通过SpringSecurity的拦截http安全认证模式 设置为formlogin
新建config.class
SecurityConfig
package com.example.tryingsecurity.config;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.stereotype.Component;
@Component
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
/**
* 新增授权账户
*
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//当前账户授权可以访问到哪些接口,用户信息,后面接权限名称
//权限不足,会报403
//用户信息-------------》权限规则名
auth.inMemoryAuthentication().withUser("mayikt_admin").password("mayikt_admin").authorities("addMember", "delMember"
, "updateMember", "showMember");
auth.inMemoryAuthentication().withUser("mayikt_admin").password("mayikt_admin").authorities("addMember"
, "delMember", "updateMember", "showMember");
auth.inMemoryAuthentication().withUser("mayikt_add").password("mayikt_add").authorities("addMember");
auth.inMemoryAuthentication().withUser("mayikt_del").password("mayikt_del").authorities("delMember");
auth.inMemoryAuthentication().withUser("mayikt_update").password("mayikt_update").authorities("updateMember");
auth.inMemoryAuthentication().withUser("mayikt_show").password("mayikt_show").authorities("showMember");
}
/***
* 拦截规则
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
//拦截http安全认证模式 设置为formlogin
// /url请求地址-------------》规则名称
http.authorizeRequests().antMatchers("/addMember").hasAnyAuthority("addMember")
.antMatchers("/delMember").hasAnyAuthority("delMember")
.antMatchers("/updateMember").hasAnyAuthority("updateMember")
.antMatchers("/showMember").hasAnyAuthority("showMember").
//
antMatchers("/**").fullyAuthenticated()
.and().formLogin();
}
}
修改403权限不足等页面(前后端分离的话返回错误码即可)
配置类
package com.example.tryingsecurity.config;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.ErrorPage;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
/**
* 自定义SpringBoot 错误异常
*/
@Configuration
public class WebServerAutoConfiguration {
@Bean
public ConfigurableServletWebServerFactory webServerFactory() {
TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
ErrorPage errorPage400 = new ErrorPage(HttpStatus.BAD_REQUEST, "/error/400");
ErrorPage errorPage401 = new ErrorPage(HttpStatus.UNAUTHORIZED, "/error/401");
ErrorPage errorPage403 = new ErrorPage(HttpStatus.FORBIDDEN, "/error/403");
ErrorPage errorPage404 = new ErrorPage(HttpStatus.NOT_FOUND, "/error/404");
ErrorPage errorPage415 = new ErrorPage(HttpStatus.UNSUPPORTED_MEDIA_TYPE, "/error/415");
ErrorPage errorPage500 = new ErrorPage(HttpStatus.INTERNAL_SERVER_ERROR, "/error/500");
factory.addErrorPages(errorPage400, errorPage401, errorPage403, errorPage404, errorPage415, errorPage500);
return factory;
}
}
写一个统一返回controller
package com.example.tryingsecurity.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* 统一返回错误异常类
*/
@RestController
public class ErrorController {
@RequestMapping("/error/403")
public String error() {
return "您当前访问的接口权限不足!";
}
}
