRPR.t0wyCsIj24k0Bne8iKWV1o.V9wsP8Xe"
)
.and()
.withUser(
"lisi"
).roles(
"user"
).password(
"$2a$10$p1H8iWa8I4.CA.7Z8bwLjes91ZpY.rYREGHQEInNtAp4NzL6PLKxi"
);
}
@Bean
PasswordEncoder passwordEncoder() {
return
new
BCryptPasswordEncoder();
}
}
登錄配置
[Java] 純文本查看 複製代碼
010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960@Configuration
public
class
SecurityConfig
extends
WebSecurityConfigurerAdapter {
@Autowired
VerifyCodeFilter verifyCodeFilter;
@Override
protected
void
configure(HttpSecurity http)
throws
Exception {
http.addFilterBefore(verifyCodeFilter, UsernamePasswordAuthenticationFilter.
class
);
http
.authorizeRequests()
//開啓登錄配置
.antMatchers(
"/hello"
).hasRole(
"admin"
)
//表示訪問 /hello 這個接口,需要具備 admin 這個角色
.anyRequest().authenticated()
//表示剩餘的其他接口,登錄之後就能訪問
.and()
.formLogin()
//定義登錄頁面,未登錄時,訪問一個需要登錄之後才能訪問的接口,會自動跳轉到該頁面
.loginPage(
"/login_p"
)
//登錄處理接口
.loginProcessingUrl(
"/doLogin"
)
//定義登錄時,用戶名的 key,默認爲 username
.usernameParameter(
"uname"
)
//定義登錄時,用戶密碼的 key,默認爲 password
.passwordParameter(
"passwd"
)
//登錄成功的處理器
.successHandler(
new
AuthenticationSuccessHandler() {
@Override
public
void
onAuthenticationSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication)
throws
IOException, ServletException {
resp.setContentType(
"application/json;charset=utf-8"
);
PrintWriter out = resp.getWriter();
out.write(
"success"
);
out.flush();
}
})
.failureHandler(
new
AuthenticationFailureHandler() {
@Override
public
void
onAuthenticationFailure(HttpServletRequest req, HttpServletResponse resp, AuthenticationException exception)
throws
IOException, ServletException {
resp.setContentType(
"application/json;charset=utf-8"
);
PrintWriter out = resp.getWriter();
out.write(
"fail"
);
out.flush();
}
})
.permitAll()
//和表單登錄相關的接口統統都直接通過
.and()
.logout()
.logoutUrl(
"/logout"
)
.logoutSuccessHandler(
new
LogoutSuccessHandler() {
@Override
public
void
onLogoutSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication)
throws
IOException, ServletException {
resp.setContentType(
"application/json;charset=utf-8"
);
PrintWriter out = resp.getWriter();
out.write(
"logout success"
);
out.flush();
}
})
.permitAll()
.and()
.httpBasic()
.and()
.csrf().disable();
}
}
忽略攔截
- 設置該地址匿名訪問
- 直接過濾掉該地址,即該地址不走 Spring Security 過濾器鏈
[Java] 純文本查看 複製代碼
1234567@Configuration
public
class
SecurityConfig
extends
WebSecurityConfigurerAdapter {
@Override
public
void
configure(WebSecurity web)
throws
Exception {
web.ignoring().antMatchers(
"/vercode"
);
}
}