学习Security配置Demo1
@Configuration @EnableWebSecurity //继承WebSecurityConfigurerAdapter 实现自定义认证用户身份信息 @EnableGlobalMethodSecurity(prePostEnabled = true) public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Override protected void configure(HttpSecurity http) throws Exception { //表单提交 http.formLogin() //登陆界面 .loginPage("/login.html") //登录处理的请求 .loginProcessingUrl("/login") //登录成功之后跳转的页面,post请求 // .successForwardUrl("/toMain") .successHandler(new MyAuthenticationSuccessHandler("/main.html")) //登陆失败之后跳转的页面,post请求 .failureForwardUrl("/toError"); //授权 http.authorizeRequests() //放行 error.html,不需要认证 .antMatchers("/error.html").permitAll() //放行 login.html,不需要认证 .antMatchers("/login.html").permitAll() //放行静态资源 .antMatchers("/css/**","/js/**","/images/**").permitAll() //放行后缀.png,正则表达式 .regexMatchers("[.]png").permitAll() //指定放行的请求方法 .regexMatchers(HttpMethod.POST,"[.]png").permitAll() //所有请求都必须认证才能访问,必须登录 .anyRequest() //认证 .authenticated() .and() //关闭csrf防护 .csrf().disable(); } @Override //验证管理 protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder()); } public PasswordEncoder getPw() { return new BCryptPasswordEncoder(); } }
