pom依赖
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.4.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
</dependencies>
<properties>
<thymeleaf.version>3.0.2.RELEASE</thymeleaf.version>
<thymeleaf-layout-dialect.version>2.0.4</thymeleaf-layout-dialect.version>
</properties>
新建MainController
@Controller
public class MainController {
@RequestMapping(value = "/")
public String index(){
return "/index";
}
@RequestMapping(value = "/403")
public String forbidden(){
return "/403";
}
@RequestMapping(value = "/login")
public String login(){
return "/login";
}
}
新建ProductController
@Controller
@RequestMapping(value = "/product")
public class ProductController {
@RequestMapping(value = "/add")
public String add(){
return "product/add";
}
@RequestMapping(value = "/search")
public String search(){
return "product/search";
}
@RequestMapping(value = "/del")
public String del(){
return "product/del";
}
@RequestMapping(value = "/upt")
public String upt(){
return "product/upt";
}
}
页面文件目录结构如下
index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>index</title>
</head>
<body>
以下是网站的功能<br>
<a href="/product/add">商品添加</a><br>
<a href="/product/upt">商品修改</a><br>
<a href="/product/search">商品查询</a><br>
<a href="/product/del">商品删除</a><br>
</body>
</html>
add.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>add</title>
</head>
<body>
商品新增
</body>
</html>
upt.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>upt</title>
</head>
<body>
商品修改
</body>
</html>
search.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>search</title>
</head>
<body>
商品查询
</body>
</html>
del.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>del</title>
</head>
<body>
商品删除
</body>
</html>
关键代码,创建继承了WebSecurityConfigurerAdapter的配置类
@Configuration
// 启动Springs Security的过滤器链
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
/**
* 配置登录方式
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 写死需要eric 123456登录
auth.inMemoryAuthentication().withUser("eric").password("123456").authorities("PRODUCT_ADD");
}
/**
* 拦截资源
*
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/product/add").hasAuthority("PRODUCT_ADD")
.antMatchers("/product/del").hasAuthority("PRODUCT_ADD")
.antMatchers("/product/upt").hasAuthority("PRODUCT_ADD")
.antMatchers("/product/search").hasAuthority("PRODUCT_SEARCH")
// 放行登录请求
.antMatchers("/login").permitAll()
.antMatchers("/**")
.fullyAuthenticated()
.and()
// .httpBasic()
.formLogin()
// 指定定制登录页面
.loginPage("/login")
.and()
.csrf().disable()
;
}
}
自定义错误页面
@Configuration
public class ErrorPageConfig {
@Bean
public EmbeddedServletContainerCustomizer embeddedServletContainerCustomizer(){
return new EmbeddedServletContainerCustomizer() {
@Override
public void customize(ConfigurableEmbeddedServletContainer configurableEmbeddedServletContainer) {
configurableEmbeddedServletContainer.addErrorPages(new ErrorPage(HttpStatus.FORBIDDEN,"/403"));
}
};
}
}