准备系统的研究下Spring Security:https://www.youtube.com/watch?v=her_7pa0vrg

项目Context-Path下/login是认证 ,/logout是退出认证

@PathVariable

当输入认证的时候,浏览器就会追加一个Cookie、并且在Header中追加Authorization,但决定能够通过认证的是Cookie,认证前后Cookie会发生变化!

基于角色认证

@Configuration
@EnableWebSecurity
public class SecruityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    PasswordEncoder passwordEncoder;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/","index","/css/*","/js/*").permitAll()//放行的资源
                .antMatchers("/api/**").hasRole(ApplicationUserRole.STUDENT.name())//让Studnet账号访问/api/**
                .anyRequest()
                .authenticated()
                .and()
                .httpBasic();
        //super.configure(http);
    }

    @Override
    @Bean
    protected UserDetailsService userDetailsService() {
        /**
         * 构建一个用户账号admin,admin 作为ADMIN权限
         */
        UserDetails userDetails1 = User.builder()
                .username("admin")
                .password(passwordEncoder.encode("admin"))
                .roles(ApplicationUserRole.ADMIN.name())   //标记为Student权限
                .build();
        /**
         * 构建一个用户账号student,student 作为STUDENT权限
         */
        UserDetails userDetails2 = User.builder()
                .username("student")
                .password(passwordEncoder.encode("student"))
                .roles(ApplicationUserRole.STUDENT.name())   //标记为Student权限
                .build();

        return new InMemoryUserDetailsManager(
                userDetails1,userDetails2);
        //return super.userDetailsService();
    }
}

基于权限认证