In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-09 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
How to add Spring-Security support, I believe that many inexperienced people do not know what to do, so this article summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.
Add maven dependencies:
Add configuration:
New package config: class SecurityConfig inherits from WebSecurityConfigurerAdapter.
Configure (HttpSecurity http) method: configure the web path and the corresponding permissions within this method
Http.authorizeRequests () .antMatchers (...): configure the web path
PermitAll (), .hasRole (), .hasAnyRole, etc.: configure permissions corresponding to the web path.
For example: .antMatch ("/ manage/**") .hasRole ("ADMIN")
Represents all addresses and resources under the path / manage, which can only be accessed by users with the ROLE_ADMIN role.
.formLogin () .loginPage ("/ login") / / specifies the login page
.roomForwardUrl ("/ sign_in") .failureUrl ("/ sign_in")
Specify the path (GET) for callback after the completion of spring-security authentication (success / failure). This path is usually our own controller method, in which login feedback can be defined. For more information, please see the project code.
.logout () .logoutRequestMatcher (new AntPathRequestMatcher ("/ logout")) .logout ("/") .permitAll (): defines the path to logout, and the method is accessible to all users.
Configure (AuthenticationManagerBuilder auth): configure a custom security authentication class within this method
Auth.authenticationProvider (securityEncrypt): custom authentication
Auth.userDetailsService (customUserService): custom authenticated user information service
At this point, the path already has security features. Login authentication and user role resource management are described below
Login authentication process:
SecurityConfig.configure: find the user authentication provider-> SecurityEncrypt
SecurityEncrypt.authenticate: authenticate user credentials
CustomUserService.loadUserByUsername: loading user database user information
Password match:
Failed: an authentication exception was thrown
Success: return authenticated user information
The password in the actual project is encrypted, so you need to customize the authentication scheme. This project uses BCrypt encryption. The specific code can be found in the EncryptUtil tool class.
Create class: SecurityEncrypt, custom authentication
Authenticate (Authentication authentication): this method matches the user input information
Authentication.getName (): user name entered by the user
Authentication.getCredentials (): password entered by the user
UserDetails user = userService.loadUserByUsername (username): load database user information by user name
After authentication is completed (success / failure) callback / sign_in.
Create a class: CustomUserService, custom load database user information, while loading the user's role and role access information to the resource.
Configure the actions after the authentication is completed:
Principal: authenticated object. Null indicates authentication failed.
SPRING_SECURITY_SAVED_REQUEST: spring-security saves the properties in session and saves the page before authentication. If the attribute is not null, it can be passed to the page for js to jump, that is, to jump to the page before authentication after authentication.
Configure access to a method:
@ PreAuthorize: check whether the user has the corresponding permissions before the method is executed. Available values:
Configure permissions in the Thymeleaf page: hello.html
Xmlns:sec= "http://www.thymeleaf.org/extras/spring-security": imports security tags
Sec:authorize= "hasRole ('USER')": this permission is required to display this object
In the github project, I defined two user roles and two resource access permissions
Roles (Roles): note: do not add the default prefix for user roles in spring-security when it is configured after ROLE_,.
ROLE_USER: indicates that the user is logged in. This role is automatically assigned to the user when he registers.
ROLE_ADMIN: the highest authority role in the current project
Role permissions (Privilege)
User:* indicates that the user has registered access to resources, corresponding to ROLE_USER
Global:* represents the highest privilege, and this type of user can access all resources, corresponding to ROLE_ADMIN
The relevant permissions are initialized automatically when the project is started.
A brief background management has been added to this project to save the article information of the official account.
After reading the above, do you know how to add Spring-Security support? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.