SpringBoot对SpringSecurity的支持

SpringBoot针对SpringSecurity的自动配置在org.springframework.boot.autoconfigure.security包中，主要通过SecurityAutoConfiguration和SecurityProperties来完成配置。

SecuritAutoConfiguration导入了SpringBootWebSecurityConfiguration中的配置。在SpringBootWebSecurityConfiguration配置中，我们获得如下的自动配置：

1、自动配置了一个内存中的用户，账号为user，密码在程序启动时出现。
2、忽略/css/、/js/、/images/和//favicon.ico等静态文件的拦截。
3、自动配置的securityFilterChainRegistration的Bean。

SpringSecurity的配置项：

security.user.name=user # 内存中的用户默认账号为user
security.user.password= # 1默认用户的密码
security.user.role=USER #默认用户的角色
security.require-ssl=false # 是否需要ssl支持
security.enable-csrf=false #是否开启“跨站请求伪造”支持，默认关闭
security.basic.enable=true
security.basic.realm=Spring
security.basic.authorize-mode=
security.filter-order=0
security.headers.xss=false
security.headers.cache=false
security.headers.frame=false
security.headers.content-type=false
security.headers.hsts=all
security.session=stateless
security.ignored= # 用,隔开无需拦截的路径

SpringBoot为我们做了如此多的配置，当我们需要自己扩展配置时，只需配置类继承WebSecurityConfigurerAdapter类即可，无需使用@EnableWebSecurity注解。

在SpringBoot中使用Security

初始化项目

添加的Maven依赖

        <dependency>            <groupId>org.mybatis.spring.boot</groupId>            <artifactId>mybatis-spring-boot-starter</artifactId>            <version>1.1.1</version>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-security</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-thymeleaf</artifactId>        </dependency>        <dependency>            <groupId>org.thymeleaf.extras</groupId>            <artifactId>thymeleaf-extras-springsecurity4</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-web</artifactId>        </dependency>        <dependency>            <groupId>mysql</groupId>            <artifactId>mysql-connector-java</artifactId>            <scope>runtime</scope>        </dependency>

application.properties 的选项

spring.datasource.driverClassName=com.mysql.jdbc.Driverspring.datasource.url=jdbc:mysql://127.0.0.1:3306/sosweet?useUnicode=true&characterEncoding=utf-8&serverTimezone=UTCspring.datasource.username=rootspring.datasource.password=rootspring.datasource.type=com.alibaba.druid.pool.DruidDataSourcespring.datasource.driver-class-name=com.mysql.jdbc.Driverspring.datasource.filters=statspring.datasource.maxActive=20spring.datasource.initialSize=1spring.datasource.maxWait=60000spring.datasource.minIdle=1spring.datasource.timeBetweenEvictionRunsMillis=60000spring.datasource.minEvictableIdleTimeMillis=300000spring.datasource.validationQuery=select 'x'spring.datasource.testWhileIdle=truespring.datasource.testOnBorrow=falsespring.datasource.testOnReturn=falsespring.datasource.poolPreparedStatements=truespring.datasource.maxOpenPreparedStatements=20mybatis.mapperLocations=classpath:mapper/**/*.xmlmybatis.typeAliasesPackage=com.sosweet.entitylogging.level.org.springframeworlk.security=INFOspring.thymeleft.cache=false