添加依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
配置类
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("123456").roles("ADMIN").and().passwordEncoder(new MyPasswordEncoder());
}
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//对actuator监控所用的访问全部需要认证
/* http.formLogin().and().authorizeRequests().antMatchers("/actuator**").authenticated().and().formLogin()
.loginProcessingUrl("/actuator/");
*/
http.csrf().disable(); // 关闭跨站检测
http.authorizeRequests().antMatchers("/actuator**").authenticated(); // 所有的请求全验证
http.formLogin().loginPage("/security/login").loginProcessingUrl("/login_check").failureUrl("/security/login").defaultSuccessUrl("/actuator/").permitAll();
http.logout().logoutUrl("/security/logout").permitAll();
}
}
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("123456").roles("ADMIN").and().passwordEncoder(new MyPasswordEncoder());
}
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//对actuator监控所用的访问全部需要认证
/* http.formLogin().and().authorizeRequests().antMatchers("/actuator**").authenticated().and().formLogin()
.loginProcessingUrl("/actuator/");
*/
http.csrf().disable(); // 关闭跨站检测
http.authorizeRequests().antMatchers("/actuator**").authenticated(); // 所有的请求全验证
http.formLogin().loginPage("/security/login").loginProcessingUrl("/login_check").failureUrl("/security/login").defaultSuccessUrl("/actuator/").permitAll();
http.logout().logoutUrl("/security/logout").permitAll();
}
}
ThymeLeaf配置
###ThymeLeaf配置
spring:
thymeleaf:
#模板的模式,支持 HTML, XML TEXT JAVASCRIPT
mode: HTML5
#编码 可不用配置
encoding: UTF-8
#内容类别,可不用配置
content-type: text/html
#开发配置为false,避免修改模板还要重启服务器
cache: false
#配置模板路径,默认是templates,可以不用配置
prefix: classpath:/templates
添加一个Controller路径为/security/login
@RequestMapping("/security/login")
public ModelAndView login() {
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("login.html");
modelAndView.addObject("msg","欢迎来到登录页面");
return modelAndView;
}
新建一个login.html
<!DOCTYPE html>
<html xmlns:th="http://www.w3.org/1999/xhtml">
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
登录页面 <p th:text="${msg}"></p>
<form action="/login_check" method="post">
<input type="text" name="username" />
</br>
</br>
<input type="text" name="password" />
</br>
</br>
<input type="submit" value="登录" /></br>
</form>
</body>