使用简单的内存模式进行thymeleaf+springsecurity整合
1. 创建项目后倒入maven
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
<version>3.0.4.RELEASE</version>
</dependency>
2. 创建控制器
image.png
package com.example.redpack.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class RouteController {
@RequestMapping({"/","index"})
public String index(){
return "index";
}
@RequestMapping("level1/1")
public String level1(){
return "level1/1";
}
@RequestMapping("level2/1")
public String level2(){
return "level2/1";
}
@RequestMapping("level3/1")
public String level3(){
return "level3/1";
}
}
3. 创建SecurityConfig
image.png
package com.example.redpack.config;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//认证
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// super.configure(auth);
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("test").password(new BCryptPasswordEncoder().encode("test")).roles("level1", "level2", "level3")
.and()
.withUser("guest").password(new BCryptPasswordEncoder().encode("guest")).roles("level1");
}
//授权
@Override
protected void configure(HttpSecurity http) throws Exception {
// super.configure(http);
//授权用户角色可以访问
http.authorizeRequests()
.antMatchers("/", "/index").permitAll()
.antMatchers("/level1/**").hasRole("level1")
.antMatchers("/level2/**").hasRole("level2")
.antMatchers("/level3/**").hasRole("level3");
http.csrf().disable();//关闭csrf,不能get请求logout
http.formLogin();//开启登录,必须开启,否则无法使用认证
http.formLogin().usernameParameter("username").passwordParameter("password");//设置表单的username和password,方便自定义
http.rememberMe();
}
}
4. 创建html页面
//index.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h2>index</h2>
fds
<ul>
<div sec:authorize="isAuthenticated()">
<div sec:authentication="name"></div>
<a href="/logout">退出</a>
</div>
<div sec:authorize="isAnonymous()">
<a href="/login">登录</a>
</div>
<li sec:authorize="hasRole('level1')"><a href="/level1/1">level1</a></li>
<li sec:authorize="hasRole('level2')"><a href="/level2/1">level2</a></li>
<li sec:authorize="hasRole('level3')"><a href="/level3/1">level3</a></li>
</ul>
</body>
</html>
其他页面内容省略只是测试能否实现权限控制。
5. 效果
guest用户登录,没有level2和level3菜单
test用户登录,所有的菜单都显示
6. 注意事项
maven版本和index.html页面内的xml路径,尤其是xmlns:sec。
sec标签参考: https://github.com/thymeleaf/thymeleaf-extras-springsecurity
网友评论