This is the 31st day of my participation in the August Text Challenge.More challenges in August
Springsecurity is a security framework for Spring projects and the default technology selection for Springboot security modules. It can achieve powerful WEB security control. We only need to introduce the main classes of the Spring-starter-Security module
@ WebSecurityConfigurerAdapter: custom security strategy @ AuthenticationManagerBuider: custom authentication strategy @ WebSecurity EnableWebSecurity open mode, The two main goals of Springsecurity are “authentication” and “authorization” (access control). This concept is interchangeable and not unique to Springsecurity. To prepare, import dependencies
<! -- Introduce thymeleaf dependency -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<! -- Security dependency -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
Copy the code
A few simple page directory structures
Page effect Write your own config class Springboot help we integrate more, only need to write a class, inheritance WebSecurityConfigurerAdapter add annotations @ EnableWebSecurity
package com.jj.config;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class Securityconfig extends WebSecurityConfigurerAdapter {
/ / rewrite
@Override
protected void configure(HttpSecurity http) throws Exception {
// Make the home page accessible to all
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/level1/**").hasRole("vip1")
.antMatchers("/level2/**").hasRole("vip2")
.antMatchers("/level3/**").hasRole("vip3");
// If login is enabled, you cannot return to the login pagehttp.formLogin(); }}Copy the code
Effect when we click Will return to the login page because there is no permissionThe aop equivalent of Spring is faceted.Set the login account and password permission
// Rewrite the login account password
// Can be a database, I do not connect to the database, I use memory
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
// Set FJJ to vip2,vip3
.withUser("fengjiaojaio").password("123456").roles("vip2"."vip3")
// Set Silly to only watch VIp1
.and() .withUser("Han han").password("285").roles("vip1");
}
Copy the code
The version problem should report an error saying that the password is not secure. Probably also for the sake of everyone’s password
java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"at org.springframework.security.crypto.password.DelegatingPasswordEncoder$UnmappedIdPasswordEncoder.matches(DelegatingPassw ordEncoder.java:254) ~[spring-security-core-5.42..jar:5.42.]
at org.springframework.security.crypto.password.DelegatingPasswordEncoder.matches(DelegatingPasswordEncoder.java:202) ~[spring-security-core-5.42..jar:5.42.]
Copy the code
** Solution 1: if you do not want to set the password encryption encoding, you can reduce the version to 2.1.X ** ** solution 2: add password encryption **
// Rewrite the login account password
// Can be a database, I do not connect to the database, I use memory
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
// Set FJJ to vip2,vip3
.withUser("fengjiaojaio").password(new BCryptPasswordEncoder().encode("123456")).roles("vip2"."vip3")
// Set Silly to only watch VIp1
.and() .withUser("Han han").password(new BCryptPasswordEncoder().encode("285")).roles("vip1");
}
Copy the code
The effect Will say no permission!!If the connection to the database, the official document to inject the data source can be!! There will be cookies after login so you need to enable the elimination of login, add this sentence Put the logout button on the front pageThis mapper is the one that Spring Security wroteDownload his source code and see the comments
The effect There are friendly hintsIf you do not want to jump to the login screen, you can also jump to the specified URL 支那Function!!!!!