Official introduction to Spring Security https://spring.io/projects/spring-security#learn
The goal of Spring Security is to solve "Who are you?" "What can you do?" Two questions.
Implementation steps
1. Create directory structure
|____spring-security-learn-1 | |____build.gradle | |____src | | |____main | | | |____java | | | |____resources
2. Create the file build.gradle
The spring-boot-starter-security dependency is introduced with emphasis. The complete gradle configuration is as follows:
plugins { id 'java' id "io.spring.dependency-management" version "1.0.8.RELEASE" } group 'net.txt100.learn' version '1.0' sourceCompatibility = 1.8 apply plugin: 'application' mainClassName = 'net.txt100.learn.springsecurity.base.case1.Case1Application' repositories { maven { url "http://maven.aliyun.com/nexus/content/groups/public" } mavenCentral() } dependencyManagement { imports { mavenBom 'org.springframework.boot:spring-boot-dependencies:2.1.6.RELEASE' } } dependencies { testCompile group: 'junit', name: 'junit', version: '4.12' // spring boot compile group: 'org.springframework.boot', name: 'spring-boot-starter-web' compile group: 'org.springframework.boot', name: 'spring-boot-starter-security' }
3. Create a resource service UserController.java
package net.txt100.learn.springsecurity.base.case1.controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; /** * Title: UserController * Package: net.txt100.learn.springsecurity.base.case1.controller * Creation date: 2019-08-08 * Description: * * @author <a href="me@tonglei.win">Tonglei</a> * @since 1.0 */ @RestController @RequestMapping("/user") public class UserController { @RequestMapping("/all") public String getAllUsers() { return "This is a protected resource. /user/all"; } }
4. Create spring-boot startup class Case1Application.java
package net.txt100.learn.springsecurity.base.case1; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; /** * @author <a href="mailto:me@tonglei.win">Tonglei</a> * @since 1.0 */ @SpringBootApplication public class Case1Application { public static void main(String[] args) { SpringApplication.run(Case1Application.class, args); } }
5. Compilation and execution
Open the command line, enter the project root directory, and execute the compilation command
gradle compileJava
Execute Running Commands
gradle run
Visit http://localhost:8080/user/all
At this point, the browser appears as follows
Fill in user name
Passwords are automatically generated each time they are started and can be found in the log.
...
2019-08-08 15:13:10.028 INFO 824 --- [ main] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: 8c20d4a7-7507-41ce-a271-a75fbe0c7dee
After the authentication has passed, you can see the User Controller returning content
summary
The simplest spring-security project only needs to add spring-boot-starter-security to the project dependency.
By default, all resource addresses of the project need to be authenticated before they can be accessed. The default account user, password can be found in the log.
If you want to cancel the default security settings, you need to add the following in the configuration file:
security.basic.enabled = false # Default disable spring-security security security configuration