Spring Security認證相關URL實現可配置
阿新 • • 發佈:2020-11-04
application.yml
server: port: 80 spring: thymeleaf: cache: false #關閉Thymeleaf快取 mengxuegu: security: authentication: loginPage: /login/page #響應認證(登入)頁面URL loginProcessingUrl: /login/form #登入表單提交處理URL usernameParameter: name # 登入表單使用者名稱的屬性名 passwordParameter: pwd # 登入表單密碼的屬性名 staticPaths: # 靜態資源 "/dist/**", "/modules/**", "/plugins/**" - /dist/** - /modules/** - /plugins/**
建立AuthenticationProperties類
package com.mengxuegu.security.properties; import lombok.Data; @Data public class AuthenticationProperties { // application.yml 沒配置取預設值 private String loginPage = "/login/page"; private String loginProcessingUrl = "/login/form"; private String usernameParameter = "name"; private String passwordParameter = "pwd"; private String[] staticPaths = {"/dist/**", "/modules/**", "/plugins/**"}; }
建立SecurityProperties類
package com.mengxuegu.security.properties; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component; @Component // 不要少了 @ConfigurationProperties( prefix = "mengxuegu.security") public class SecurityProperties { // 將application.yml 中的 mengxuegu.security.authentication 下面的值繫結到此物件中 private AuthenticationProperties authentication; public AuthenticationProperties getAuthentication() { return authentication; } public void setAuthentication(AuthenticationProperties authentication) { this.authentication = authentication; } }
在SpringSecurityConfig中應用
package com.mengxuegu.security.config;
import com.mengxuegu.security.properties.SecurityProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* alt+/ 導包
* ctrl+o 覆蓋
* @Auther: 夢學谷 www.mengxuegu.com
*/
@EnableWebSecurity // 開啟springsecurity過濾鏈 filter
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
private SecurityProperties securityProperties;
@Bean
public PasswordEncoder passwordEncoder(){
// 明文+隨機鹽值-》加密儲存
return new BCryptPasswordEncoder();
}
/**
* 認證管理器:
* 1. 認證資訊(使用者名稱,密碼)
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
String password = passwordEncoder().encode("123456");
logger.info("加密之後儲存的密碼:"+password);
auth.inMemoryAuthentication().withUser("root").password(password).authorities("ADMIN");
}
/**
* 資源許可權配置:
* 1. 被攔截的資源
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("使用者認證");
// http.httpBasic() // 採用 httpBasic認證方式
http.formLogin() // 表單登入方式
.loginPage(securityProperties.getAuthentication().getLoginPage()) //配置登入頁面
.loginProcessingUrl(securityProperties.getAuthentication().getLoginProcessingUrl()) //登入表單提交處理url,預設是/login
.usernameParameter(securityProperties.getAuthentication().getUsernameParameter())
.passwordParameter(securityProperties.getAuthentication().getPasswordParameter())
.and()
.authorizeRequests() // 認證請求
.antMatchers(securityProperties.getAuthentication().getLoginPage()).permitAll()
.anyRequest().authenticated() //所有訪問該應用的http請求都要通過身份認證才可以訪問
; // 注意不要少了分號
}
/**
* 一般針對靜態資源放行
* @param web
*/
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers(securityProperties.getAuthentication().getStaticPaths());
}
}