1.Security

1.1. Introduction

Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.

Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. Like all Spring projects, the real power of Spring Security is found in how easily it can be extended to meet custom requirements

Characteristics of 1.2.

  • Comprehensive and extensible support for authentication and authorization
  • Prevent session fixation, click hijacking, cross-site request forgery and other attacks
  • The Servlet API integration
  • Optional integration with Spring Web MVC
  • , etc.

2.Spring Boot integrates Security

Let’s do a simple Demo here using an example from the Spring official website

2.1. Construction drawing

I’ll show you the structure of the following Demo

2.2. Preparation

Add the following configuration to pom.xml to introduce a dependency on Spring Security.

        <dependency>
           <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
Copy the code
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests().antMatchers("/"."/home1").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().loginPage("/login1").permitAll()
                .and()
                .logout().permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER")
                .and()
                .passwordEncoder(newCustomPasswordEncoder()); }}Copy the code
public class CustomPasswordEncoder implements PasswordEncoder {
    @Override
    public String encode(CharSequence charSequence) {
        return charSequence.toString();
    }

    @Override
    public boolean matches(CharSequence charSequence, String s) {
        returns.equals(charSequence.toString()); }}Copy the code
@Configuration
public class MvcConfig implements WebMvcConfigurer {
    @Override
    public void addViewControllers(ViewControllerRegistry registry){
        registry.addViewController("/home1").setViewName("/home");
        registry.addViewController("/").setViewName("/home");
        registry.addViewController("/hello1").setViewName("hello");
        registry.addViewController("/login1").setViewName("login"); }}Copy the code

Reference & quotation

  • Spring Security website
  • Spring official website example
  • There is no PasswordEncoder mapped for the ID “null”

Update time

Release Date: February 21, 2019