Spring实战4之Spring Security
来源:互联网 发布:飞行器结构优化设计 编辑:程序博客网 时间:2024/04/29 20:25
1.禁止所有的请求访问
引入security-web与security-config两个依赖
package com.fishedee;import org.springframework.core.annotation.Order;import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;/** * Created by fishedee on 15/12/2016. */public class SecurityAppInitializer extends AbstractSecurityWebApplicationInitializer{}
建立AbstractSecurityWebApplicationInitializer类,其会增加Security的Filter
package com.fishedee;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;/** * Created by fishedee on 15/12/2016. */@Configuration@EnableWebSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter{ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().denyAll(); http.csrf().disable(); }}
建立SecurityConfig,建立安全配置,默认为禁止所有的请求访问
/** * Created by fishedee on 29/11/2016. */public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { @Override protected String[] getServletMappings(){ System.out.println("uu"); return new String[]{"/"}; } @Override protected Class<?>[] getRootConfigClasses(){ return new Class<?>[]{RootConfig.class,SecurityConfig.class}; } @Override protected Class<?>[] getServletConfigClasses(){ return new Class<?>[]{WebConfig.class}; }}
在WebAppInitializer中将SecurityConfig.class加入到RootConfig中
2.身份认证
@Configuration@EnableWebSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter{ @Override protected void configure(AuthenticationManagerBuilder auth)throws Exception{ auth.inMemoryAuthentication() .withUser("fish").password("123").roles("USER","ADMIN").and() .withUser("fish2").password("456").roles("USER"); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests(). anyRequest().authenticated().and().formLogin(); http.csrf().disable(); }}
配置为所有请求都必须登录后才能访问
这时候请求所有请求都会跳转到固定的/login页面,登录后自动跳转到原有的请求页面,注意,security指定的登出为/logout
3.获取用户
@Controllerpublic class HomeController { @RequestMapping(value="/",method= RequestMethod.GET) public String home(Model model){ model.addAttribute("text","My Name is Fish"); UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext() .getAuthentication() .getPrincipal(); System.out.println(userDetails); return "home"; }}
在Controller层通过SecurityContextHolder.getContext获取当前用户的信息
阅读全文
0 0
- Spring实战4之Spring Security
- Spring Security实战实用
- Spring Security实战
- Spring MVC 4 + Spring Security 4 + Hibernate +JPA实战
- 【Spring Security实战系列】Spring Security实战(一)
- 【Spring Security实战系列】Spring Security实战(二)
- 【Spring Security实战系列】Spring Security实战(三)
- 【Spring Security实战系列】Spring Security实战(四)
- 【Spring Security实战系列】Spring Security实战(五)
- 【Spring Security实战系列】Spring Security实战(六)
- 【Spring Security实战系列】Spring Security实战(七)
- Spring 之 Spring Security 讲解
- spring security之ACL
- spring security之应用
- spring-security之ChannelProcessingFilter
- 基于注释的Spring Security实战指南
- 基于注释的Spring Security实战指南
- Spring security实战(1)-----项目搭建
- 接口基础知识
- WebSocket+String
- .gitignore的配置
- 在二叉查找树中插入节点
- 利用java集合框架写的一个简单扑克游戏
- Spring实战4之Spring Security
- Zookeeper集群搭建
- Uva 247 电话圈——Floyd算法求传递闭包
- 可见区域加载图片
- 对于解决androidstudio编辑时发生的错误Didn't find class “android.support.design.widget.AppBarLayout”
- CentOS7 yum安装MySQL
- ip netns常用命令
- 遍历Map集合
- linux待机流程