1、方案一,只导入依赖不配置2、方案二,配置文件直接更改账号,密码,写配置3、方案三,写一个配置类4、方案四,写一个配置类,同时能设置登录的账号和密码5、方案五,写一个服务类(设置账号密码)+配置类
写一个服务类UserDetailsServiceImpl在配置类中注入服务类 6、实现自定义登录页面设置
把下面的代码写入配置类,这些就是自定义设置登录页面我写的完整配置类
1、方案一,只导入依赖不配置org.springframework.boot spring-boot-starter-security org.springframework.security spring-security-test test org.thymeleaf.extras thymeleaf-extras-springsecurity5
这个方案,依赖导入之后SpringBoot项目会自启动,生成默认配置。
规则
拦截所有请求内置一个默认的登录界面账号为:user,密码:命令行输出的一串数字(每次启动生成的都不一样)
看图
2、方案二,配置文件直接更改账号,密码,写配置
spring.security.user.name=ljj spring.security.user.password=11113、方案三,写一个配置类
比如,具体意思写在注释了
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin() // 表单登录
.and()
.authorizeRequests() // 认证配置
.anyRequest() // 任何请求
.authenticated(); // 都需要身份验证
//.permitAll(); // 都放行
}
4、方案四,写一个配置类,同时能设置登录的账号和密码
写一个自定义用户实现类
package com.atguigu.csrfsecurity.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import javax.annotation.Resource;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public BCryptPasswordEncoder newBCryptPasswordEncoder(){
return new BCryptPasswordEncoder(); //没有这个会报错
}
//实现用户身份认证
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String password = passwordEncoder.encode("1111");
auth.inMemoryAuthentication().withUser("ljj").password(password).roles("admin");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin() // 表单登录
.and()
.authorizeRequests() // 认证配置
.anyRequest() // 任何请求
.authenticated(); // 都需要身份验证
}
}
5、方案五,写一个服务类(设置账号密码)+配置类
写一个服务类UserDetailsServiceImpl
package com.atguigu.csrfsecurity.service;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.List;
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
List list = new ArrayList<>();
list.add(new SimpleGrantedAuthority("role"));
UserDetails userDetails = new User("ljj", new BCryptPasswordEncoder().encode("123")
, list);
return userDetails;
}
}
在配置类中注入服务类
package com.atguigu.csrfsecurity.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import javax.annotation.Resource;
import javax.sql.DataSource;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Resource
UserDetailsService userDetailsService; //实际是注入上面的服务类UserDetailsServiceImpl
//实现用户身份认证
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//配置url的访问权限
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/**update**").permitAll()
.antMatchers("/login/**").permitAll()
.anyRequest().authenticated();
}
}
6、实现自定义登录页面设置
把下面的代码写入配置类,这些就是自定义设置登录页面
//使用自定义的登录窗口
http.formLogin()
.loginPage("/userLogin").permitAll() //认证之前跳转的页面,登录访问路径默认和登录页面路径一致了
.loginProcessingUrl("/ceshi") //设置登录访问路径
.usernameParameter("username").passwordParameter("password") //设置登录访问路径需要的参数
.defaultSuccessUrl("/test") //成功之后的跳转,重定向
.failureUrl("/userLogin?error"); //登录失败之后的跳转,转发
我写的完整配置类
package com.atguigu.csrfsecurity.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import javax.annotation.Resource;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin() // 表单登录
.and()
.authorizeRequests() // 认证配置
.anyRequest() // 任何请求
.authenticated(); // 都需要身份验证
//使用自定义的登录窗口
http.formLogin()
.loginPage("/userLogin").permitAll() //认证之前跳转的页面,登录访问路径默认和登录页面路径一致了
.loginProcessingUrl("/ceshi") //设置登录访问路径
.usernameParameter("username").passwordParameter("password") //设置登录访问路径需要的参数
.defaultSuccessUrl("/test") //成功之后的跳转,重定向
.failureUrl("/userLogin?error"); //登录失败之后的跳转,转发
//.failureForwardUrl("/test01");
}
}
