Pom
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion> <groupId>com.mb</groupId>
<artifactId>tuia</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging> <name>tuia</name>
<description>tuia project for Spring Boot</description> <parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.4.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent> <properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties> <dependencies> <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency> <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency> <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency> <dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.40</version>
</dependency> <dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.4</version>
</dependency> <dependency>
<groupId>alipay</groupId>
<artifactId>taobao-sdk-java-auto</artifactId>
<version>1.0</version>
</dependency> </dependencies> <build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build> </project>
package com.mb.tuia.Config; import com.mb.tuia.Service.CustomUserService;
import com.mb.tuia.utils.MyPasswordEncoder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService; @EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean
UserDetailsService customUserService() {
return new CustomUserService();
} @Override
protected void configure(HttpSecurity http) throws Exception { http
.authorizeRequests() // 3
.antMatchers("/index", "/css/**").permitAll() //4 .antMatchers("/admin/**").hasAnyRole("ROLE_ADMIN", "ROLE_USER")
.antMatchers("/user/**").hasAnyRole("ADMIN","USER")
.antMatchers("/member/**").hasAnyRole("ADMIN") .and() // 6
.formLogin()
.loginPage("/login").failureUrl("/login-error")
//以下为iframe
.and()
.csrf().disable()
.headers().frameOptions().sameOrigin(); } @Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { // 7 auth.userDetailsService(customUserService()).passwordEncoder(new MyPasswordEncoder());
}
}
密码采用Md5
package com.mb.tuia.utils; import org.springframework.security.crypto.password.PasswordEncoder; public class MyPasswordEncoder implements PasswordEncoder { @Override
public String encode(CharSequence charSequence) {
// return charSequence.toString();
return MD5Util.encrypt((String)charSequence);
} @Override
public boolean matches(CharSequence charSequence, String s) {
return s.equals(MD5Util.encrypt((String)charSequence));
// return s.equals(charSequence.toString());
} }
在程序中获得当前登陆用户对应的对象。
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext()
.getAuthentication()
.getPrincipal();