“This is my fourth day of the November Gwen Challenge.The final text challenge in 2021”.

preface

With the hot SpringBoot, with the family of SpringSecurity also gradually into the field of vision, in the past, and Apache Shiro, SpringSecurity complex configuration directly persuaded to retire, just entered my rookie, Now that relying on SpringBoot simplifies a lot of configuration, it’s even easier to integrate.

Build the SpringSecurity project quickly

  • createspring bootengineering
  • Add initial dependenciesweb,SecurityRely on

pom.xml


      
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.3.4. RELEASE</version>
        <relativePath/> <! -- lookup parent from repository -->
    </parent>
    <groupId>com.yang</groupId>
    <artifactId>spring-security</artifactId>
    <version>0.0.1 - the SNAPSHOT</version>
    <name>spring-security</name>
    <description>Demo project for Spring Boot</description>
​
    <properties>
        <java.version>1.8</java.version>
    </properties>
​
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
  </dependencies>
</project>Copy the code

Start the classSpringSecurityApplicationaddapi

@RestController
@SpringBootApplication
public class SpringSecurityApplication {
​
    public static void main(String[] args) {
        SpringApplication.run(SpringSecurityApplication.class, args);
    }
​
    @GetMapping("/hi")
    public String hi (a){
        return "hi,spring-security"; }}Copy the code

Start the project

  • accesshttp://localhost:8080/hi

Find http://localhost:8080/login prompt request path automatically jump to login

When Spring Security was introduced, no configuration or interception encoding was added, but Spring Security had a default operating state that required basic HTTP authentication to access URL resources

The default user name is user

Default dynamic password: View console print

Using generated security password: 5f226ca2-5bc6-4e45-9f67-94760c5353bd
Copy the code
  • Enter a user name and password and clickSign in

Goto http://localhost:8080/hi page, the page output hi, spring ws-security

User-defined user name and password

We can also customize the login username and password

  • Open the configuration file application.yml

  • Add the configuration

spring:
  security:
    user:
      name: caoshenyang
      password: 123456
Copy the code
  • Restart the project

Found that the console no longer prints passwords

  • Access interface http://localhost:8080/hi

  • Enter a user-defined user name and password

Login successful

In general, HTTP basic authentication is not preferred because of poor security, inability to carry cookies, and lack of flexibility. The basic use of form authentication, their own implementation of verification logic, improve security