快速创建应用
采用Springboot、Maven、jdk8,快速创建一个Web应用。
基础访问类编写
package com.example.demo.controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; /** * * @author 小隐乐乐 * @since 2020/11/8 19:44 */ @RestController @RequestMapping("/api") public class HelloController { @GetMapping("/hello") public String hello() { return "hello guys"; } }
配置文件修改
application.properties
添加端口信息
server.port=8000
POM
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.3.5.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.example</groupId> <artifactId>demo</artifactId> <version>0.0.1-SNAPSHOT</version> <name>demo</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> <exclusions> <exclusion> <groupId>org.junit.vintage</groupId> <artifactId>junit-vintage-engine</artifactId> </exclusion> </exclusions> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
测试应用
启动应用,访问接口 : localhost:8000/api/hello
应用创建成功。
添加Spring Boot Security支持
POM
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.3.5.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.example</groupId> <artifactId>demo</artifactId> <version>0.0.1-SNAPSHOT</version> <name>demo</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> <exclusions> <exclusion> <groupId>org.junit.vintage</groupId> <artifactId>junit-vintage-engine</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>orgspringframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
测试应用
启动应用,日志如下:
Springboot Security会创建一个用户,还有一个请求安全链。用户默认用户名user 密码,随机生成,打印在启动日志中,此时为abfb4748-61e9-45d8-bc22-72a21d45df6a
测试应用,访问接口 : localhost:8000/api/hello
页面自动跳转到登录页面
输入用户名、密码,之后会跳转到接口响应页面
用户名密码修改
可以在配置文件中自定义,用户名/密码
application.properties
server.port=8000 spring.security.user.name=levi spring.security.user.password=123456
MVC Security
默认的安全配置在SecurityAutoConfiguration和UserDetailsServiceAutoConfiguration中实现。 SecurityAutoConfiguration实现SpringBootWebSecurityConfigurationWeb安全性并通过UserDetailsServiceAutoConfiguration配置身份验证,这在非Web应用程序中也很重要。要完全关闭默认的Web应用程序安全性配置或合并多个Spring Security组件(例如OAuth 2 Client和Resource Server),请添加一个类型的bean WebSecurityConfigurerAdapter(这样做不会禁用UserDetailsService配置或Actuator的安全性)。
为了关闭UserDetailsService的配置,可以添加类型的UserDetailsService,AuthenticationProvider或AuthenticationManager。
可以通过添加自定义来覆盖访问规则WebSecurityConfigurerAdapter。Spring Boot提供了便利的方法,可用于覆盖执行器端点和静态资源的访问规则。 EndpointRequest可用于创建RequestMatcher基于management.endpoints.web.base-path属性的。 PathRequest可用于RequestMatcher在常用位置创建for资源。
详细可以参考官方文档介绍 docs.spring.io/spring-boot…
开发配置类
用于自定义拦截配置
package com.example.demo.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; /** * @author 小隐乐乐 * @since 2020/11/8 20:20 */ @Configuration public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .antMatchers("/api/signin").permitAll() .anyRequest().authenticated() .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Bean @Override public UserDetailsService userDetailsService() { UserDetails user = User.withDefaultPasswordEncoder() .username("user") .password("password") .roles("USER") .build(); return new InMemoryUserDetailsManager(user); } }
开发登录实体类
用于完成登录实体
package com.example.demo.dto; import com.sun.istack.internal.NotNull; /** * @author 小隐乐乐 * @since 2020/11/8 20:22 */ public class SigninDto { @NotNull private String username; @NotNull private String password; protected SigninDto() {} public SigninDto(String username, String password) { this.username = username; this.password = password; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } }
改造controller
package com.example.demo.controller; import com.example.demo.dto.SigninDto; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.web.bind.annotation.*; import javax.validation.Valid; /** * * @author 小隐乐乐 * @since 2020/11/8 19:44 */ @RestController @RequestMapping("/api") public class HelloController { @Autowired private AuthenticationManager authenticationManager; @GetMapping("/hello") public String hello() { return "hello guys"; } @PostMapping("/signin") public Authentication signIn(@RequestBody @Valid SigninDto signInDto) { return authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(signInDto.getUsername(), signInDto.getPassword())); } }
