1 pom.的主要文件 我引入的thymeleaf-extras-springsecurity5,springboot2.1.6 <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency>html
<!-- https://mvnrepository.com/artifact/org.thymeleaf.extras/thymeleaf-extras-springsecurity4 --> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity5</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> </dependencies> 2 controller [@Controller](https://my.oschina.net/u/1774615)
public class KungfuController {html5
private final String PREFIX = "pages/"; @RequestMapping("/") public String index() { System.out.println("hello word"); return "welcome"; } @RequestMapping("/userlogin") public String loginPage() { return PREFIX+"login1"; } @GetMapping("/level1/{path}") public String level1(@PathVariable("path")String path) { return PREFIX+"level1/"+path; } @GetMapping("/level2/{path}") public String level2(@PathVariable("path")String path) { return PREFIX+"level2/"+path; } @GetMapping("/level3/{path}") public String level3(@PathVariable("path")String path) { return PREFIX+"level3/"+path; }
}web
//配置下spring
@EnableWebSecurity public class mySecurity extends WebSecurityConfigurerAdapter {springboot
//爲啥引入這個bean ,由於在securety在5.0後使用系統的登陸模板,默認把密碼給加密啦,這個寫的是不讓密碼加密app
@Bean public static NoOpPasswordEncoder passwordEncoder() { return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance(); } protected void configure(HttpSecurity http) throws Exception { //定製請求的受權規則 http.authorizeRequests().antMatchers("/").permitAll() .antMatchers("/level1/**").hasRole("VIP1") .antMatchers("/level2/**").hasRole("VIP2") .antMatchers("/level3/**").hasRole("VIP3"); //開啓自動登陸的功能 http.formLogin(); //開啓自動配置的註銷功能 http.logout().logoutSuccessUrl("/"); } public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("mao").password("123").roles("VIP1","VIP2") .and().withUser("zhang").password("123").roles("VIP1","VIP3").and() .withUser("li").password("123").roles("VIP2","VIP3"); }
} //該模板都是尚學堂的ide
<!DOCTYPE html>spring-boot
<html xmlns:th="http://www.thymeleaf.org"post
xmlns:sec="https://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
<head>ui
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1 align="center">歡迎光臨武林祕籍管理系統</h1>
<div sec:authorize="!isAuthenticated()">
<h2 align="center">遊客您好,若是想查看武林祕籍 <a th:href="@{/login}">請登陸</a></h2>
</div>
<div sec:authorize="isAuthenticated()">
<h2><span sec:authentication="name"></span>,您好,您的角色有: <span sec:authentication="principal.authorities"></span></h2> <form th:action="@{/logout}" method="post"> <input type="submit" value="註銷"/> </form>
</div>
<hr>
<div sec:authorize="hasRole('VIP1')"> <h3>普通武功祕籍</h3> <ul> <li><a th:href="@{/level1/1}">羅漢拳</a></li> <li><a th:href="@{/level1/2}">武當長拳</a></li> <li><a th:href="@{/level1/3}">全真劍法</a></li> </ul>
</div>
<div sec:authorize="hasRole('VIP2')"> <h3>高級武功祕籍</h3> <ul> <li><a th:href="@{/level2/1}">太極拳</a></li> <li><a th:href="@{/level2/2}">七傷拳</a></li> <li><a th:href="@{/level2/3}">梯雲縱</a></li> </ul>
</div>
<div sec:authorize="hasRole('VIP3')"> <h3>絕世武功祕籍</h3> <ul> <li><a th:href="@{/level3/1}">葵花寶典</a></li> <li><a th:href="@{/level3/2}">龜派氣功</a></li> <li><a th:href="@{/level3/3}">獨孤九劍</a></li> </ul> </div>
</body> </html> 參考文獻: 【1】https://docs.spring.io/spring-security/site/docs/current/guides/html5/helloworld-boot.html
【2】尚學堂