springboot-19-security(完)

Author: clown-coding

springboot-19-security/doc/README.md

@@ -0,0 +1,96 @@
+# ***SpringBoot-Security***
+
+* **[SpringSecurity官方文档](https://docs.spring.io/spring-security/site/docs/5.1.3.RELEASE/reference/htmlsingle/)**
+* **[SpringSecurity官方简单案例](https://docs.spring.io/spring-security/site/docs/current/guides/html5//)**
+## **引入Security依赖**
+```java
+<dependencies>
+    <!-- Security -->
+    <dependency>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-security</artifactId>
+    </dependency>
+
+    <!-- thymeleaf-extras-springsecurity5 -->
+    <dependency>
+        <groupId>org.thymeleaf.extras</groupId>
+        <artifactId>thymeleaf-extras-springsecurity5</artifactId>
+        <version>3.0.4.RELEASE</version>
+    </dependency>
+
+    <!-- 引入thymeleaf依赖 -->
+    <dependency>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-thymeleaf</artifactId>
+    </dependency>
+
+    <!-- 引入layout组件依赖 -->
+    <dependency>
+        <groupId>nz.net.ultraq.thymeleaf</groupId>
+        <artifactId>thymeleaf-layout-dialect</artifactId>
+    </dependency>
+</dependencies>
+```
+
+## **编写SpringSecurity的配置类**
+```java
+@EnableWebSecurity
+public class MySecurityConfig extends WebSecurityConfigurerAdapter {
+
+    //控制请求的访问权限
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+
+        //定义授权规则
+        http.authorizeRequests()
+                //对根目录下的所有访问放行
+                .antMatchers("/").permitAll()
+                //访问level1下的页面需要VIP1级别
+                .antMatchers("/level1/**").hasRole("VIP1")
+                .antMatchers("/level2/**").hasRole("VIP2")
+                .antMatchers("/level3/**").hasRole("VIP3");
+
+        /**
+         * 开启登录功能,如果没有权限就会来到登录页面
+         * formLogin的功能
+         *  1. /login来到登录页面
+         *  2. 重定向到login?error表示登录失败
+         *  3. 默认post形式的/login代表处理登录
+         *  4. 一旦定制loginPage,那么loginPage的post请求就是登录
+         */
+        http.formLogin()
+                .usernameParameter("user")
+                .passwordParameter("password")
+                .loginPage("/userlogin");
+
+        /**
+         * 开启自动配置的注销功能,注销成功以后来到welcome.html
+         * 访问/logout表示用户注销,清空session
+         */
+        http.logout().logoutSuccessUrl("/");
+
+        /**
+         * 开启记住我功能
+         * 登录成功后,将cookie发给浏览器保存,再次进入网页,只要通过检查cookie就可以免登陆
+         * 点击注销,删除cookie
+         *
+         */
+        http.rememberMe().rememberMeParameter("rememberMe");
+    }
+
+    //定义认证规则
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        //从内存中获取,springSecurity 5.0 的加密方式是{id}………… id为加密方式
+        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
+                .withUser("zhang")
+                .password(new BCryptPasswordEncoder().encode("123456")).roles("VIP1","VIP2")
+                .and()
+                .withUser("li")
+                .password(new BCryptPasswordEncoder().encode("123456")).roles("VIP2","VIP3")
+                .and()
+                .withUser("wang")
+                .password(new BCryptPasswordEncoder().encode("123456")).roles("VIP1","VIP3");
+    }
+}
+```

springboot-19-security/pom.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>SpringBootLearn</artifactId>
+        <groupId>com.clown</groupId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>springboot-19-security</artifactId>
+
+    <dependencies>
+
+        <!-- Security -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+        <!-- thymeleaf-extras-springsecurity5 -->
+        <dependency>
+            <groupId>org.thymeleaf.extras</groupId>
+            <artifactId>thymeleaf-extras-springsecurity5</artifactId>
+            <version>3.0.4.RELEASE</version>
+        </dependency>
+
+        <!-- 引入thymeleaf依赖 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
+
+        <!-- 引入layout组件依赖 -->
+        <dependency>
+            <groupId>nz.net.ultraq.thymeleaf</groupId>
+            <artifactId>thymeleaf-layout-dialect</artifactId>
+        </dependency>
+    </dependencies>
+</project>

springboot-19-security/src/main/java/com/clown/security/SecurityApplication.java

@@ -0,0 +1,15 @@
+package com.clown.security;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+/**
+ * @author: Richard·Ackerman
+ * @create: 2019/1/24
+ **/
+@SpringBootApplication
+public class SecurityApplication {
+    public static void main(String[] args){
+        SpringApplication.run(SecurityApplication.class);
+    }
+}

springboot-19-security/src/main/java/com/clown/security/config/MySecurityConfig.java

@@ -0,0 +1,71 @@
+package com.clown.security.config;
+
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+/**
+ * @author: Richard·Ackerman
+ * @create: 2019/1/24
+ **/
+@EnableWebSecurity
+public class MySecurityConfig extends WebSecurityConfigurerAdapter {
+
+    //控制请求的访问权限
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+
+        //定义授权规则
+        http.authorizeRequests()
+                //对根目录下的所有访问放行
+                .antMatchers("/").permitAll()
+                //访问level1下的页面需要VIP1级别
+                .antMatchers("/level1/**").hasRole("VIP1")
+                .antMatchers("/level2/**").hasRole("VIP2")
+                .antMatchers("/level3/**").hasRole("VIP3");
+
+        /**
+         * 开启登录功能,如果没有权限就会来到登录页面
+         * formLogin的功能
+         *  1. /login来到登录页面
+         *  2. 重定向到login?error表示登录失败
+         *  3. 默认post形式的/login代表处理登录
+         *  4. 一旦定制loginPage,那么loginPage的post请求就是登录
+         */
+        http.formLogin()
+                .usernameParameter("user")
+                .passwordParameter("password")
+                .loginPage("/userlogin");
+
+        /**
+         * 开启自动配置的注销功能,注销成功以后来到welcome.html
+         * 访问/logout表示用户注销,清空session
+         */
+        http.logout().logoutSuccessUrl("/");
+
+        /**
+         * 开启记住我功能
+         * 登录成功后,将cookie发给浏览器保存,再次进入网页,只要通过检查cookie就可以免登陆
+         * 点击注销,删除cookie
+         *
+         */
+        http.rememberMe().rememberMeParameter("rememberMe");
+    }
+
+    //定义认证规则
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        //从内存中获取,springSecurity 5.0 的加密方式是{id}………… id为加密方式
+        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
+                .withUser("zhang")
+                .password(new BCryptPasswordEncoder().encode("123456")).roles("VIP1","VIP2")
+                .and()
+                .withUser("li")
+                .password(new BCryptPasswordEncoder().encode("123456")).roles("VIP2","VIP3")
+                .and()
+                .withUser("wang")
+                .password(new BCryptPasswordEncoder().encode("123456")).roles("VIP1","VIP3");
+    }
+}

springboot-19-security/src/main/java/com/clown/security/controller/KungFuController.java

@@ -0,0 +1,61 @@
+package com.clown.security.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+
+@Controller
+public class KungFuController {
+
+	private final String PREFIX = "pages/";
+	/**
+	 * 欢迎页
+	 * @return
+	 */
+	@GetMapping("/")
+	public String index() {
+		return "welcome";
+	}
+	
+	/**
+	 * 登陆页
+	 * @return
+	 */
+	@GetMapping("/userlogin")
+	public String loginPage() {
+		return PREFIX+"login";
+	}
+	
+	
+	/**
+	 * level1页面映射
+	 * @param path
+	 * @return
+	 */
+	@GetMapping("/level1/{path}")
+	public String level1(@PathVariable("path")String path) {
+		return PREFIX+"level1/"+path;
+	}
+	
+	/**
+	 * level2页面映射
+	 * @param path
+	 * @return
+	 */
+	@GetMapping("/level2/{path}")
+	public String level2(@PathVariable("path")String path) {
+		return PREFIX+"level2/"+path;
+	}
+	
+	/**
+	 * level3页面映射
+	 * @param path
+	 * @return
+	 */
+	@GetMapping("/level3/{path}")
+	public String level3(@PathVariable("path")String path) {
+		return PREFIX+"level3/"+path;
+	}
+
+
+}

springboot-19-security/src/main/resources/application.yml

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Insert title here</title>
+</head>
+<body>
+	<a th:href="@{/}">返回</a>
+	<h1>罗汉拳</h1>
+	<p>罗汉拳站当央,打起来不要慌</p>
+</body>
+</html>

springboot-19-security/src/main/resources/resources/favicon.ico

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Insert title here</title>
+</head>
+<body>
+	<a th:href="@{/}">返回</a>
+	<h1>武当长拳</h1>
+	<p>长一点在长一点</p>
+</body>
+</html>

springboot-19-security/src/main/resources/templates/pages/level1/1.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Insert title here</title>
+</head>
+<body>
+	<a th:href="@{/}">返回</a>
+	<h1>全真剑法</h1>
+	<p>全都是真的</p>
+</body>
+</html>