前言
本文作为入门级的DEMO,完全按照官网实例演示;
项目目录结构
Maven 依赖
-
<parent> <groupId> org.springframework.boot </groupId> <artifactId> spring-boot-starter-parent </artifactId> <version> 1.4.1.RELEASE </version> </parent> <dependencies> <dependency> <groupId> org.springframework.boot </groupId> <artifactId> spring-boot-starter-web </artifactId> </dependency> <dependency> <groupId> org.springframework.boot </groupId> <artifactId> spring-boot-starter-security </artifactId> </dependency> <dependency> <groupId> org.springframework.boot </groupId> <artifactId> spring-boot-starter-thymeleaf </artifactId> </dependency> </dependencies>
前端页面 home.html
-
<!DOCTYPE html> <html xmlns = "http://www.w3.org/1999/xhtml" xmlns:th = "http://www.thymeleaf.org" > <head> <title> Spring Security Example </title> </head> <body> <h1> Welcome! </h1> <p> Click <a th:href = "@{/hello}" > here </a> to see a greeting. </p> </body> </html>
前端页面 login.html
-
<!DOCTYPE html> <html xmlns = "http://www.w3.org/1999/xhtml" xmlns:th = "http://www.thymeleaf.org" > <head> <title> Spring Security Example </title> </head> <body> <div th:if = "${param.error}" > Invalid username and password. </div> <div th:if = "${param.logout}" > You have been logged out. </div> <form th:action = "@{/login}" method = "post" > <div><label> UserName: <input type = "text" name = "username" /> </label></div> <div><label> Password: <input type = "password" name = "password" /> </label></div> <div><input type = "submit" value = "Sign In" /></div> </form> </body> </html>
前端页面 hello.html
-
<!DOCTYPE html> <html xmlns = "http://www.w3.org/1999/xhtml" xmlns:th = "http://www.thymeleaf.org" > <head> <title> Hello World! </title> </head> <body> <h1 th:inline = "text" > Hello [[${#httpServletRequest.remoteUser}]]! </h1> <form th:action = "@{/logout}" method = "post" > <input type = "submit" value = "Sign Out" /> </form> </body> </html>
启动程序 Application.java
-
@SpringBootApplication public class Application { public static void main( String [] args) { SpringApplication .run( Application . class , args); } } HomeController.java @Controller public class HomeController { @RequestMapping ( "/" ) public String home(){ return "home" ; } @RequestMapping ( "/login" ) public String login(){ return "login" ; } @RequestMapping ( "/hello" ) public String hello(){ return "hello" ; } }
Web安全配置 WebSecurityConfig.java
-
@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure( HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers( "/" ).permitAll() //请求路径"/"允许访问 .anyRequest().authenticated() //其它请求都需要校验才能访问 . and () .formLogin() .loginPage( "/login" ) //定义登录的页面"/login",允许访问 .permitAll() . and () .logout() //默认的"/logout", 允许访问 .permitAll(); } @Autowired public void configureGlobal( AuthenticationManagerBuilder auth) throws Exception { //在内存中注入一个用户名为anyCode密码为password并且身份为USER的对象 auth .inMemoryAuthentication() .withUser( "anyCode" ).password( "password" ).roles( "USER" ); } }