春のセキュリティ

権利管理(a)最初の知識の春-セキュリティ



Rights Management First Knowledge Spring Security



Pomファイル

Security component org.springframework.boot spring-boot-starter-security org.springframework.boot spring-boot-starter-web Hot deployment use org.springframework.boot spring-boot-devtools runtime org.projectlombok lombok true org.springframework.boot spring-boot-starter-test test org.springframework.security spring-security-test test

セキュリティ構成を構成する



package com.liuhy.springsecuritydemo.config import com.liuhy.springsecuritydemo.MyPasswordEncoder import com.liuhy.springsecuritydemo.MyUserDetailService import org.springframework.beans.factory.annotation.Autowired import org.springframework.context.annotation.Configuration import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter /** * @Auther: liuhy * @Date: 2018/12/6 15:30 */ @Configuration @EnableWebSecurity //Enable springSecurity // Inherited WebSecurityConfigurerAdapter and override its methods to set the details of web security public class WebSecutityConfig extends WebSecurityConfigurerAdapter { @Autowired private MyUserDetailService myUserDetailService /** * Define which URLs need to be protected and which are authorized by authorizeRequests() * No need to be protected. * For example, antMatchers('/','css','/js').permitAll() specifies that authentication is not required. * Use formLogin() to define the login page to go when the user is required to log in. */ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers('/').permitAll() .anyRequest().authenticated() .and() .formLogin() .and() .logout().permitAll() } /** * Add user * Username admin Password 123456 Role ADMIN */ @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder()) .withUser('admin') .password('123456').roles('ADMIN') auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder()) .withUser('liuhy') .password('123456').roles('USER') //auth.userDetailsService(myUserDetailService).passwordEncoder(new MyPasswordEncoder()) } }

MypasswordEncoder

エンコードは暗号化方法を定義し、一致は検証に使用されます



package com.liuhy.springsecuritydemo import org.springframework.security.crypto.password.PasswordEncoder import org.springframework.stereotype.Component /** * @Auther: liuhy * @Date: 2018/12/6 16:11 */ @Component public class MyPasswordEncoder implements PasswordEncoder { @Override public String encode(CharSequence charSequence) { return charSequence.toString() } @Override public boolean matches(CharSequence charSequence, String s) { return charSequence.toString().equals(s) } }

Spring-securityは、カスタムuserDetailを使用し、独自のライブラリテーブルなどを使用して続行します。 。 。