快速创建应用
采用Springboot、Maven、jdk8,快速创建一个Web应用。
基础访问类编写
package com.example.demo.controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; /** * * @author 小隐乐乐 * @since 2020/11/8 19:44 */ @RestController @RequestMapping("/api") public class HelloController { @GetMapping("/hello") public String hello() { return "hello guys"; } }
配置文件修改
application.properties
添加端口信息
server.port=8000
POM
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.3.5.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.example</groupId> <artifactId>demo</artifactId> <version>0.0.1-SNAPSHOT</version> <name>demo</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> <exclusions> <exclusion> <groupId>org.junit.vintage</groupId> <artifactId>junit-vintage-engine</artifactId> </exclusion> </exclusions> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
测试应用
启动应用,访问接口 : localhost:8000/api/hello
应用创建成功。
添加Spring Boot Security支持
POM
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.3.5.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.example</groupId> <artifactId>demo</artifactId> <version>0.0.1-SNAPSHOT</version> <name>demo</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> <exclusions> <exclusion> <groupId>org.junit.vintage</groupId> <artifactId>junit-vintage-engine</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
测试应用
启动应用,日志如下:
Springboot Security会创建一个用户,还有一个请求安全链。用户默认用户名user 密码,随机生成,打印在启动日志中,此时为abfb4748-61e9-45d8-bc22-72a21d45df6a
测试应用,访问接口 : localhost:8000/api/hello
页面自动跳转到登录页面
输入用户名、密码,之后会跳转到接口响应页面
用户名密码修改
可以在配置文件中自定义,用户名/密码
application.properties
server.port=8000 spring.security.user.name=levi spring.security.user.password=123456
MVC Security
默认的安全配置在SecurityAutoConfiguration和UserDetailsServiceAutoConfiguration中实现。SecurityAutoConfiguration实现SpringBootWebSecurityConfigurationWeb安全性并通过UserDetailsServiceAutoConfiguration配置身份验证,这在非Web应用程序中也很重要。要完全关闭默认的Web应用程序安全性配置或合并多个Spring Security组件(例如OAuth 2 Client和Resource Server),请添加一个类型的bean WebSecurityConfigurerAdapter(这样做不会禁用UserDetailsService配置或Actuator的安全性)。
为了关闭UserDetailsService的配置,可以添加类型的UserDetailsService,AuthenticationProvider或AuthenticationManager。
可以通过添加自定义来覆盖访问规则WebSecurityConfigurerAdapter。Spring Boot提供了便利的方法,可用于覆盖执行器端点和静态资源的访问规则。EndpointRequest可用于创建RequestMatcher基于management.endpoints.web.base-path属性的。PathRequest可用于RequestMatcher在常用位置创建for资源。
详细可以参考官方文档介绍 https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-security
