摘要:在这篇文章中,我们主要来讲解一下Spring Security、Spring Boot、Thymeleaf整合,实现安全的访问应用,下面就来看下具体步骤。
一:项目结构
二:框架版本列表
Spring Security 5.0.7.RELEASE
Spring Boot 2.0.4.RELEASE
Thymeleaf 3.0.1.RELEASE
三:核心依赖
3.1:父模块依赖:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.4.RELEASE</version>
</parent>
3.2:子模块依赖:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
四:核心配置类
SecurityConfig类是核心的提供安全认证的类,该类继承了Spring Secrity的WebSecurityConfigurerAdapter类,重写了configure()方法,以实现对应用的安全认证
package com.micai.spring.security.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
/**
* @Auther: zhaoxinguo
* @Date: 2018/8/3 14:47
* @Description:
*/
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/css/**", "/index").permitAll()
.antMatchers("/user/**").hasRole("USER")
.and()
.formLogin().loginPage("/login").failureUrl("/login-error");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser(User.withDefaultPasswordEncoder().username("admin").password("admin").roles("USER"));
}
}
五:核心控制器类
5.1:MainController类主要是控制请求转发到对应的页面的
package com.micai.spring.security.web;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
/**
* @Auther: zhaoxinguo
* @Date: 2018/8/3 14:52
* @Description:
*/
@Controller
public class MainController {
@RequestMapping("/")
public String root() {
return "redirect:/index";
}
@RequestMapping("/index")
public String index() {
return "index";
}
@RequestMapping("/login")
public String login() {
return "login";
}
@RequestMapping("/user/index")
public String userIndex() {
return "user/index";
}
@RequestMapping("/login-error")
public String loginError(Model model) {
model.addAttribute("loginError", true);
return "login";
}
}
5.2:应用启动类Application
package com.micai.spring.security;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
/**
* @Auther: zhaoxinguo
* @Date: 2018/8/3 14:59
* @Description:
*/
@SpringBootApplication
public class Application {
public static void main(String [] args) {
SpringApplication.run(Application.class, args);
}
}
5.3:application.yml配置文件
server:
port: 8080
logging:
level:
root: WARN
org.springframework.web: INFO
org.springframework.security: INFO
spring:
thymeleaf:
cache: false
5.4:login.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<title>登录页</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="/css/main.css" th:href="@{/css/main.css}" />
</head>
<body>
<center>
<h1>登录页</h1>
<p>样例用户(用户名/密码): admin / admin</p>
<p th:if="${loginError}" class="error">错误的用户名、密码</p>
<form th:action="@{/login}" method="post">
<label for="username">用户名</label>:
<input type="text" id="username" name="username" autofocus="autofocus" /> <br />
<label for="password">密码</label>:
<input type="password" id="password" name="password" /> <br />
<input type="submit" value="登录" />
</form>
<p><a href="/index" th:href="@{/index}">回到首页</a></p>
</center>
</body>
</html>
5.5:index.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
<title>Hello + Spring Security 5.x + Spring Boot 2.x</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="/css/main.css" th:href="@{/css/main.css}" />
</head>
<body>
<div th:fragment="logout" class="logout" sec:authorize="isAuthenticated()">
登录的用户: <span sec:authentication="name"></span> |
拥有的角色: <span sec:authentication="principal.authorities"></span>
<div>
<form action="#" th:action="@{/logout}" method="post">
<input type="submit" value="退出" />
</form>
</div>
</div>
<h1>Hello + Spring Security 5.x + Spring Boot 2.x</h1>
<p>这是一个不需要认证的页面,但是您可以在认证后访问安全页面.</p>
<ul>
<li>去 <a href="/user/index" th:href="@{/user/index}">需要认证的页面</a></li>
</ul>
</body>
</html>
5.6:user/index.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<title>Hello + Spring Security 5.x + Spring Boot 2.x</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="/css/main.css" th:href="@{/css/main.css}" />
</head>
<body>
<div th:substituteby="index::logout"></div>
<br/>
<h1>这是一个安全页面!</h1>
<p><a href="/index" th:href="@{/index}">回到首页</a></p>
</body>
</html>
六:运行结果
七:源代码下载
https://gitee.com/micai/micai-spring-security.git
八:参考地址
