Spring Security实现权限管理（用户、角色、权限）

项目地址：[Git下载](https://github.com/hnust-xijing/SpringSecurityAuthority.git) 或者  [去项目地址下载](https://github.com/hnust-xijing/SpringSecurityAuthority)

整合spring security

1,创建maven，pom.xml

```xml

<parent>

   <groupId>org.springframework.boot</groupId>

   <artifactId>spring-boot-parent</artifactId>

   <version>2.1.5.RELEASE</version>

</parent>

<dependencies>

   <dependency>

       <groupId>org.springframework.boot</groupId>

       <artifactId>spring-boot-starter-web</artifactId>

   </dependency>

   <dependency>

       <groupId>org.springframework.boot</groupId>

       <artifactId>spring-boot-starter-thymeleaf</artifactId>

   </dependency>

   <dependency>

       <groupId>org.springframework.boot</groupId>

       <artifactId>spring-boot-starter-security</artifactId>

   </dependency>

</dependencies>

```

2，创建Handler

```java

package com.shuang.controller;

import org.springframework.stereotype.Controller;

import org.springframework.web.bind.annotation.GetMapping;

@Controller

public class HelloHandler {

   @GetMapping("/index")

   public String index(){

       return "index";

   }

}

```

3，创建HTML

```html

<!DOCTYPE html>

<html lang="en">

<head>

   <meta charset="UTF-8">

   <title>title</title>

</head>

<body>

   <h1>hello world!</h1>

</body>

</html>

```

4，创建application.yml

```xml

spring:

 thymeleaf:

   prefix: classpath:/templates/

   suffix: .html

```

5，创建启动类Application

```java

package com.shuang;

import org.springframework.boot.SpringApplication;

import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication

public class Application {

   public static void main(String[] args) {

       SpringApplication.run(Application.class,args);

   }

}

```

6，设置自定义密码（springsecurity会默认生成登录界面，默认用户名为：admin，密码控制台会输出）

```xml

spring:

 thymeleaf:

   prefix: classpath:/templates/

   suffix: .html

 security:

   user:

     name: admin

     password: 123123

```

## 权限管理

定义两个HTML资源：index.html、admin.html，同时定义两个角色ADMIN和USER，

ADMIN拥有访问index.html和admin.html的权限，USER只有访问index.html的权限。

7，创建securityConfig类。

```java

package com.shuang.config;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration

@EnableWebSecurity

public class SecurityConfig extends WebSecurityConfigurerAdapter {

   @Override

   protected void configure(HttpSecurity http) throws Exception {

       http.authorizeRequests().antMatchers("/admin").hasRole("ADMIN")

               .antMatchers("/index").access("hasRole('ADMIN') or hasRole('USER')")

               .anyRequest().authenticated()

               .and()

               .formLogin()

               .loginPage("/login")

               .permitAll()

               .and()

               .logout()

               .permitAll()

               .and()

               .csrf()

               .disable();

   }

   @Override

   protected void configure(AuthenticationManagerBuilder auth) throws Exception {

       auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder())

       .withUser("user").password(new MyPasswordEncoder().encode("000"))

       .roles("USER")

       .and()

       .withUser("admin").password(new MyPasswordEncoder().encode("123"))

       .roles("ADMIN","USER");

   }

}

```

8，修改Handler

```java

package com.shuang.controller;

import org.springframework.stereotype.Controller;

import org.springframework.web.bind.annotation.GetMapping;

@Controller

public class HelloHandler {

   @GetMapping("/index")

   public String index(){

       return "index";

   }

   @GetMapping("/admin")

   public String admin(){

       return "admin";

   }

   @GetMapping("/login")

   public String login(){

       return "login";

   }

}

```

9，login.html

```html

<!DOCTYPE html>

<html xmlns:th="http://wwww.thymeleaf.org">

<head>

   <meta charset="UTF-8">

   <title>Title</title>

</head>

<body>

   <form th:action="@{/login}" method="post">

       用户名:<input type="text" name="username"/><br/>

       密码:<input type="text" name="password"/><br/>

       <input type="submit" value="登录"/>

   </form>

</body>

</html>

```

10，index.html

```html

<!DOCTYPE html>

<html lang="en">

<head>

   <meta charset="UTF-8">

   <title>title</title>

</head>

<body>

   <h1>hello world!</h1>

   <form action="/logout" method="post">

       <input type="submit" value="退出"/>

   </form>

</body>

</html>

```

11.admin.html

```html

<!DOCTYPE html>

<html lang="en">

<head>

   <meta charset="UTF-8">

   <title>Title</title>

</head>

<body>

   <h1>后台管理系统</h1>

   <form action="/logout" method="post">

       <input type="submit" value="退出">

   </form>

</body>

</html>

```