This is the 31st day of my participation in the August Text Challenge.More challenges in August
Springsecurity is a security framework for Spring projects and the default technology selection for Springboot security modules. It can achieve powerful WEB security control. We only need to introduce the main classes of the Spring-starter-Security module
@ WebSecurityConfigurerAdapter: custom security strategy @ AuthenticationManagerBuider: custom authentication strategy @ WebSecurity EnableWebSecurity open mode, The two main goals of Springsecurity are “authentication” and “authorization” (access control). This concept is interchangeable and not unique to Springsecurity. To prepare, import dependencies
<! -- Introduce thymeleaf dependency -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<! -- Security dependency -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
Copy the codeA few simple page directory structures
Page effect
package com.jj.config;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class Securityconfig extends WebSecurityConfigurerAdapter {
/ / rewrite
@Override
protected void configure(HttpSecurity http) throws Exception {
// Make the home page accessible to all
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/level1/**").hasRole("vip1")
.antMatchers("/level2/**").hasRole("vip2")
.antMatchers("/level3/**").hasRole("vip3");
// If login is enabled, you cannot return to the login pagehttp.formLogin(); }}Copy the codeEffect when we click 
// Rewrite the login account password
// Can be a database, I do not connect to the database, I use memory
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
// Set FJJ to vip2,vip3
.withUser("fengjiaojaio").password("123456").roles("vip2"."vip3")
// Set Silly to only watch VIp1
.and() .withUser("Han han").password("285").roles("vip1");
}
Copy the codeThe version problem should report an error saying that the password is not secure. Probably also for the sake of everyone’s password
java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"at org.springframework.security.crypto.password.DelegatingPasswordEncoder$UnmappedIdPasswordEncoder.matches(DelegatingPassw ordEncoder.java:254) ~[spring-security-core-5.42..jar:5.42.]
at org.springframework.security.crypto.password.DelegatingPasswordEncoder.matches(DelegatingPasswordEncoder.java:202) ~[spring-security-core-5.42..jar:5.42.]
Copy the code** Solution 1: if you do not want to set the password encryption encoding, you can reduce the version to 2.1.X ** ** solution 2: add password encryption **
// Rewrite the login account password
// Can be a database, I do not connect to the database, I use memory
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
// Set FJJ to vip2,vip3
.withUser("fengjiaojaio").password(new BCryptPasswordEncoder().encode("123456")).roles("vip2"."vip3")
// Set Silly to only watch VIp1
.and() .withUser("Han han").password(new BCryptPasswordEncoder().encode("285")).roles("vip1");
}
Copy the codeThe effect 
