@EnableWebSecurity
public class securityConfig extends WebSecurityConfigurerAdapter {

@Override
//授权
protected void configure(HttpSecurity http) throws Exception {
    //首页所有人可访问,功能页只有对应有权限的人才能访问
    //请求授权的规则
    http.authorizeRequests().antMatchers("/").permitAll()                   //首页所有人可访问
                            .antMatchers("/level1/**").hasRole("vip1")      //vip1可访问/level1/**
                            .antMatchers("/level2/**").hasRole("vip2")
                            .antMatchers("/level3/**").hasRole("vip3");
    //没有权限默认会到登录页面
    http.formLogin();
    //防止防战攻击
    http.csrf().disable();         //关闭csrf功能,登录失败可能失败的原因
    //注销跳到首页
    http.logout().logoutSuccessUrl("/index");        //默认发起这个请求  /logout

    //开启记住我
    http.rememberMe();            //cookies

}
@Override
//认证
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
    //这些数据正常应该是从数据库中读取
    auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
            .withUser("ricky").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3")
            .and()
            .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2");
}

}