Shulou(Shulou.com)06/03 Report--

Introduction to Spring Security

The core functions of spring security are Authentication and Authorization, that is, whether users can access the system and what operations authorized users can do in the system.

Introduction of spring security components

Add to pom.xml

Org.springframework.boot spring-boot-starter-security org.springframework.security spring-security-test test

To verify whether the component works, do not change anything in the framework now, start the project, and still enter http://localhost:8080 in the browser. You can see the following interface. You can directly enter the initial interface of spring boot, but now you can no longer see it. Verification has been enabled by default after spring security import, and you must log in to verify before you can access it.

If nothing is set in the code, the default account is user, and the default password will be printed in the console as the project starts.

Enter the account password to enter the default initial interface.

Code actual combat

In order to get the fastest, simplest and most direct understanding of this component, write the user password directly into memory, and the project will exist as soon as it starts, avoiding the creation of tables, entity classes, database operations and other unrelated content. Naming uses the simplest and roughest way, eliminating all interference and mastering the use of the component with the least effort.

New code directory

Index.html

Title SPRING BOOT!

Error.html

Title error

UserController

Package com.example.controller;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.ResponseBody;@Controller@RequestMapping ("user") public class UserController {@ RequestMapping ("/ addUser") @ ResponseBody String addUser () {return "this is adding users!!" ;} @ RequestMapping ("/ deleteUser") @ ResponseBody String deleteUser () {return "this is deleting the user!!" ;} @ RequestMapping ("/ updateUser") @ ResponseBody String updateUser () {return "this is modifying the user!!" ;} @ RequestMapping ("/ findAllUsers") @ ResponseBody String findAllUsers () {return "this is querying the user!!" ;}}

UserSecurityConfig

Package com.example.config;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter / / Note enable Spring Security Security Authentication and Authorization @ EnableWebSecuritypublic class UserSecurityConfig extends WebSecurityConfigurerAdapter {/ / user Authentication @ Override protected void configure (AuthenticationManagerBuilder auth) throws Exception {/ / auth.inMemoryAuthentication () .passwordEncoder (new MyPasswordEncoder ()) / / add user, password Role .withUser ("zs"). Password ("123456"). Roles ("AAA") / / chained programming. And (). WithUser ("ls"). Password ("123456"). Roles ("BBB"). And (). WithUser ("ww"). Password ("123456"). Roles ("CCC") "primary") .and () .withUser ("zl") .password ("123456") .roles ("primary") } / / user authorization @ Override protected void configure (HttpSecurity http) throws Exception {/ * permitAll (): allow all users to access * hasRole (): roles that url requests allow access * hasAnyRole (): multiple roles that url requests allow access * access (): roles that allow access PermitAll, hasRole and hasAnyRole all call the access method * access ("permitAll") equivalent to permitAll () * / http.authorizeRequests () .antMatchers ("/") .permitAll () / / "/": on the home page of the application, all users can access http.authorizeRequests () .antMatrices ("/ user/addUser"). HasRole ("AAA") / / leading slash "/" indicates the application context, and / user/addUser requests to allow AAA roles to access .antMatrices ("/ user/deleteUser/**") .matrices ("AAA"). "BBB") / / "/ user/deleteUser/**" allows "AAA", "BBB" roles to access / * * match any .antMatrices ("/ user/updateUser"). HasAnyRole ("AAA", "BBB", "CCC") / / in addition to this chain programming, you can also write .antMatrices ("/ user/findAllUsers"). Access ("permitAll") separately. Http.authorizeRequests (). AnyRequest (). Authenticated () / * formLogin: specifies support for form-based authentication * automatically redirects to the login page (default / login) when the user is not logged in or has no permissions (default / login) * when the login fails, the default jump to / http.formLogin () will be released when the login is successful;}}

MyPasswordEncoder

Package com.example.config;import org.springframework.security.crypto.password.PasswordEncoder;// password encoding must be performed in the higher version of Spring Security, otherwise an error public class MyPasswordEncoder implements PasswordEncoder {@ Override public String encode (CharSequence charSequence) {return charSequence.toString ();} @ Override public boolean matches (CharSequence charSequence, String s) {return s.equals (charSequence.toString ());}} will be reported.

The effect of personal test is

Log in with the user name zs (the role permission is AAA), you can enter the system, the browser enters the address and you can access it, localhost:8080,localhost:8080/user/addUser,localhost:8080/user/deleteUser,localhost:8080/user/updateUser,localhost:8080/user/findAllUsers

Log in with the user name ls (the role permission is BBB), you can enter the system, the browser enters the address and you can access it, localhost:8080,localhost:8080/user/deleteUser,localhost:8080/user/updateUser,localhost:8080/user/findAllUsers

Log in with the user name ww (the role permission is CCC), you can enter the system, the browser enters the address and you can access it, localhost:8080,localhost:8080/user/deleteUser,localhost:8080/user/updateUser,localhost:8080/user/findAllUsers

Log in with the user name zl (the role permission is CCC), you can enter the system, the browser enters the address and you can access it, localhost:8080,localhost:8080/user/updateUser,localhost:8080/user/findAllUsers

Log in with the user name admin and cannot enter the system because the user is not yet in the system.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.