springboot+spring security 权限验证

ps:度娘是万能的，还是做下笔记

springboot进坑请移步大神博客胡小海丶
基于springboot做security权限验证

<!--基于springBoot 1.4.5.RELEASE-->
<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.4.5.RELEASE</version>
</parent>

1.不多说先导包：pom.xml

<!-- For SpringSecurity -->
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--For Springframework Security-->
<dependency>  
    <groupId>org.springframework.security</groupId>  
    <artifactId>spring-security-taglibs</artifactId>  
</dependency>

2.java注解配置：SecurityConfig.java

@EnableWebSecurity()
public class SecurityConfig extends WebSecurityConfigurerAdapter {
      @Override
      protected void configure(HttpSecurity http) throws Exception {
         /**
         * .anyRequest() :全部拦截：配置权限
         */
        http.authorizeRequests().anyRequest().hasRole("USER")//权限ROLE_USER
                .and().formLogin().loginPage("/loginPage")//登录页面
                .loginProcessingUrl("/login")//登录请求（自带）
                .defaultSuccessUrl("/")//成功之后
                .failureUrl("/loginPage")//失败之后
                .permitAll()
                .and().exceptionHandling().accessDeniedPage("/accessdenied")//没有权限的页面
                .and().logout().logoutUrl("/logout")//登出(自带)
                .logoutSuccessUrl("/loginPage").invalidateHttpSession(true)//登出之后的页面和清楚session
        http.rememberMe()//基于token的remember-me的认证
            .tokenValiditySeconds(604800);//token过期时间
        http.headers().frameOptions()//请求头
            .sameOrigin();//响应头
      }
 
      @Override
      protected void configure(AuthenticationManagerBuilder auth) throws Exception {
          auth
               .inMemoryAuthentication()
                    .withUser("admin")//用户名：admin
                         .password("123456")//密码：12346
                         .roles("USER");//权限ROLE_USER
      }
}

附上官网教程
感谢大神一天不进步，就是退步!