表单登录+内存账户

aaronlinv · Aug 22, 2021 · fe65f3e · fe65f3e
1 parent a3653a0
commit fe65f3e
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 2 deletions.
diff --git a/readme.md b/readme.md
@@ -0,0 +1,4 @@
+端口：8081
+[http://localhost:8081](http://localhost:8081])
+
+表单登录地址：http://localhost:8081/login.html
diff --git a/src/main/java/com/al/_01springsecuritydemo01/config/SecurityConfig.java b/src/main/java/com/al/_01springsecuritydemo01/config/SecurityConfig.java
@@ -0,0 +1,63 @@
+package com.al._01springsecuritydemo01.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@EnableWebSecurity
+// @Configuration 被包括在上面的注解了
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.formLogin()
+                .loginPage("/login.html")
+                .loginProcessingUrl("/login")
+                .defaultSuccessUrl("/index")
+                .defaultSuccessUrl("/index")
+
+                .and()
+                .authorizeRequests()
+                .antMatchers("/login.html", "/login")
+                .permitAll()
+
+                .antMatchers("/order")
+                .hasAnyAuthority("ROLE_user", "ROLE_admin")
+
+                // .antMatchers("/system/user", "/system/role", "/system/menu")
+                .antMatchers("/system/**")
+                .hasRole("admin")
+
+                // 除了上面的，其他都需要认证
+                .anyRequest().authenticated()
+
+                .and()
+                .csrf().disable();
+        http.logout().logoutUrl("/logout");
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+                .withUser("user")
+                .password(passwordEncoder().encode("1234"))
+                .roles("user")
+                .and()
+
+                .withUser("admin")
+                .password(passwordEncoder().encode("1234"))
+                .roles("admin")
+
+                .and()
+                .passwordEncoder(passwordEncoder());
+        ;
+    }
+}
diff --git a/src/main/java/com/al/_01springsecuritydemo01/controller/HomeController.java b/src/main/java/com/al/_01springsecuritydemo01/controller/HomeController.java
@@ -5,7 +5,7 @@
 
 @Controller
 public class HomeController {
-    // http://localhost:8080
+    // http://localhost:8081
     @GetMapping("/index")
     public String index() {
         return "index";

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -1 +1 @@
-
+server.port=8081
diff --git a/src/main/resources/static/login.html b/src/main/resources/static/login.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>登录</title>
+</head>
+<body>
+
+<form action="/login" method="post">
+    <label for="username">账户</label><input type="text" name="username" id="username"><br>
+    <label for="password">密码</label><input type="password" name="password" id="password"><br>
+    <input type="submit" value="登录">
+</form>
+</body>
+</html>