目录

Spring-boot3-Web安全框架-Spring-Security

JAY.LIN 收录于未分类

2025-03-16 约 354 字预计阅读 1 分钟

https://bing.ee123.net/img/rand?artid=146295556

目录

Spring boot3-Web安全框架 Spring Security

传统spring web场景

1、pom.xml文件，引入Security

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

2、创建AppSecurityConfig配置类

注意了，web是两种模式，一种是Spring WebFlux响应式，一种是Spring Web传统模式

package com.atguigu.boot3_09_spring_security.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;

@Configuration
@EnableWebFluxSecurity
public class AppSecurityConfig {

    // Spring WebFlux
    @Bean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http.authorizeExchange(exchanges ->
                exchanges.pathMatchers("/").permitAll() // pathMatchers() 设置路劲，permitAll() 不需要验证
                        .anyExchange().authenticated() //anyExchange() 所有的路劲，authenticated() 需要验证
            );
        //http.formLogin(); //验证登录页面 自Security版本 6.1 起已弃用并标记为移除
        return http.build();
    }


    // Spring Web
//    @Bean
//    DefaultSecurityFilterChain securityWebFilterChain(HttpSecurity http) throws Exception {
//        http.authorizeHttpRequests(registry ->
//                registry.requestMatchers("/").permitAll() // requestMatchers() 设置路劲，permitAll() 不需要验证
//                        .anyRequest().authenticated() //anyRequest() 所有的路劲，authenticated() 需要验证
//        );
//        http.formLogin(form -> form.loginPage("/login")); //验证登录页面 自Security版本 6.1 起已弃用并标记为移除
//        return http.build();
//    }
}