diff --git a/spring-security/pom.xml b/spring-security/pom.xml
index 90ca1ba..4ac4735 100644
--- a/spring-security/pom.xml
+++ b/spring-security/pom.xml
@@ -21,8 +21,7 @@
official
step-1
-
-
+
UTF-8
17
@@ -40,11 +39,11 @@
org.springframework.boot
- spring-boot-starter-security
+ spring-boot-starter-web
org.springframework.boot
- spring-boot-starter-web
+ spring-boot-starter-security
diff --git a/spring-security/step-1/ReadMe.md b/spring-security/step-1/ReadMe.md
new file mode 100644
index 0000000..54371b9
--- /dev/null
+++ b/spring-security/step-1/ReadMe.md
@@ -0,0 +1,103 @@
+# 入门案例
+
+## SpringSecurity6基本使用
+
+添加项目依赖
+
+```xml
+
+ org.springframework.boot
+ spring-boot-starter-security
+
+```
+
+创建一个类,加上下面两个注解即可`@EnableWebSecurity`,`@Configuration`
+
+```java
+@EnableWebSecurity
+@Configuration
+public class SecurityWebConfiguration {
+}
+```
+
+## 自定义登录页
+
+> [!IMPORTANT]
+>
+> 使用自定义页面时候,需要在控制器中指定当前跳转的地址,否则Security无法知道你要去往那个页面,即使写上了URL也无法跳转。
+
+在下面示例中定义了自定义登录页,当然也可以定义错误页、退出页等等。
+
+### 开启和禁用
+
+如果需要使用默认的选项可以使用`.formLogin(Customizer.withDefaults())`即可。
+
+如果需要禁用登录页`.formLogin(AbstractHttpConfigurer::disable)`。
+
+### 需要认证指定URL地址
+
+#### 普通认证拦截方式
+
+需要认证URL地址,可以像下面这样写。
+
+```java
+String[] permitAllUrls = {
+ "/", "/doc.html/**",
+ "/webjars/**", "/images/**", ".well-known/**", "favicon.ico", "/error/**",
+ "/v3/api-docs/**"
+};
+
+http.authorizeHttpRequests(authorizeRequests ->
+ // 访问路径为 /api/** 时需要进行认证
+ authorizeRequests
+ .requestMatchers("/api/**").authenticated()
+ .requestMatchers(permitAllUrls).permitAll()
+ )
+```
+
+### 完整示例
+
+```java
+@EnableMethodSecurity
+@EnableWebSecurity
+@Configuration
+public class SecurityWebConfiguration {
+
+ @Bean
+ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+ String[] permitAllUrls = {
+ "/", "/doc.html/**",
+ "/webjars/**", "/images/**", ".well-known/**", "favicon.ico", "/error/**",
+ "/v3/api-docs/**"
+ };
+
+ http.authorizeHttpRequests(authorizeRequests ->
+ // 访问路径为 /api/** 时需要进行认证
+ authorizeRequests
+ .requestMatchers("/api/**").authenticated()
+ .requestMatchers(permitAllUrls).permitAll()
+ )
+ .formLogin(loginPage -> loginPage
+ // 自定义登录页路径
+ .loginPage("/login-page")
+ // 处理登录的URL(默认就是/login)
+ .loginProcessingUrl("/login")
+ // 登录成功跳转
+ .defaultSuccessUrl("/")
+ // 登录失败跳转
+ .failureUrl("/login-page?error=true")
+ .permitAll()
+ )
+ // 使用默认的登录
+ // .formLogin(Customizer.withDefaults())
+ // 禁用表单登录
+ // .formLogin(AbstractHttpConfigurer::disable)
+ .logout(logout -> logout
+ .logoutSuccessUrl("/login-page?logout=true")
+ .permitAll()
+ );
+ return http.build();
+ }
+
+}
+```
\ No newline at end of file
diff --git a/spring-security/step-1/src/main/java/com/spring/security/SecurityConfiguration.java b/spring-security/step-1/src/main/java/com/spring/security/SecurityConfiguration.java
index b91b783..a4cd695 100644
--- a/spring-security/step-1/src/main/java/com/spring/security/SecurityConfiguration.java
+++ b/spring-security/step-1/src/main/java/com/spring/security/SecurityConfiguration.java
@@ -25,11 +25,12 @@ public class SecurityConfiguration {
String generatedPassword = passwordEncoder.encode("123456");
// 创建用户
- UserDetails userDetails1 = User.withUsername("bunny").password(generatedPassword).roles("USER").build();
+ UserDetails userDetails1 = User.withUsername("bunny").password(generatedPassword).roles("USER").authorities("read").build();
UserDetails userDetails2 = User.withUsername("rabbit").password(generatedPassword).roles("USER").build();
+ UserDetails userDetails3 = User.withUsername("admin").password(generatedPassword).roles("ADMIN").authorities("all").build();
// 返回内存中的用户
- return new InMemoryUserDetailsManager(userDetails1, userDetails2);
+ return new InMemoryUserDetailsManager(userDetails1, userDetails2, userDetails3);
}
/**
@@ -47,7 +48,7 @@ public class SecurityConfiguration {
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
- // 自定义实现密码加密器
+ // 自定义实现密码加密器,如果使用自定义不用使用 Bean注入
// return new MD5PasswordEncoder();
}
}
diff --git a/spring-security/step-1/src/main/java/com/spring/security/SecurityWebConfiguration.java b/spring-security/step-1/src/main/java/com/spring/security/SecurityWebConfiguration.java
index bcc3990..5cfc476 100644
--- a/spring-security/step-1/src/main/java/com/spring/security/SecurityWebConfiguration.java
+++ b/spring-security/step-1/src/main/java/com/spring/security/SecurityWebConfiguration.java
@@ -39,6 +39,8 @@ public class SecurityWebConfiguration {
)
// 使用默认的登录
// .formLogin(Customizer.withDefaults())
+ // 禁用表单登录
+ // .formLogin(AbstractHttpConfigurer::disable)
.logout(logout -> logout
.logoutSuccessUrl("/login-page?logout=true")
.permitAll()
diff --git a/spring-security/step-1/src/main/resources/templates/login.html b/spring-security/step-1/src/main/resources/templates/login.html
index f8b64b3..1fb92e1 100644
--- a/spring-security/step-1/src/main/resources/templates/login.html
+++ b/spring-security/step-1/src/main/resources/templates/login.html
@@ -1,5 +1,5 @@
-
+