接下来新建一个配置类WebConfig:
package net.maxwoods.spring.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.authentication.builders.Autpackage net.maxwoods.spring.config; import net.maxwoods.spring.security.CustomUserDetailsService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebConfig extends WebSecurityConfigurerAdapter { @Autowired private PasswordEncoder passwordEncoder; @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("admin").password(passwordEncoder.encode("admin")).roles("ADMIN"); auth.inMemoryAuthentication().withUser("test").password(passwordEncoder.encode("test")).roles("TEST"); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/").permitAll() .anyRequest().authenticated() .and().formLogin().permitAll() .and().logout().permitAll() .and().csrf().disable(); } }
新建一个AdminController:
package net.maxwoods.spring.controller; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @Controller public class AdminController { @PreAuthorize("hasRole('ROLE_ADMIN')") @RequestMapping("/admin") public String admin() { return "admin"; } }
在templates中加入对应的模板页admin.html:
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Spring Security</title> <style> html,body { background-color: aquamarine; height: 100%; margin: 0 0 0 0; } #logo { background-color: darkcyan; height: 100%; font-size: 72px; color: burlywood; display: flex; justify-content:center; align-items:Center; } </style> </head> <body> <div id="logo">Admin</div> </body> </html>
启动运行项目后,发现/可以访问,/admin则需要通过用户名:admin,密码:admin来访问。
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END