Shulou(Shulou.com)06/02 Report--

Editor to share with you how to integrate SpringBoot Spring Security, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to understand it!

I. Preface

Both Spring Security and Apache Shiro are security frameworks that provide authentication and authorization for Java applications.

The difference between the two

Spring Security: a heavyweight security framework

Apache Shiro: lightweight Security Framework

About the authority authentication and authorization of shiro, you can refer to another article of the editor: SpringBoot integrates Shiro to realize dynamic loading of permissions.

Https://blog.csdn.net/qq_38225558/article/details/101616759

Second, SpringBoot integrated Spring Security entry experience basic environment: springboot 2.1.81, introduction of Spring Security dependency org.springframework.boot spring-boot-starter-security2, new controller test access @ RestControllerpublic class IndexController {@ GetMapping ("/ index") public String index () {return "Hello World ~";}} 3, run the project to access http://127.0.0.1:8080/index

Warm Tip: without any configuration, the default user name given by Spring Security is user password, which is a string randomly generated when the project starts and runs, which will be printed on the console, as shown below:

When we visit the index home page, the system will jump to the login page by default for login authentication

Only after successful authentication will you jump to our index page.

III. Spring Security user password configuration

In addition to the random string generated by the user's user password given by default by Spring Security above when the project starts, we can also configure it in the following ways

1. Configure spring: security: user: name: admin # username password: 123456 # password 2 in springboot configuration file. Java code is configured in memory.

New Security core configuration class inherits WebSecurityConfigurerAdapter

@ Configuration@EnableWebSecurity / / Spring Security-enabled Web security support public class SecurityConfig extends WebSecurityConfigurerAdapter {/ * set users in memory * @ param auth * @ throws Exception * / @ Autowired public void config (AuthenticationManagerBuilder auth) throws Exception {/ / configure users in memory Configure multiple users to call the `user () `method auth.inMemoryAuthentication () .passwordEncoder (passwordEncoder ()) / specify the encryption method .withUser ("admin") .password (passwordEncoder (). Encode ("123456"). Roles ("ADMIN"). And () .withUser ("test") .password (passwordEncoder (). Encode ( "123456"). Roles ("USER") } @ Bean public PasswordEncoder passwordEncoder () {/ / BCryptPasswordEncoder:Spring Security encryption tool, which can quickly encrypt and salt return new BCryptPasswordEncoder ();}} 3. Obtain user account and password information from the database.

This is the way we usually use in our projects, and we'll talk about it later in the article.

Fourth, Spring Security login processing and ignore interception

The relevant code is annotated. I believe it is easy to understand.

@ Configuration@EnableWebSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter {/ * login processing * @ param http * @ throws Exception * / @ Override protected void configure (HttpSecurity http) throws Exception {/ / enable login configuration http.authorizeRequests () / / identify access to `/ index` Need to have the role of `ADMIN` .antMatch.hasRole ("ADMIN") / / allow anonymous url-can be understood as release interface-multiple interfaces are used, split .antMatching ("/") "/ home") .permitAll () / / all remaining requests need to be authenticated .anyRequest () .authenticated () .and () / set the login authentication page .formLogin () .loginPage ("/ login") / / the processing interface after successful login -method ① .loginProcessingUrl ("/ home") / / Custom login user name and password attribute name Default is username and password .usernameParameter ("username") .passwordParameter ("password") / / processor after successful login-② / / .userHandler ((req, resp, authentication)-> {/ / resp.setContentType ("application/json") Charset=utf-8 "); / / PrintWriter out = resp.getWriter (); / / out.write (" login succeeded... "); / / out.flush () / / configure callback for login failure. FailureHandler ((req, resp, exception)-> {resp.setContentType ("application/json;charset=utf-8"); PrintWriter out = resp.getWriter (); out.write ("login failed...") Out.flush () }) .permitAll () / / all interfaces related to form login are directly through .and () .logout () .logout ("/ logout") / / configure the callback for successful logout. LogoutSuccessHandler ((req, resp) Authentication)-> {resp.setContentType ("application/json Charset=utf-8 "); PrintWriter out = resp.getWriter (); out.write (" logout successful... "); out.flush () }) .permitAll () .and () .httpBasic () .and () / close CSRF cross-domain .csrf () .disable () } / * ignore interception * @ param web * @ throws Exception * / @ Override public void configure (WebSecurity web) throws Exception {/ / set intercept ignore url-will filter the url directly-will not pass through the Spring Security filter chain web.ignoring () .antMatchers ("/ getUserInfo") / / set the blocking ignore folder to release web.ignoring (). AntMatchers ("/ css/**", "/ js/**") for static resources;}} these are all the contents of the article "how SpringBoot integrates Spring Security". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.