pom.xml加下springsecurity依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
SecurityConfig配置文件:
package com.java1234.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
/**
* spring security配置
* @author java1234_小锋 (公众号:java1234)
* @site www.java1234.vip
* @company 南通小锋网络科技有限公司
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final String URL_WHITELIST[] ={
"/login",
"/logout",
"/captcha",
"/password",
"/image/**",
"/test/**"
} ;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// 开启跨域 以及csrf攻击 关闭
http
.cors()
.and()
.csrf()
.disable()
// 登录登出配置
.formLogin()
// .successHandler()
// .failureHandler()
// .and()
// .logout()
// .logoutSuccessHandler()
// session禁用配置
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 无状态
// 拦截规则配置
.and()
.authorizeRequests()
.antMatchers(URL_WHITELIST).permitAll() // 白名单 放行
.anyRequest().authenticated();
// 异常处理配置
// 自定义过滤器配置
}
}