案例

引入依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.zzhua</groupId>
<artifactId>demo-security-anno</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>5.0.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>5.0.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>5.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.47</version>
</dependency>
</dependencies>
<build>
<finalName>demo-spring-security</finalName>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<port>8080</port>
<uriEncoding>UTF-8</uriEncoding>
<path>/</path>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
webapp文件下
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<context-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>com.zzhua.config.AppConfig</param-value>
</context-param>
<servlet>
<servlet-name>springMvc</servlet-name>
<servlet-class>com.zzhua.config.CustomizeDispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>com.zzhua.config.MyWebConfig</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springMvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
index.jsp
<%--
Created by IntelliJ IDEA.
User: zzhua195
Date: 2022/3/27
Time: 16:24
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
欢迎来到index.jsp
</body>
</html>
配置
AppConfig
@Configuration
@ComponentScan("com.zzhua")
public class AppConfig {
}
CustomizeDispatcherServlet
public class CustomizeDispatcherServlet extends DispatcherServlet {
public Class<?> getContextClass() {
return AnnotationConfigWebApplicationContext.class;
}
}
MyWebConfig
@Configuration
@EnableWebMvc
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan(basePackages = "com.zzhua.controller",
excludeFilters = {@ComponentScan.Filter(type = FilterType.ANNOTATION,
classes = Service.class)})
public class MyWebConfig implements WebMvcConfigurer {
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setPrefix("/WEB-INF/view/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
}
MySecurityConfig
@Configuration
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated();
http.formLogin().successHandler((request, response, authentication) -> {
response.setContentType("application/json;charset=utf8");
response.getWriter().write("登录成功");
});
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("zhangsan")
.password(passwordEncoder().encode("123"))
.authorities("r1","ROLE_admin")
.and()
.withUser("lisi")
.password(passwordEncoder().encode("456"))
.authorities("r2","ROLE_guest")
;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public PermissionEvaluator permissionEvaluator() {
return new PermissionEvaluator(){
@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
System.out.println(authentication);
System.out.println(targetDomainObject);
System.out.println(permission);
return false;
}
@Override
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
System.out.println(authentication);
System.out.println(targetId);
System.out.println(targetType);
System.out.println(permission);
return false;
}
};
}
}
PermChecker
@Component
public class PermChecker {
public boolean checkPerm(Authentication authentication, HttpServletRequest request){
System.out.println(authentication);
System.out.println(request);
return false;
}
}
controller
IndexController
@Controller
public class IndexController {
@RequestMapping("index")
public String index() {
return "index";
}
}
RController
@RestController
@RequestMapping
public class RController {
@RequestMapping()
@PreAuthorize("denyAll()")
public String denyAll() {
return "denyAll";
}
@RequestMapping("permitAll")
@PreAuthorize("permitAll()")
public String permitAll() {
return "permitAll";
}
@GetMapping("r1")
@PreAuthorize("hasAuthority('r1')")
public String r1() {
return " r1";
}
@GetMapping("r2")
@PreAuthorize("hasAuthority('r2')")
public String r2() {
return " r2";
}
@RequestMapping("admin")
@PreAuthorize("hasRole('admin')")
public String admin() {
return "admin";
}
@RequestMapping("guest")
@PreAuthorize("hasRole('guest')")
public String guest() {
return "guest";
}
@RequestMapping("isAnonymous")
@PreAuthorize("isAnonymous()")
public String isAnonymous() {
return "isAnonymous";
}
@RequestMapping("isRememberMe")
@PreAuthorize("isRememberMe()")
public String isRememberMe() {
return "isRememberMe";
}
@RequestMapping("isAuthenticated")
@PreAuthorize("isAuthenticated()")
public String isAuthenticated() {
return "isAuthenticated";
}
@RequestMapping("combineLogic")
@PreAuthorize("isRememberMe() or isAuthenticated()")
public String combineLogic() {
return "combineLogic";
}
@RequestMapping("isFullyAuthenticated")
@PreAuthorize("isFullyAuthenticated()")
public String isFullyAuthenticated() {
return "isFullyAuthenticated";
}
@RequestMapping("useMethodArg")
@PreAuthorize("#uname == principal.username")
public String useMethodArg(@P("uname") String username) {
return "userMethodArg";
}
@RequestMapping("hasPermission1")
@PreAuthorize("hasPermission(#contact,'admin')")
public String hasPermission1(Contact contact) {
return "hasPermission1";
}
@RequestMapping("hasPermission1-1")
@PreAuthorize("hasPermission(#contact,#age)")
public String hasPermission11(Contact contact,Integer age) {
return "hasPermission1-1";
}
@RequestMapping("hasPermission2")
@PreAuthorize("hasPermission(25,'com.zzhua.entity.Contact','read')")
public String hasPermission2(Contact contact) {
return "hasPermission2";
}
@RequestMapping("postAuthorize")
@PostAuthorize("returnObject == 'postAuthorize'")
public String postAuthorize(Integer flag) {
return flag != null ? "postAuthorize" : "";
}
@RequestMapping("postAuthorize2")
@PostAuthorize("hasPermission(returnObject,#flag)")
public String postAuthorize2(Integer flag) {
return flag != null ? "postAuthorize" : "";
}
}
Contact
@Data
public class Contact {
String name;
}