In this section, we will divide the previous Seurityconfiguration class into the following two:
1) Apisecurityconfiguration: This is the first to be laid out. This ensures restful use of basic authentication.
2) Websecurityconfiguration: This is the layout reset login page.
1. Apisecurityconfiguration
We delete the previous seurityconfiguration, and then add the Apisecurityconfiguration class under the same package, adding the following code:
Package Masterspringmvc6.config;import Org.springframework.beans.factory.annotation.autowired;import Org.springframework.context.annotation.configuration;import Org.springframework.core.annotation.order;import Org.springframework.http.httpmethod;import Org.springframework.security.config.annotation.authentication.builders.authenticationmanagerbuilder;import Org.springframework.security.config.annotation.method.configuration.enableglobalmethodsecurity;import Org.springframework.security.config.annotation.web.builders.httpsecurity;import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter;/** * Basic permission settings, About user Permissions * Created by Owenwilliam on 2016/5/21. */@Configuration @order (1)//First Execute public class Apisecurityconfiguration extends websecurityconfigureradapter{/** * this is the database extraction match. * Here we specify a fixed user name and password * @param auth * @throws Exception */@Autowired public void Configureauth (Authenticat Ionmanagerbuilder auth) throws Exception {auth.inmemoryauthentication (). Withuser ("user"). Password ("user"). Roles ("User"). and (). Withuser ("A DMin "). Password (" admin "). Roles (" USER "," admin "); }/** * Specifies what kind of roles can be manipulated * e.g., user can only view, admin has crud * @param http * @throws Exception */@Overrid e protected void Configure (Httpsecurity http) throws Exception {http. Antmatcher ("/api/**") . Httpbasic (). and (). CSRF (). Disable (). Authorizerequests (). ANTMATC Hers (Httpmethod.get). Hasrole ("USER"). Antmatchers (Httpmethod.post). Hasrole ("ADMIN"). ANTMATC Hers (httpmethod.put). Hasrole ("admin"). Antmatchers (Httpmethod.delete). Hasrole ("admin"). Anyr Equest (). authenticated (); }}
2. Websecurityconfiguration
Under the same package, add the following code:
package Masterspringmvc6.config;import Org.springframework.context.annotation.configuration;import Org.springframework.security.config.annotation.web.builders.httpsecurity;import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter;/** * Login permissions, Address like URI * Created by Owenwilliam on 2016/5/21. */@Configurationpublic class Websecurityconfiguration extends websecurityconfigureradapter{@Override protected void Configure (Httpsecurity http) throws Exception {http. Formlogin (). LoginPage ("/login") . Defaultsuccessurl ("/profile"). and (). Logout (). Logoutsuccessurl ("/login") . and (). Authorizerequests (). Antmatchers ("/webjars/**", "/login", "/signin/**", "/sig Nup "). Permitall (). Anyrequest (). authenticated (); }}
The above code is already the size of the login page to reset to the Login View page. So we also need to add a view page. When we join the view page, we need to define a controller to let the controller invoke the view.
Add the Logincontroller class under Authentication's package.
Package Masterspringmvc6.authentication;import Org.springframework.stereotype.controller;import org.springframework.web.bind.annotation.requestmapping;/** * User Normal login * Created by Owenwilliam on 2016/5/21. */@Controllerpublic class Logincontroller { @RequestMapping ("/login") public String authenticate () { return "login"; }}
3. View interface
OK, let's add a login.html now.
<! DOCTYPE html>4. SummaryThis chapter of the study, we mainly optimize the content of the previous section, we define a login page, this page is more suitable for our system. At the same time, we divide the seurityconfiguration into two, can say Apiseurityconfiguration is the API, and Webseurityconfiguration is we visit the site when the page jumps. Finally, our login page is as follows.
Source Download: [Email Protected]:owenwilliam/masterspringmvc6.git
Safety of SPRINGMVC (ii) Login interface