SpringBoot Integrated Security+Thymeleaf case

Keywords: Thymeleaf Java SpringBoot Session

I. Introduction of relevant jar s

1) change the Thymeleaf version to 3, the Layout version to 2, and the integrated version of Security+Thymeleaf

<properties>
    <java.version>1.8</java.version>
    <!--thymeleaf Switch to version 3, layout Switch to 2-->
    <thymeleaf.version>3.0.9.RELEASE</thymeleaf.version>
    <thymeleaf-layout-dialect.version>2.3.0</thymeleaf-layout-dialect.version>
    <thymeleaf-extras-springsecurity4.version>3.0.2.RELEASE</thymeleaf-extras-springsecurity4.version>
</properties>

2) integration package of Security+Thymeleaf

<!-- https://mvnrepository.com/artifact/org.thymeleaf.extras/thymeleaf-extras-springsecurity4 -->
<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity4</artifactId>
    <version>3.0.2.RELEASE</version>
</dependency>

II. Custom Security configuration

/**SpringBoot Integrate Security custom configuration
 * @author hq.zheng
 * @create 2019-03-23-11:12 p.m.
 */
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
       // super.configure(http);
        //Authorization rules for custom requests
        http.authorizeRequests().antMatchers("/").permitAll()//Everyone has access to the root directory
                .antMatchers("/level1/**").hasRole("VIP1")//Access to requests under "/ level1" requires "VIP1" permission
                .antMatchers("/level2/**").hasRole("VIP2")//Access to requests under "/ level2" requires "VIP2" permission
                .antMatchers("/level3/**").hasRole("VIP3");//Access to requests under "/ level3" requires "VIP3" permission
        //Turn on the automatically configured login function. If you do not have permission, you will come to the login page
        http.formLogin().loginPage("/userlogin").loginProcessingUrl("/login").usernameParameter("user").passwordParameter("pwd");

        //Turn on the automatically configured logout function. Accessing / logout means that the user logs off, clears the session, and returns to the login page by default after logout
        http.logout().logoutSuccessUrl("/");

        //Turn on remember me
        http.rememberMe().rememberMeParameter("remember");



    }

    /**
     * Define authentication rules
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //super.configure(auth);
        auth.inMemoryAuthentication().withUser("zhangsan").password("123456").roles("VIP1","VIP2","VIP3")
        .and().withUser("lisi").password("123456").roles("VIP1");
    }
}

3. Customize Thymeleaf page

1) introduction of safety labels

<html xmlns:th="http://www.thymeleaf.org"
       xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">

2) judge whether it has been certified

<! -- if not certified -- >
< div sec: authorize = "! Isauthenticated()" > show uncertified content < / div >
<! -- if certified -- >
< div sec: authorize = "isauthenticated()" > display authentication content < / div >

3) get user name and role

<!--Get user name-->
<span sec:authentication="name"></span>
<!--Getting roles-->
<span sec:authentication="principal.authorities"></span>

4) judge whether you have a role

<div sec:authorize="hasRole('VIP1')"></div>

 

 

Posted by Ace_Online on Sat, 30 Nov 2019 07:52:04 -0800

Hot Keywords

©2024 Programmer Group