如何与springsecurity结合
时间: 2023-12-03 13:39:45 浏览: 40
结合Spring Security的步骤如下:
1.添加Spring Security依赖项。在Maven项目中,可以在pom.xml文件中添加以下依赖项:
```xml
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.3.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.3.4.RELEASE</version>
</dependency>
```
2.创建一个SecurityConfig类,该类扩展了WebSecurityConfigurerAdapter并覆盖了configure方法。在此方法中,您可以配置Spring Security以保护您的应用程序。例如,以下代码配置了基于表单的身份验证:
```java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("{noop}password").roles("USER");
}
}
```
3.在您的应用程序中使用Spring Security。例如,您可以在控制器方法上使用@PreAuthorize注释来限制对受保护资源的访问:
```java
@Controller
public class MyController {
@GetMapping("/my-protected-page")
@PreAuthorize("hasRole('ROLE_USER')")
public String myProtectedPage() {
return "my-protected-page";
}
}
```