本文介绍Basic Auth在spring中的应用

目录结构

依赖

<dependency>

	<groupId>org.springframework.boot</groupId>

	<artifactId>spring-boot-starter-security</artifactId>

</dependency>

入口DemoApplication

package com.springlearn.learn;

import org.springframework.boot.SpringApplication;

import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication

public class DemoApplication {

	public static void main(String[] args) {

		SpringApplication.run(DemoApplication.class, args);

	}

}

验证Authenication

// 主要是验证不成功返回401

package com.springlearn.learn.auth;

import java.io.IOException;

import java.io.PrintWriter;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.AuthenticationException;

import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;

import org.springframework.stereotype.Component;

@Component

public class Authenication extends BasicAuthenticationEntryPoint {

    @Override

    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx)throws IOException, ServletException {

        response.addHeader("WWW-Authenticate", "Basic realm=" + getRealmName());

        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

        PrintWriter writer = response.getWriter();

        writer.println("HTTP Status 401 - " + authEx.getMessage());

    }

    @Override

    public void afterPropertiesSet() throws Exception {\

        setRealmName("yejiawei");

        super.afterPropertiesSet();

    }

}

配置WebSecurityConfig

package com.springlearn.learn.config;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.core.userdetails.User;

import org.springframework.security.core.userdetails.UserDetails;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import org.springframework.security.web.AuthenticationEntryPoint;

import org.springframework.web.servlet.config.annotation.CorsRegistry;

import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;

@Configuration

@EnableWebSecurity

public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer{

    @Autowired

    private AuthenticationEntryPoint authEntryPoint;

    @Autowired

	DataSource dataSource;

    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http.cors().and().csrf().disable();

        // 所有的请求都要验证

        http.authorizeRequests().anyRequest().authenticated();

        // 使用authenticationEntryPoint验证 user/password

        http.httpBasic().authenticationEntryPoint(authEntryPoint);

    }

    @Bean

    public BCryptPasswordEncoder passwordEncoder() {

        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();

        return bCryptPasswordEncoder;

    }

    @Autowired

    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

        String password = "234";

        String encrytedPassword = this.passwordEncoder().encode(password);

        System.out.println("Encoded password = " + encrytedPassword);

		// 这里使用写死的验证,你可以在这里访问数据库

        InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> mngConfig = auth.inMemoryAuthentication();

        UserDetails u1 = User.withUsername("yejiawei").password(encrytedPassword).roles("ADMIN").build();

        UserDetails u2 = User.withUsername("donglei").password(encrytedPassword).roles("USER").build();

        mngConfig.withUser(u1);

        mngConfig.withUser(u2);

    }

    @Override

    public void addCorsMappings(CorsRegistry registry) {

        registry.addMapping("/**").allowedOrigins("*").allowedMethods("GET", "POST", "PUT", "DELETE").allowedOrigins("*")

        .allowedHeaders("*");

    }

}

控制器TestController

package com.springlearn.learn.controller;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;

import org.springframework.security.core.context.SecurityContextHolder;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RequestMethod;

import org.springframework.web.bind.annotation.ResponseBody;

import org.springframework.web.bind.annotation.RestController;

@RestController

public class TestController {

    @ResponseBody

    @RequestMapping(value = "/AuthTest", method = RequestMethod.GET)

    public String AuthTest(HttpServletRequest request, HttpServletResponse response) {

        Authentication auth = SecurityContextHolder.getContext().getAuthentication();

        System.out.println(auth.getName());

        return "OK";

    }

}

前端访问

<!DOCTYPE html>

<html lang="en">

<head>

    <meta charset="UTF-8">

    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <meta http-equiv="X-UA-Compatible" content="ie=edge">

    <title>Document</title>

    <script src="https://unpkg.com/axios/dist/axios.min.js"></script>

    <script>

        axios.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded';

        axios.get('http://localhost:8888/AuthTest', {

            auth: {

                username: 'yejiawei',

                password: '234'

            }

        }).then(function (response) {

            console.log(response.data);

        }).catch(function (error) {

            console.log(error);

        }).then(function () {

        });

    </script>

</head>

<body>

</body>

</html>

springboot成神之——Basic Auth应用的更多相关文章

  1. springboot成神之——basic auth和JWT验证结合

    本文介绍basic auth和JWT验证结合 目录结构 依赖 config配置文件WebSecurityConfig filter过滤器JWTLoginFilter filter过滤器JWTAuthe ...

  2. springboot成神之——ioc容器(依赖注入)

    springboot成神之--ioc容器(依赖注入) spring的ioc功能 文件目录结构 lang Chinese English GreetingService MyRepository MyC ...

  3. springboot成神之——application.properties所有可用属性

    application.properties所有可用属性 # =================================================================== # ...

  4. springboot成神之——springboot入门使用

    springboot创建webservice访问mysql(使用maven) 安装 起步 spring常用命令 spring常见注释 springboot入门级使用 配置你的pom.xml文件 配置文 ...

  5. springboot成神之——mybatis和mybatis-generator

    项目结构 依赖 generator配置文件 properties配置 生成文件 使用Example 本文讲解如何在spring-boot中使用mybatis和mybatis-generator自动生成 ...

  6. springboot成神之——swagger文档自动生成工具

    本文讲解如何在spring-boot中使用swagger文档自动生成工具 目录结构 说明 依赖 SwaggerConfig 开启api界面 JSR 303注释信息 Swagger核心注释 User T ...

  7. springboot成神之——log4j2的使用

    本文介绍如何在spring-boot中使用log4j2 说明 依赖 日志记录语句 log4j2配置文件 本文介绍如何在spring-boot中使用log4j2 说明 log4j2本身使用是非常简单的, ...

  8. springboot成神之——mybatis在spring-boot中使用的几种方式

    本文介绍mybatis在spring-boot中使用的几种方式 项目结构 依赖 WebConfig DemoApplication 方式一--@Select User DemoApplication ...

  9. springboot成神之——发送邮件

    本文介绍如何用spring发送邮件 目录结构 依赖 MailConfig TestController 测试 本文介绍如何用spring发送邮件 目录结构 依赖 <dependency> ...

随机推荐

  1. Selenium with Python 007 - Cookie处理

    Webdriver 读取.添加.删除cookie信息基本用法 获得Cookie信息:driver.get_cookies() 添加Cookie信息:driver.add_cookie(cookie_d ...

  2. 阿里云上如何利用war包安装jenkins

    一. 前提条件:已安装jdk和tomcat 如何安装,请参考<如何在阿里云上部署war包到tomcat服务器> 二. 下载war包 下载地址:http://mirrors.jenkins- ...

  3. memcache笔记

    服务端: 通过printf配合nc向memcached中写入数据[root@yz6245 ~]# printf "set key1 0 0 6\r\noldboy\r\n" |nc ...

  4. Superset 初探

    安装都是借鉴的别人的,已经剪裁下来.到自己文件夹里了. 下面介绍.如何启动superset ,BI 分析工具.这是我以前的强项.应该没问题. 问题: 安装好了之后,再打开localhost 就拒绝访问 ...

  5. poj1469

    题解: 二分图匹配 然后判断最大匹配是否是m 代码: #include<cstdio> #include<cmath> #include<algorithm> #i ...

  6. LeetCode OJ:Permutations II(排列II)

    Given a collection of numbers that might contain duplicates, return all possible unique permutations ...

  7. Leetcode 912. Sort an Array

    class Solution: def sortArray(self, nums: List[int]) -> List[int]: return sorted(nums)

  8. ng $scope与$rootScope的关系

    $scope与$rootScope的关系:①不同的控制器之间 是无法直接共享数据②$scope是$rootScope的子作用域对象$scope的id是随着控制器的加载顺序依次递增,$rootScope ...

  9. HTTP浅析

    引言 HTTP是一个属于应用层的面向对象的协议,由于其简捷.快速的方式,适用于分布式超媒体信息系统.它于1990年提出,经过几年的使用与发展,得到不断地完善和扩展.目前在WWW中使用的是HTTP/1. ...

  10. freemarker 常见问题

    <#setting date_format="yyyy-MM-dd"> ..设置时间格式然后获取从后台获取值${s.createTime?date}这样就能正常显示了 ...