1 <!-- 加入security依赖 --> 2 <dependency> 3 <groupId>org.springframework.boot</groupId> 4 <artifactId>spring-boot-starter-security</artifactId> 5 </dependency>
1 package com.example.demo.api.rest.api.config; 2 3 import org.springframework.context.annotation.Bean; 4 import org.springframework.context.annotation.Configuration; 5 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 6 import org.springframework.security.core.userdetails.User; 7 import org.springframework.security.core.userdetails.UserDetailsService; 8 import org.springframework.security.crypto.factory.PasswordEncoderFactories; 9 import org.springframework.security.provisioning.InMemoryUserDetailsManager; 10 import org.springframework.security.web.SecurityFilterChain; 11 12 @Configuration 13 @SuppressWarnings("all") 14 public class WebSecurityConfig { 15 16 private final static String ACCOUNT_CLIENT_AUTHORITY = "admin"; 17 18 //配置BASIC Auth账号密码 19 @Bean 20 UserDetailsService userDetailsService() { 21 InMemoryUserDetailsManager users = new InMemoryUserDetailsManager(); 22 users.createUser(User.withUsername("aaa") 23 .password(PasswordEncoderFactories.createDelegatingPasswordEncoder().encode("bbb")) 24 .authorities(ACCOUNT_CLIENT_AUTHORITY).build()); 25 return users; 26 } 27 28 /** 29 * 配置不同接口访问权限 30 * 31 * @param http 32 * @return 33 * @throws Exception 34 * @ 备注:.authorizeRequests().antMatchers("/api/BasicAuth_no").permitAll() 允许访问/api/BasicAuth_no 35 */ 36 @Bean 37 SecurityFilterChain filterChain(HttpSecurity http) throws Exception { 38 return http 39 .authorizeRequests().antMatchers("/api/BasicAuth-no").permitAll() 40 .antMatchers("/**").hasAuthority(ACCOUNT_CLIENT_AUTHORITY).anyRequest().authenticated() 41 .and() 42 .httpBasic() 43 .and() 44 .csrf() 45 .disable() 46 .build(); 47 } 48 }
然后写两个接口
1 package com.example.demo.api.rest.api.controller; 2 3 import org.springframework.web.bind.annotation.RequestBody; 4 import org.springframework.web.bind.annotation.RequestMapping; 5 import org.springframework.web.bind.annotation.RestController; 6 7 @RestController 8 @SuppressWarnings("all") 9 @RequestMapping("api") 10 public class ApiController { 11 12 /** 13 * http://localhost:8080/api/testBasicAuth-no 14 * @param body 15 * @return 16 */ 17 @RequestMapping("BasicAuth-no") 18 public String BasicAuth_no(@RequestBody String body){ 19 System.out.println(body); 20 return "不需要访问权限"; 21 } 22 23 @RequestMapping("BasicAuth-yes") 24 public String BasicAuth_yes(@RequestBody String body){ 25 System.out.println(body); 26 return "需要访问权限"; 27 } 28 }
测试1,访问:BasicAuth-no(不需要访问权限)
测试2,访问:BasicAuth-yes(需要访问权限)
一、没有使用账号密码,提示401
二、使用账号密码,访问通过
原文地址:http://www.cnblogs.com/lwl80/p/16926356.html
1. 本站所有资源来源于用户上传和网络,如有侵权请邮件联系站长!
2. 分享目的仅供大家学习和交流,请务用于商业用途!
3. 如果你也有好源码或者教程,可以到用户中心发布,分享有积分奖励和额外收入!
4. 本站提供的源码、模板、插件等等其他资源,都不包含技术服务请大家谅解!
5. 如有链接无法下载、失效或广告,请联系管理员处理!
6. 本站资源售价只是赞助,收取费用仅维持本站的日常运营所需!
7. 如遇到加密压缩包,默认解压密码为"gltf",如遇到无法解压的请联系管理员!
8. 因为资源和程序源码均为可复制品,所以不支持任何理由的退款兑现,请斟酌后支付下载
声明:如果标题没有注明"已测试"或者"测试可用"等字样的资源源码均未经过站长测试.特别注意没有标注的源码不保证任何可用性