springboot+thymeleaf實現springsecurity
阿新 • • 發佈:2018-12-14
依賴:
<!--Spring Security的依賴-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--Thymeleaf Spring Security依賴-->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>controller類
@Controller
public class MainController {
@GetMapping("/")
public String root() {
return "redirect:/index";
}
@GetMapping("/index")
public String index() {
return "index";
}
/**
* 獲取登入介面
*
* @return
*/
@GetMapping("/login")
public String login() {
return "users/login";
}
@GetMapping("/login-error")
public String loginError(Model model) {
model.addAttribute("loginError",true);
model.addAttribute("errorMsg","登入失敗,使用者名稱或者密碼錯誤");
return "login";
}
@GetMapping("/register")
public String register() {
return "register";
}
@GetMapping("/search")
public String search() {
return "search";
}
}
config配置@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) // 啟用方法安全設定
public class SecurityConfig extends WebSecurityConfigurerAdapter {
/**
* 方法重寫
*
* @param http
* @throws Exception
*/
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/css/**","/js/**","/fonts/**","/index").permitAll()//都可以訪問
.antMatchers("//**").hasRole("ADMIN")//需要相應的角色才能訪問
.and()
.formLogin()//基於Form表單登入驗證
.loginPage("/login").failureUrl("/login-error");//自定義登入介面
}
/**
* 認證資訊管理
* @param authenticationManagerBuilder
* @throws Exception
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception{
authenticationManagerBuilder.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("wangzhou").password(new BCryptPasswordEncoder().encode("123456")).roles("ADMIN");
// authenticationManagerBuilder.inMemoryAuthentication()//認證資訊儲存於記憶體中
// .withUser("admin").password("123456").roles("ADMIN");
}
}login.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:th="http://www.thymeleaf.org">
</head>
<body>
<div class="container blog-content-container">
<form th:action="@{/login}" method="post">
<h2 >請登入</h2>
<div class="form-group col-md-5">
<label for="username" class="col-form-label">賬號</label>
<input type="text" class="form-control" id="username" name="username" maxlength="50" placeholder="請輸入賬號">
</div>
<div class="form-group col-md-5">
<label for="password" class="col-form-label">密碼</label>
<input type="password" class="form-control" id="password" name="password" maxlength="30" placeholder="請輸入密碼" >
</div>
<div class="form-group col-md-5">
<input type="checkbox" name="remember-me"> 記住我
</div>
<div class="form-group col-md-5">
<button type="submit" class="btn btn-primary">登入</button>
</div>
<div class=" col-md-5" th:if="${loginError}">
<p class="blog-label-error" th:text="${errorMsg}"></p>
</div>
</form>
</div> <!-- /container -->
</body>
</html>
index.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head >
</head>
<body>
<!-- Page Content -->
<div class="container blog-content-container">
<!--<div sec:authentication="isAuthenticated()">-->
<p>已有使用者登入</p>
<p>登入的使用者為:<span sec:authentication="name"></span></p>
<p>使用者角色為:<span sec:authentication="principal.authorities"></span></p>
</div>
<!--<div sec:authentication="isAnonymous()">-->
<!--<p>未有使用者登入</p>-->
</div>
</div>
<!-- /.container -->
</body>
</html>
結果在登入頁面輸入admin,123456
得到
