Java：SpringBoot整合Spring Security实现认证与授权学习笔记_资讯

Java：SpringBoot整合Spring Security实现认证与授权学习笔记

创始人

2024-05-31 18:32:29

0次

本文通过逐步学习Spring Security，由浅入深，SpringBoot整合Spring Security 分别实现自定义的HTTP Basic认证和 Form表单认证。

本文是学习笔记，网上的教程五花八门，由于时间久远，很难拿来就用。

在此特别感谢@IT老齐老师，带我完整的用代码实现了一遍Spring Security的基本使用。

- 一、Spring Security 快速开始
- 二、认证与授权
- 三、Spring Security基础认证与表单认证
- - 1、HTTP基础认证
  - 2、HTTP表单认证
- 四、Spring Security 用户与认证对象
- - 1、用户对象
  - 2、认证对象
- 五、基于MySQL自定义认证过程
- - 1、项目结构
  - 2、用户表
  - 3、依赖
  - 4、数据库配置
  - 5、SpringBoot基本框架
  - 6、自动定义Spring Security
  - 7、接口测试
- 六、使用PasswordEncoder加密密码
- 七、Session会话控制
- 八、基于表单模式实现自定义认证
- 学习资料

主要内容：

用户信息管理
敏感信息加密解密
用户认证
权限控制
跨站点请求伪造保护
跨域支持
全局安全方法
单点登录

一、Spring Security 快速开始

创建SpringBoot项目

$ tree -I test
.
├── pom.xml
└── src└── main├── java│   └── com│       └── example│           └── demo│               ├── Application.java│               └── controller│                   └── IndexController.java└── resources├── application.yml├── static└── templates

引入Spring Security依赖

org.springframework.bootspring-boot-starter-security

完整依赖 pom.xml


4.0.0org.springframework.bootspring-boot-starter-parent2.7.7 com.exampledemo0.0.1-SNAPSHOTdemoDemo project for Spring Boot1.8org.springframework.bootspring-boot-starter-weborg.springframework.bootspring-boot-devtoolsruntimetrueorg.projectlomboklomboktrueorg.springframework.bootspring-boot-starter-testtestorg.springframework.bootspring-boot-starter-securityorg.springframework.bootspring-boot-maven-pluginorg.projectlomboklombok

配置 application.yml

server:port: 8080

启动类 Application.java

package com.example.demo;import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;@SpringBootApplication
public class Application {public static void main(String[] args) {SpringApplication.run(Application.class, args);}}

控制器 IndexController.java

package com.example.demo.controller;import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;@RestController
public class IndexController {@GetMapping("/")public String index(){return "Hello";}
}

直接访问应用会被重定向到登录页面

http://localhost:8080/
=> 302
http://localhost:8080/login

在这里插入图片描述

现在使用默认的账号密码登录

默认的用户名：user
默认的密码：(控制台打印出的密码)

Using generated security password: cdd28beb-9a64-4130-be58-6bde1684476d

再次访问 http://localhost:8080/

可以看到返回结果
在这里插入图片描述

二、认证与授权

认证 authentication 用户身份
授权 authorization 用户权限

单体应用
在这里插入图片描述
微服务架构

三、Spring Security基础认证与表单认证

认证方式	有无状态	简介	应用场景
基础认证	无状态	不使用cookie	对外API
表单认证	有状态	使用session会话	网站应用

用户对象 UserDetails
- 内存存储
- 数据库存储
认证对象 Authentication
- HTTP基础认证
- HTTP表单认证

1、HTTP基础认证

通过HTTP请求头携带用户名和密码进行登录认证

HTTP请求头格式

# 用户名和密码的Base64编码
Authonrization: Basic Base64-encoded(username:password)

在这里插入图片描述

Spring Boot2.4版本以前

package com.example.demo.config;import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {// 所有请求都需要认证，认证方式：httpBasichttp.authorizeHttpRequests((auth) -> {auth.anyRequest().authenticated();}).httpBasic(Customizer.withDefaults());}
}

Spring Boot2.4版本之后

package com.example.demo.config;import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;@Configuration
public class SecurityConfiguration {@Beanpublic SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {// 所有请求都需要认证，认证方式：httpBasichttp.authorizeHttpRequests((auth) -> {auth.anyRequest().authenticated();}).httpBasic(Customizer.withDefaults());return http.build();}
}

发送HTTP请求

GET http://localhost:8080/
Authorization: Basic dXNlcjo2ZjRhMGY5ZS1hY2ZkLTRmNTYtYjIzNy01MTZmYmZjMTk3NGM=

可以获得响应数据

Hello

base64解码之后可以得到用户名和密码

atob('dXNlcjo2ZjRhMGY5ZS1hY2ZkLTRmNTYtYjIzNy01MTZmYmZjMTk3NGM=')'user:6f4a0f9e-acfd-4f56-b237-516fbfc1974c'

2、HTTP表单认证

Spring Security的默认认证方式

在这里插入图片描述

四、Spring Security 用户与认证对象

1、用户对象

接口名	说明
UserDetails	用户对象
GrantedAuthority	用户权限
UserDetailsService	用户对象查询操作
UserDetailsManager	创建用户、修改用户密码

UserDetails 用户对象接口

package org.springframework.security.core.userdetails;import java.io.Serializable;
import java.util.Collection;import org.springframework.security.core.GrantedAuthority;public interface UserDetails extends Serializable {// 获取用户权限信息Collection getAuthorities();// 获取密码java.lang.String getPassword();// 获取用户名java.lang.String getUsername();// 判断账户是否失效boolean isAccountNonExpired();// 判断账户是否锁定boolean isAccountNonLocked();// 判断账户凭证信息是否已失效boolean isCredentialsNonExpired();// 判断账户是否可用boolean isEnabled();
}

GrantedAuthority 用户拥有权限接口

package org.springframework.security.core;import java.io.Serializable;public interface GrantedAuthority extends Serializable {// 获取权限信息String getAuthority();
}

UserDetailsService 用户查询操作

package org.springframework.security.core.userdetails;import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;public interface UserDetailsService {// 根据用户名获取用户信息UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
}

UserDetailsManager 用户CRUD操作

package org.springframework.security.provisioning;import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;public interface UserDetailsManager extends UserDetailsService {// 创建用户void createUser(UserDetails user);// 更新用户void updateUser(UserDetails user);// 删除用户void deleteUser(String username);// 修改密码void changePassword(String oldPassword, String newPassword);// 判断用户是否存在boolean userExists(String username);}

2、认证对象

接口名	说明
Authentication	认证请求详细信息
AuthenticationProvider	认证的业务执行者

Authentication 认证请求详细信息

package org.springframework.security.core;import java.io.Serializable;
import java.security.Principal;
import java.util.Collection;import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.context.SecurityContextHolder;public interface Authentication extends Principal, Serializable {// 安全主体所具有的的权限Collection getAuthorities();// 证明主体有效性的凭证Object getCredentials();// 认证请求的明细信息Object getDetails();// 主体的标识信息Object getPrincipal();// 是否认证通过boolean isAuthenticated();// 设置认证结果void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException;}

AuthenticationProvider 认证的业务执行者

package org.springframework.security.authentication;import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;public interface AuthenticationProvider {// 执行认证，返回认证结果Authentication authenticate(Authentication authentication) throws AuthenticationException;// 判断是否支持当前的认证对象boolean supports(Class authentication);
}

五、基于MySQL自定义认证过程

1、项目结构

$ tree -I target
.
├── pom.xml
└── src├── main│   ├── java│   │   └── com│   │       └── example│   │           └── demo│   │               ├── Application.java│   │               ├── controller│   │               │   └── IndexController.java│   │               ├── entity│   │               │   └── User.java│   │               ├── mapper│   │               │   └── UserMapper.java│   │               ├── security│   │               │   ├── SecurityConfiguration.java│   │               │   └── UserAuthenticationProvider.java│   │               └── service│   │                   ├── UserService.java│   │                   └── impl│   │                       └── UserServiceImpl.java│   └── resources│       ├── application.yml│       ├── sql│       │   └── schema.sql│       ├── static│       └── templates└── test├── http│   └── IndexController.http└── java└── com└── example└── demo└── ApplicationTests.java

2、用户表

默认表结构的SQL路径

spring-security-core-5.7.6.jar!/org/springframework/security/core/userdetails/jdbc/users.ddl

create table users(username varchar_ignorecase(50) not null primary key,password varchar_ignorecase(500) not null,enabled boolean not null
);
create table authorities (username varchar_ignorecase(50) not null,authority varchar_ignorecase(50) not null,constraint fk_authorities_users foreign key(username) references users(username)
);
create unique index ix_auth_username on authorities (username,authority);

一般情况下，我们使用自己创建的用户表

schema.sql

-- 创建用户表
CREATE TABLE `tb_user` (`id` int NOT NULL AUTO_INCREMENT COMMENT '主键id',`username` varchar(255) COLLATE utf8mb4_general_ci NOT NULL COMMENT '用户名',`password` varchar(255) COLLATE utf8mb4_general_ci NOT NULL COMMENT '密码',`nickname` varchar(32) COLLATE utf8mb4_general_ci NOT NULL DEFAULT '昵称',`enabled` tinyint NOT NULL DEFAULT '1' COMMENT '账号可用标识',PRIMARY KEY (`id`),UNIQUE KEY `idx_username` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci COMMENT='用户表';-- 添加初始数据
insert into `tb_user` values (1, "zhangsan", "zhangsan", "张三", 1);
insert into `tb_user` values (2, "lisi", "lisi", "李四", 1);
insert into `tb_user` values (3, "wangwu", "wangwu", "王五", 1);

3、依赖

Spring Security
MyBatis-Plus
MySQL8 JDBC
Lombok

完整依赖

pom.xml


4.0.0org.springframework.bootspring-boot-starter-parent2.7.7 com.exampledemo0.0.1-SNAPSHOTdemoDemo project for Spring Boot1.8org.springframework.bootspring-boot-starter-weborg.springframework.bootspring-boot-devtoolsruntimetrueorg.projectlomboklomboktrueorg.springframework.bootspring-boot-starter-testtestorg.springframework.bootspring-boot-starter-securitycom.baomidoumybatis-plus-boot-starter3.5.2mysqlmysql-connector-javaruntimeorg.springframework.bootspring-boot-maven-pluginorg.projectlomboklombok

4、数据库配置

application.yml

server:port: 8080# DataSource Config
spring:datasource:driver-class-name: com.mysql.cj.jdbc.Driverurl: jdbc:mysql://127.0.0.1:3306/data?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=Asia/Shanghaiusername: rootpassword: 123456mybatis-plus:configuration:# 开启SQL语句打印log-impl: org.apache.ibatis.logging.stdout.StdOutImplglobal-config:db-config:# 自增主键策略id-type: AUTO

5、SpringBoot基本框架

启动类 Application.java

package com.example.demo;import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;@SpringBootApplication
public class Application {public static void main(String[] args) {SpringApplication.run(Application.class, args);}}

实体类 User.java

package com.example.demo.entity;import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import lombok.Data;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;import java.util.Arrays;
import java.util.Collection;@Data
@TableName("tb_user")
public class User implements UserDetails {/*** 主键id*/@TableIdprivate Long id;/*** 用户名*/private String username;/*** 密码*/private String password;/*** 昵称*/private String nickname;/*** 账号可用标识*/private Integer enabled;/*** 获取用户权限信息** @return*/@Overridepublic Collection getAuthorities() {return Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"));}/*** 判断账户是否失效** @return*/@Overridepublic boolean isAccountNonExpired() {return true;}/*** 判断账户是否锁定** @return*/@Overridepublic boolean isAccountNonLocked() {return true;}/*** 判断账户凭证信息是否已失效** @return*/@Overridepublic boolean isCredentialsNonExpired() {return true;}/*** 判断账户是否可用** @return*/@Overridepublic boolean isEnabled() {return this.enabled == 1;}
}

UserMapper.java

package com.example.demo.mapper;import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.example.demo.entity.User;
import org.apache.ibatis.annotations.Mapper;@Mapper
public interface UserMapper extends BaseMapper {
}

UserService.java

package com.example.demo.service;import com.baomidou.mybatisplus.extension.service.IService;
import com.example.demo.entity.User;public interface UserService extends IService {
}

UserServiceImpl.java

package com.example.demo.service.impl;import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.example.demo.entity.User;
import com.example.demo.mapper.UserMapper;
import com.example.demo.service.UserService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;@Service
@Slf4j
public class UserServiceImplextends ServiceImplimplements UserService, UserDetailsService {/*** 根据用户名获取用户信息* @param username* @return UserDetails* @throws UsernameNotFoundException*/@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper<>();queryWrapper.eq(User::getUsername, username);User user = super.getOne(queryWrapper);if(user == null){log.error("Access Denied, user not found:" + username);throw new UsernameNotFoundException("user not found:" + username);}return user;}
}

IndexController.java

package com.example.demo.controller;import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;@RestController
public class IndexController {@GetMapping("/hello")public String hello(){return "Hello";}
}

6、自动定义Spring Security

SecurityConfiguration.java

package com.example.demo.security;import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;@Configuration
public class SecurityConfiguration {/*** 基于基础认证模式* @param http* @return* @throws Exception*/@Beanpublic SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {// 所有请求都需要认证，认证方式：httpBasichttp.authorizeHttpRequests((auth) -> {auth.anyRequest().authenticated();}).httpBasic(Customizer.withDefaults());return http.build();}
}

UserAuthenticationProvider.java

package com.example.demo.security;import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Component;@Component
@Slf4j
public class UserAuthenticationProvider implements AuthenticationProvider {@Autowiredprivate UserDetailsService userService;/*** 自己实现认证过程** @param authentication* @return* @throws AuthenticationException*/@Overridepublic Authentication authenticate(Authentication authentication) throws AuthenticationException {// 从Authentication 对象中获取用户名和密码String username = authentication.getName();String password = authentication.getCredentials().toString();UserDetails user = userService.loadUserByUsername(username);if (password.equals(user.getPassword())) {// 密码匹配成功log.info("Access Success: " + user);return new UsernamePasswordAuthenticationToken(username, password, user.getAuthorities());} else {// 密码匹配失败log.error("Access Denied: The username or password is wrong!");throw new BadCredentialsException("The username or password is wrong!");}}@Overridepublic boolean supports(Class authentication) {return authentication.equals(UsernamePasswordAuthenticationToken.class);}
}

7、接口测试

IndexController.http

###
# 不提供认证信息
GET http://localhost:8080/hello###
# 提供错误的认证信息
GET http://localhost:8080/hello
Authorization: Basic dXNlcjo2YzVlMTUyOS1kMTc2LTRkYjItYmZlMy0zZTIzOTNlMjY2MTk=###
# 提供正确的认证信息
GET http://localhost:8080/hello
Authorization: Basic emhhbmdzYW46emhhbmdzYW4=
###

六、使用PasswordEncoder加密密码

PasswordEncoder接口

package org.springframework.security.crypto.password;public interface PasswordEncoder {// 对原始密码编码String encode(CharSequence rawPassword);// 密码比对boolean matches(CharSequence rawPassword, String encodedPassword);// 判断加密密码是否需要再次加密default boolean upgradeEncoding(String encodedPassword) {return false;}
}

常见的实现类

实现类	说明
NoOpPasswordEncoder	明文存储，仅用于测试
StandardPasswordEncoder	SHA-256算法（已过期）
BCryptPasswordEncoder	bcrypt算法
Pbkdf2PasswordEncoder	Pbkdf2算法

Bcrypt算法简介

例如：

package com.example.demo;import org.junit.jupiter.api.Test;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;public class BCryptPasswordEncoderTest {@Testpublic void encode(){BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();String encode = bCryptPasswordEncoder.encode("123456");System.out.println(encode);}
}

输出

$2a$10$lKqmIKbEPNDx/RXssgN6POgb8YssAK7pVtMFDosmC8FxozUgQq58K

解释

$是分隔符
2a表示Bcrypt算法版本
10表示算法强度
中间22位表示盐值
中间面的位数表示加密后的文本
总长度60位

使用Bcrypt算法加密密码后的数据

-- 建表
CREATE TABLE `tb_user` (`id` int NOT NULL AUTO_INCREMENT COMMENT '主键id',`username` varchar(255) COLLATE utf8mb4_general_ci NOT NULL COMMENT '用户名',`password` varchar(255) COLLATE utf8mb4_general_ci NOT NULL COMMENT '密码',`nickname` varchar(32) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT '昵称',`enabled` tinyint NOT NULL DEFAULT '1' COMMENT '账号可用标识',PRIMARY KEY (`id`),UNIQUE KEY `idx_username` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci COMMENT='用户表';-- 数据
INSERT INTO `tb_user` VALUES (1, 'zhangsan', '$2a$10$/1XHgJYXtF4g/AiR41si8uvVC6Zc.Z9xVmXX4hO2z.b4.DX.H2j5W', '张三', 1);
INSERT INTO `tb_user` VALUES (2, 'lisi', '$2a$10$PEcF03ina7x9mmt2VbB0ueVkLZWQo/yoKOfvfQpoL09/faBlNuuZ.', '李四', 1);
INSERT INTO `tb_user` VALUES (3, 'wangwu', '$2a$10$PMumxkwwrELTbNDXCj0N4.jD/e/Hv.JiiZTFkdFqlDNLU2TahdYNq', '王五', 1);

UserAuthenticationProvider实现类替换如下

package com.example.demo.security;import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;@Component
@Slf4j
public class UserAuthenticationProvider implements AuthenticationProvider {@Autowiredprivate UserDetailsService userService;// 密码加密public PasswordEncoder passwordEncoder(){return new BCryptPasswordEncoder();}/*** 自己实现认证过程** @param authentication* @return* @throws AuthenticationException*/@Overridepublic Authentication authenticate(Authentication authentication) throws AuthenticationException {// 从Authentication 对象中获取用户名和密码String username = authentication.getName();String password = authentication.getCredentials().toString();UserDetails user = userService.loadUserByUsername(username);// 替换密码比对方式// if (password.equals(user.getPassword())) {if (this.passwordEncoder().matches(password, user.getPassword())) {// 密码匹配成功log.info("Access Success: " + user);return new UsernamePasswordAuthenticationToken(username, password, user.getAuthorities());} else {// 密码匹配失败log.error("Access Denied: The username or password is wrong!");throw new BadCredentialsException("The username or password is wrong!");}}@Overridepublic boolean supports(Class authentication) {return authentication.equals(UsernamePasswordAuthenticationToken.class);}
}

七、Session会话控制

修改配置类SecurityConfiguration

package com.example.demo.security;import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;@Configuration
public class SecurityConfiguration {/*** 基于基础认证模式* @param http* @return* @throws Exception*/@Beanpublic SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {// 禁用session会话http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);// 所有请求都需要认证，认证方式：httpBasichttp.authorizeHttpRequests((auth) -> {auth.anyRequest().authenticated();}).httpBasic(Customizer.withDefaults());return http.build();}
}

八、基于表单模式实现自定义认证

SecurityFormConfiguration 配置类

package com.example.demo.security;import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;@Configuration
public class SecurityFormConfiguration {/*** 基于表单认证模式* @param http* @return* @throws Exception*/@Beanpublic SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {// 启用session会话http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);// 认证方式：Formhttp.authorizeRequests()// 所有请求都需要认证.anyRequest().authenticated().and()// 启动表单认证模式.formLogin()// 登录页面.loginPage("/login.html")// 请求提交地址.loginProcessingUrl("/login")// 放行上面的两个地址.permitAll()// 设置提交的参数名.usernameParameter("username").passwordParameter("password").and()// 开始设置注销功能.logout()// 注销的url.logoutUrl("/logout")// session直接过期.invalidateHttpSession(true)// 清除认证信息.clearAuthentication(true)// 注销成功后跳转地址.logoutSuccessUrl("/login.html").and()// 禁用csrf安全防护.csrf().disable();return http.build();}
}

登录页面 static/login.html



Login

Login
username：
password：

显示效果
在这里插入图片描述

学习资料

IT老齐的Spring Security实战课
完整代码: https://github.com/mouday/spring-boot-demo/tree/master/SpringBoot-Security-Basic-Form

词库加载错误:未能找到文件“E:\highferrum_mysql\Configuration\Dict_Stopwords.txt”。

上一篇：小本创业大全，36个小本投资好项目，看看有适合你的吗！小本创业最赚钱的20个项目小本创业100个项目

下一篇：小本创业如何成就大事业小本生意如何创业成功小本生意如何成功

Java：SpringBoot整合Spring Security实现认证与授权学习笔记

目录

一、Spring Security 快速开始

二、认证与授权

三、Spring Security基础认证与表单认证

1、HTTP基础认证

2、HTTP表单认证

四、Spring Security 用户与认证对象

1、用户对象

2、认证对象

五、基于MySQL自定义认证过程

1、项目结构

2、用户表

3、依赖

4、数据库配置

5、SpringBoot基本框架

6、自动定义Spring Security

7、接口测试

六、使用PasswordEncoder加密密码

七、Session会话控制

八、基于表单模式实现自定义认证

Login

学习资料

相关内容

热门资讯