Web Application Security Manager
Web application security management, including two aspects, one is the user identity authentication, that user logged in design, and second, user authorization, that a user rights management operations which can be executed in an application system. Rights Management is designed to manage the role of general use, that is, which gives a role to a user, the user has what rights.
Spring framework, the classic Security Architecture is Security. On safety management systems and a variety of designs, Spring Security have been largely achieved, requires only some configuration and references can be used normally. Security SpringBoot use more simple, because simple configuration using SpringBoot itself plus Security feature-rich comprehensive, can quickly help us build the perfect landing certification services.
About Security, SpringBoot itself has a spring-boot-starter-security dependent components, Spring Cloud micro-service family bucket also has a spring-cloud-starter-security dependent components, and spring-cloud-starter-security also includes the spring-boot- starter-security, the following study, will first make the spring-boot-starter-security, then spring-cloud-starter-security learning safety management functions, from landing SpringBoot registered monomer and rights management, to micro-Spring Cloud services in construction of authentication and authorization services, will be 11 come into contact with.
About version of the problem, I SpringBoot1.3.x from version 2.1.x of use to use, Security configuration is also experienced no small change, the most accurate configuration recommendations Quguan network documentation to learn.
The following study, will use the 2.1.5 version, the official document address is: https://docs.spring.io/spring-boot/docs/2.1.5.RELEASE/reference/htmlsingle/ . Security source code is very complicated, so we later discuss deeper things, now getting started with examples.
Getting example
First look at an example of the entry, springboot project structure we are familiar with, so we'd rely on:
Dependency is very simple, and in addition to a web assembly view thymeleaf assembly is a security. Then look at the startup class:
We can see the start classes without any special configuration. As for the configuration file, we simply look at the configuration of the port, without any other configuration:
Such a simple example of the entry is complete, and now to start the project, start the log is very short, you can see there is a special line of the log:
This is after we added components depend on security, the introduction of the default configuration of security, then there is a simple login function, print out the information line is the default password, the password is now no state any code and configuration under randomly generated each time you start, security will not only generate a default password, dependent components as well as a default login link / login, there is a default user name of the user, but also in springboot2.1.x version, this / login has a very good default login page, perform the following tests:
Enter the user name user, password log print out random password, the login is successful, it will jump to the default address, the address is the default login address successfully remove / login,
Now does not define any link to match this address, we define a simple page, below the resource, create a new folder templates, create a home page home.html in the templates below, as follows:
Then define a controller to jump to this page:
After the successful landing so that we can automatically jump to this page:
In this way, a simple login process is complete, we almost did not do any configuration, but it introduces a dependency. Here we give security to configure a default user name and password, so do not use random password each time it starts, placed directly springboot default configuration file:
You can use this and other landing admin / admin landed.
Code Address: https://gitee.com/blueses/spring-boot-security 01