logo-cover-spring boot 2.0 security 5.0 整合
spring boot 2.0 security 5.0 整合入门,实现自定义表单登录。

1.spring boot 2.0 security 5.0 整合需要引入的maven配置

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.example</groupId>
    <artifactId>demo-security</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>demo-security</name>
    <description>Demo project for Spring Boot</description>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.3.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>


</project>

2.spring boot 2.0 security 5.0 整合核心配置文件

package com.example.demosecurity;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    /**
     * 配置忽略安全管理的路径,一般为资源文件例如css,js,IMG等
     *
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers("/webjars/**", "/resources/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        super.configure(http);  //注意!注意!注意!这个必须注释或者删除掉否则以下配置回受到默认您spring security规则影响
        http
                .authorizeRequests()
                .antMatchers("/account/**").permitAll()
                .anyRequest().authenticated()
                .and()
                    .formLogin()
                        .loginPage("/account/login.html")//自定义登录页面的地址
                        .loginProcessingUrl("/account/login")//自定义登录表单提交地址(默认:/login)
                        .passwordParameter("pwd")//自定义登录用密码的表单名称(默认password)
                        .usernameParameter("username")//自定义登录用户名的表单名称(默认username)
                        .defaultSuccessUrl("/admin")//自定义登录成功后跳转的页面
                        .failureForwardUrl("/account/login.html?error")//自定义登录失败跳转的页面
                .and()
                    .logout()
                        .invalidateHttpSession(true)//登出时候清除sessionion
                        .clearAuthentication(true)//登出时候清除认证信息
                        .logoutUrl("/account/logout")//登出表单的地址
                        .logoutSuccessUrl("/account/login.html")//登出成功后跳转页面
                .and()
//                    .csrf().disable()//配置是否启用csrf,默认启用
                .cors().disable().headers().frameOptions().sameOrigin();//解决iframe无法访问
    }
}

3.spring boot 2.0 security 5.0 整合配置csrf安全登录

如果在上面配置中没有禁用csrf则在登录或者登出的表单中都必须添加以下隐藏字段:
<input type="hidden" name="${_csrf.parameterName}"   value="${_csrf.token}" />

 
暂无评论,快来抢首发吧!!!