@EnableWebSecurity
public class securityConfig extends WebSecurityConfigurerAdapter {
@Override //授权 protected void configure(HttpSecurity http) throws Exception { //首页所有人可访问,功能页只有对应有权限的人才能访问 //请求授权的规则 http.authorizeRequests().antMatchers("/").permitAll() //首页所有人可访问 .antMatchers("/level1/**").hasRole("vip1") //vip1可访问/level1/** .antMatchers("/level2/**").hasRole("vip2") .antMatchers("/level3/**").hasRole("vip3"); //没有权限默认会到登录页面 http.formLogin(); //防止防战攻击 http.csrf().disable(); //关闭csrf功能,登录失败可能失败的原因 //注销跳到首页 http.logout().logoutSuccessUrl("/index"); //默认发起这个请求 /logout //开启记住我 http.rememberMe(); //cookies } @Override //认证 protected void configure(AuthenticationManagerBuilder auth) throws Exception{ //这些数据正常应该是从数据库中读取 auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()) .withUser("ricky").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3") .and() .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2"); }
}