SpringBoot與SpringSecurity整合方法附源碼

<dependencies>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-web</artifactId>
	</dependency>
	<!-- Thymeleaf -->
	<dependency>
		<groupId>org.thymeleaf</groupId>
		<artifactId>thymeleaf-spring5</artifactId>
	</dependency>
	<dependency>
		<groupId>org.thymeleaf.extras</groupId>
		<artifactId>thymeleaf-extras-java8time</artifactId>
	</dependency>
	<!-- SpringSecurity -->
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-security</artifactId>
	</dependency>
	<!-- Thymeleaf 與 SpringSecurity 整合包 -->
	<dependency>
 		<groupId>org.thymeleaf.extras</groupId>
 		<artifactId>thymeleaf-extras-springsecurity5</artifactId>
 		<version>3.0.4.RELEASE</version>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-test</artifactId>
		<scope>test</scope>
		<exclusions>
			<exclusion>
				<groupId>org.junit.vintage</groupId>
				<artifactId>junit-vintage-engine</artifactId>
			</exclusion>
		</exclusions>
	</dependency>
</dependencies>

package com.blu.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class RouterController {

	@RequestMapping({ "/", "/index" })
	public String index() {
		return "index";
	}

	@RequestMapping("/tologin")
	public String toLogin() {
		return "views/login";
	}

	@RequestMapping("/level1/{id}")
	public String level1(@PathVariable("id") int id) {
		return "views/level1/" + id;
	}

	@RequestMapping("/level2/{id}")
	public String level2(@PathVariable("id") int id) {
		return "views/level2/" + id;
	}

	@RequestMapping("/level3/{id}")
	public String level3(@PathVariable("id") int id) {
		return "views/level3/" + id;
	}
	
}

package com.blu.config;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
	
	/**
	 * 授權
	 */
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		
		//所有人可以訪問首頁，功能頁需要指定權限才可以訪問
		http.authorizeRequests()
			.antMatchers("/").permitAll()
			.antMatchers("/level1/**").hasRole("vip1")
			.antMatchers("/level2/**").hasRole("vip2")
			.antMatchers("/level3/**").hasRole("vip3");
		
		//沒有權限將默認跳轉至登錄頁，需要開啟登錄的頁面
		//loginPage設置跳轉至登錄頁的請求（默認為/login）
		//usernameParameter和passwordParameter配置登錄的用戶名和密碼參數名稱，默認就是username和password
		//loginProcessingUrl配置登錄請求的url，需要和表單提交的url一致
		http.formLogin().loginPage("/tologin")
						.usernameParameter("username")
						.passwordParameter("password")
						.loginProcessingUrl("/login");
		//禁用CSRF保護
		http.csrf().disable();
		//開啟註銷功能和註銷成功後的跳轉頁面（默認為登錄頁面）
		http.logout().logoutSuccessUrl("/");
		//開啟記住我功能，Cookie默認保存兩周
		http.rememberMe().rememberMeParameter("remember");
		
	}
	
	/**
	 * 認證
	 */
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		
		auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
			.withUser("BLU").password(new BCryptPasswordEncoder().encode("123456")).roles("vip2","vip3")
			.and()
			.withUser("root").password(new BCryptPasswordEncoder().encode("111111")).roles("vip1","vip2","vip3")
			.and()
			.withUser("guest").password(new BCryptPasswordEncoder().encode("111222")).roles("vip1");
	}
	
}

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
<head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
 <title>首頁</title>
 <!--semantic-ui-->
 <link href="https://cdn.bootcss.com/semantic-ui/2.4.1/semantic.min.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="stylesheet">
 <link th:href="@{/qinjiang/css/qinstyle.css}" rel="external nofollow" rel="external nofollow" rel="stylesheet">
</head>
<body>

<!--主容器-->
<div class="ui container">

 <div class="ui segment" id="index-header-nav" th:fragment="nav-menu">
  <div class="ui secondary menu">
   <a class="item" th:href="@{/index}" rel="external nofollow" >首頁</a>

   <!--登錄註銷-->
   <div class="right menu">
    <!--如果未登錄-->
 				<div sec:authorize="!isAuthenticated()">
  				<a class="item" th:href="@{/tologin}" rel="external nofollow" >
   				<i class="address card icon"></i> 登錄
  				</a>
 				</div>
    <!--如果已登錄-->
 				<div sec:authorize="isAuthenticated()">
  				<a class="item">
   				<i class="address card icon"></i>
   				用戶名：<span sec:authentication="principal.username"></span>
   				角色：<span sec:authentication="principal.authorities"></span>
  				</a>
 				</div>
 				<div sec:authorize="isAuthenticated()">
  				<a class="item" th:href="@{/logout}" rel="external nofollow" >
   				<i class="address card icon"></i> 註銷
  				</a>
 				</div>
   </div>
  </div>
 </div>

 <div class="ui segment" style="text-align: center">
  <h3>Spring Security Study by BLU</h3>
 </div>

 <div>
  <br>
  <div class="ui three column stackable grid">
   <div class="column" sec:authorize="hasRole('vip1')">
    <div class="ui raised segment">
     <div class="ui">
      <div class="content">
       <h5 class="content">Level 1</h5>
       <hr>
       <div><a th:href="@{/level1/1}" rel="external nofollow" ><i class="bullhorn icon"></i> Level-1-1</a></div>
       <div><a th:href="@{/level1/2}" rel="external nofollow" ><i class="bullhorn icon"></i> Level-1-2</a></div>
       <div><a th:href="@{/level1/3}" rel="external nofollow" ><i class="bullhorn icon"></i> Level-1-3</a></div>
      </div>
     </div>
    </div>
   </div>

   <div class="column" sec:authorize="hasRole('vip2')">
    <div class="ui raised segment">
     <div class="ui">
      <div class="content">
       <h5 class="content">Level 2</h5>
       <hr>
       <div><a th:href="@{/level2/1}" rel="external nofollow" ><i class="bullhorn icon"></i> Level-2-1</a></div>
       <div><a th:href="@{/level2/2}" rel="external nofollow" ><i class="bullhorn icon"></i> Level-2-2</a></div>
       <div><a th:href="@{/level2/3}" rel="external nofollow" ><i class="bullhorn icon"></i> Level-2-3</a></div>
      </div>
     </div>
    </div>
   </div>

   <div class="column" sec:authorize="hasRole('vip3')">
    <div class="ui raised segment">
     <div class="ui">
      <div class="content">
       <h5 class="content">Level 3</h5>
       <hr>
       <div><a th:href="@{/level3/1}" rel="external nofollow" ><i class="bullhorn icon"></i> Level-3-1</a></div>
       <div><a th:href="@{/level3/2}" rel="external nofollow" ><i class="bullhorn icon"></i> Level-3-2</a></div>
       <div><a th:href="@{/level3/3}" rel="external nofollow" ><i class="bullhorn icon"></i> Level-3-3</a></div>
      </div>
     </div>
    </div>
   </div>

  </div>
 </div>
 
</div>


<script th:src="@{/qinjiang/js/jquery-3.1.1.min.js}"></script>
<script th:src="@{/qinjiang/js/semantic.min.js}"></script>

</body>
</html>

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
 <title>登錄</title>
 <!--semantic-ui-->
 <link href="https://cdn.bootcss.com/semantic-ui/2.4.1/semantic.min.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="stylesheet">
</head>
<body>

<!--主容器-->
<div class="ui container">

 <div class="ui segment">

  <div style="text-align: center">
   <h1 class="header">登錄</h1>
  </div>

  <div class="ui placeholder segment">
   <div class="ui column very relaxed stackable grid">
    <div class="column">
     <div class="ui form">
      <form th:action="@{/login}" method="post">
       <div class="field">
        <label>Username</label>
        <div class="ui left icon input">
         <input type="text" placeholder="Username" name="username">
         <i class="user icon"></i>
        </div>
       </div>
       <div class="field">
        <label>Password</label>
        <div class="ui left icon input">
         <input type="password" name="password">
         <i class="lock icon"></i>
        </div>
       </div>
       <div class="field">
       	<input type="checkbox" name="remember"> 記住我
       </div>
       
       <input type="submit" class="ui blue submit button"/>
      </form>
     </div>
    </div>
   </div>
  </div>

  <div style="text-align: center">
   <div class="ui label">
    </i>註冊
   </div>
   <br><br>
   <small>[email protected]</small>
  </div>
  <div class="ui segment" style="text-align: center">
   <h3>Spring Security Study by BLU</h3>
  </div>
 </div>


</div>

<script th:src="@{/qinjiang/js/jquery-3.1.1.min.js}"></script>
<script th:src="@{/qinjiang/js/semantic.min.js}"></script>

</body>
</html>

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
 <title>首頁</title>
 <!--semantic-ui-->
 <link href="https://cdn.bootcss.com/semantic-ui/2.4.1/semantic.min.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="stylesheet">
 <link th:href="@{/qinjiang/css/qinstyle.css}" rel="external nofollow" rel="external nofollow" rel="stylesheet">
</head>
<body>

<!--主容器-->
<div class="ui container">

 <div th:replace="~{index::nav-menu}"></div>

 <div class="ui segment" style="text-align: center">
  <h3>Level-1-1</h3>
 </div>

</div>

<script th:src="@{/qinjiang/js/jquery-3.1.1.min.js}"></script>
<script th:src="@{/qinjiang/js/semantic.min.js}"></script>

</body>
</html>