Analysis of spring security basic configuration method
Spring security is a powerful and highly customizable authentication and access control framework. It is the de facto standard for protecting spring based applications. Spring security is a framework that focuses on providing authentication and authorization for Java applications. Like all spring projects, the real strength of spring security is that it can be easily extended to meet customization requirements
First establish a maven multi module project, as follows:
spring-security-core
POM dependency:
<!-- 工具类包 -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.7</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.1</version>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.6</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<!-- thymeleaf-视图解析 -->
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
spring-security-browser
POM dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>com.xwj</groupId>
<artifactId>spring-security-core</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
Security configuration:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin() // 表单登录。跳转到security默认的登录表单页
// http.httpBasic() //basic登录
.and()
.authorizeRequests() // 对请求授权
.antMatchers("/noAuth").permitAll() //允许所有人访问/noAuth
.anyRequest() // 任何请求
.authenticated()// 需要身份认证
;
}
}
spring-security-demo
POM dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>com.xwj</groupId>
<artifactId>spring-security-browser</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
In controller:
@RestController
@RequestMapping
public class IndexController {
/**
* 不需要认证的请求
*/
@GetMapping("/noAuth")
public String noAuth() {
return "noAuth";
}
/**
* 需要认证的请求
*/
@GetMapping("/user")
public String user() {
return "user";
}
}
Start the service. In the log, you can see the following information:
Using default security password: 90d9e73a-490c-484b-b7c5-5cd75c634e2f
This is the default password of security, which will be used when logging in later
The service port is 18081, which can be accessed in the browser http://localhost:18081/noAuth , the request does not require authentication, so you can directly enter our service as follows:
Revisit http://localhost:18081/user , the request requires authentication. You will first jump to the default login page of security (you can also customize the login page), as follows:
Enter the user name casually, and the password is the password printed in the log: 90d9e73a-490c-484b-b7c5-5cd75c634e2f
Click the login button to log in successfully and return a user. When the request is accessed again, it can now be accessed directly because it has been authenticated
At this point, the simplest security configuration is completed~
The above is the whole content of this article. I hope it will help you in your study, and I hope you will support us a lot.