前言

本文作为入门级的DEMO，完全按照官网实例演示；

项目目录结构

Maven 依赖

  <parent>    <groupId>org.springframework.boot</groupId>    <artifactId>spring-boot-starter-parent</artifactId>    <version>1.4.1.RELEASE</version>  </parent>  <dependencies>    <dependency>      <groupId>org.springframework.boot</groupId>      <artifactId>spring-boot-starter-web</artifactId>    </dependency>    <dependency>      <groupId>org.springframework.boot</groupId>      <artifactId>spring-boot-starter-security</artifactId>    </dependency>    <dependency>      <groupId>org.springframework.boot</groupId>      <artifactId>spring-boot-starter-thymeleaf</artifactId>    </dependency>  </dependencies>

前端页面 home.html

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"><head>    <title>Spring Security Example</title></head><body>  <h1>Welcome!</h1>  <p>Click <a th:href="@{/hello}">here</a> to see a greeting.</p></body></html>

前端页面 login.html

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"><head>    <title>Spring Security Example </title></head><body><div th:if="${param.error}">    Invalid username and password.</div><div th:if="${param.logout}">    You have been logged out.</div><form th:action="@{/login}" method="post">        <div><label> UserName: <input type="text" name="username"/> </label></div>    <div><label> Password: <input type="password" name="password"/> </label></div>    <div><input type="submit" value="Sign In"/></div></form></body></html>

前端页面 hello.html

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"><head>    <title>Hello World!</title></head><body><h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1><form th:action="@{/logout}" method="post">    <input type="submit" value="Sign Out"/></form></body></html>

启动程序 Application.java

@SpringBootApplicationpublic class Application {  public static void main(String[] args) {    SpringApplication.run(Application.class, args);  }}

HomeController.java

@Controllerpublic class HomeController {  @RequestMapping("/")  public String home(){    return "home";    }  @RequestMapping("/login")  public String login(){    return "login";  }  @RequestMapping("/hello")  public String hello(){    return "hello";  }}

Web安全配置 WebSecurityConfig.java

@Configuration@EnableWebSecuritypublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {  @Override  protected void configure(HttpSecurity http) throws Exception {    http      .authorizeRequests()        .antMatchers("/").permitAll()                      //请求路径"/"允许访问        .anyRequest().authenticated()                      //其它请求都需要校验才能访问      .and()        .formLogin()          .loginPage("/login")                             //定义登录的页面"/login"，允许访问          .permitAll()      .and()        .logout()                                           //默认的"/logout", 允许访问          .permitAll();  }  @Autowired  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {    //在内存中注入一个用户名为anyCode密码为password并且身份为USER的对象    auth      .inMemoryAuthentication()        .withUser("anyCode").password("password").roles("USER");  }}

更多讯息欢迎添加小优：DKA-2018