1、引入 spring security 模組
org.springframework.boot<
/groupid>
spring-boot-starter-security<
/artifactid>
<
/dependency>
role
="form"
class
="form_div"
action
="/login"
method
="post"
onsubmit
="return getdom();"
>
class
="form-group"
>
for=
"user"
class
="col-lg-3 control-label"
>
賬號label
>
class
="col-lg-8"
>
type
="text"
class
="form-control"
th:name
="user"
id="user"
placeholder
="請輸入賬號"
>
div>
div>
class
="form-group"
>
for=
"password"
class
="col-lg-3 control-label"
>
密碼label
>
class
="col-lg-8"
>
type
="text"
class
="form-control"
id="password"
th:name
="password"
placeholder
="請輸入密碼"
>
div>
div>
"mes_div"
class
="form-group"
>
"div_prompt"
style
="display
: none;
">
class
="alert alert-danger alert-dismissible"
style
="width
: 300px;
height
: 50px;
margin-left
: 90px;
">
type
="button"
class
="close"
data-dismiss
="alert"
>
×button
>
th:text
="$"
>
strong
>
div>
div>
div>
"div_button"
>
type
="submit"
class
="btn btn-default"
name
="ok"
id="ok"
>
登入button
>
type
="button"
class
="btn btn-default"
th:href
="@"
>
註冊a>
div>
form
>
import org.springframework.stereotype.controller;
@controller
public
class
jumpcontroller
("/"
)public string gologin()
("/login"
)public string tologin()
}
登出前端傳送的請求:/logout
}5.授權
.antmatchers("/shouquan/**").hasrole(「vip1」):
shouquan路徑下的檔案需要有vip1的許可權才能訪問
;此處的roles就是給該使用者設定了pefung的許可權,如許可權設定成vip1,則用這個使用者可訪問上面的shouquan中的頁面
protected
void
configure
(authenticationmanagerbuilder auth)
throws exception
}
SpringSecurity自定義登入認證
spring security預設的登入表單只有username和password,但實際業務中我們可能需要使用其他的字段校驗,因此需要重寫認證部分。springsecurityfilterchain org.springframework.web.filter.delegatingfilterpr...
springsecurity Run As認證服務
zhangxin.security.service.roleservice.loadmenu role user,run as temp zhangxin.security.runasdemo.runasdate.showdate role admin,role run as temp object...
Token Cookie Session的認識了解
token token的意思是 令牌 是使用者身份的驗證方式,最簡單的token組成 uid 使用者唯一的身份標識 time 當前時間的時間戳 sign 簽名,由token的前幾位 雜湊演算法壓縮成一定長的十六進製制字串,可以防止惡意第三方拼接token請求伺服器 還可以把不變的引數也放進token...