Example Analysis of logout and access Control in springboot springsecuroty 01/19 Update SLTechnology News&Howtos

Example Analysis of logout and access Control in springboot springsecuroty

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Shulou(Shulou.com)06/01 Report--

Xiaobian to share with you springboot springsecurity logout and permission control problem example analysis, I believe most people still do not know how to share this article for your reference, I hope you read this article after a great harvest, let us go to understand it!

1 Account logout 1.1 Add a code to SecurityConfig to enable logout

src/main/java/com/lv/config/SecurityConfig.java

package com.lv.config; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security. config. annotation.web.configuration.EnableWebSecurity; import org. springframework. security. config. annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;//AOP : interceptor!@ AOP EnableWebSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter { //Authorization @Override public void configure(HttpSecurity http) throws Exception { //Home page can be accessed by everyone, function page can only be accessed by the corresponding authorized person //Request authorization rules ~(chain programming) http.authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/level1/** ").hasRole("vip1") .antMatchers("/level2/** ").hasRole("vip2") .antMatchers("/level3/** ").hasRole("vip3"); You don't have permission to access/index.php on this server. http.formLogin(); //Log out, open logout function, jump to the home page http.logout().logoutSuccessUrl("/"); //cross-site prevention tools, get,post http.csrf().disable();//disable csrf function, possible reasons for logout failure } //authentication,springboot 2.1.x can be used directly //Password Encoder:PasswordEncoder //Spring Security 5.0+ adds many encryption methods ~ protected void configure(AuthenticationManagerBuilder auth) throws Exception { //This data should normally be read from the database auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()) .withUser("lv").password(new BCryptPasswordEncoder().encode("123456")).roles("vip2","vip3") .and() .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3") .withUser("guest").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1");}1.2 Add logout button in index.html

src/main/resources/templates/index.html

Visit the login page and log into the guest account, which can access level1 pages

After logging in successfully, click on the level1 link, successfully jump to the level page, and then click the logout button

Go back to the home page and click on level1 again

Go to login page

Account cancellation successful

2 Permission control 2.1 Import integration dependencies for springsecurity and thymeleaf

pom.xml

org.thymeleaf.extras thymeleaf-extras-springsecurity4 3.0.2.RELEASE2.2 springboot version downgraded

pom.xml

org.springframework.boot spring-boot-starter-parent 2.0.9.RELEASE

The version of springboot must be lowered below 2.0.9, otherwise sec:authorize="isAuthenticated()" will not take effect. After the version is lowered, you need to manually import the junit dependency, otherwise the test class will report an error.

org.junit.jupiter junit-jupiter RELEASE test2.3 Introducing constraints

Add integration constraints for springsecurity and thymeleaf to the header file of index.html.

src/main/resources/templates/index.html

2.4 Modify page code

The main modifications are two parts, one part is to display the user name in the login state, and the logout button, and the login button is displayed without logging in through sec:authorize="isAuthenticated()". Another part is to display different page menus according to the login user's permissions, through sec:authorize="hasRole ('vip 1')" to achieve.

src/main/resources/templates/index.html

home home login User Name: cancellation Spring Security Study by

Level 1 Level-1-1 Level-1-2 Level-1-3 Level 2 Level-2-1 Level-2-2 Level-2-3 Level 3 Level-3-1 Level-3-2 Level-3-3 2.5 restart program test

No login page

The page display is different, and the permission control is successfully implemented.

The above is "springboot springsecurity logout and permissions control problems in the sample analysis" all the content of this article, thank you for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.