Spring Security与Spring Boot集成

依赖 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> 如果有用到Thymeleaf模板，导入相关依赖 <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity4</artifactId> <version>3.0.2.RELEASE</version> </dependency> 安全配置类 /** * 安全配置类，Spring Security必须配置 */ @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/css/**", "/js/**", "/fonts/**", "/index").permitAll() // 都可以访问 .antMatchers("/users/**").hasRole("ADMIN") // 需要相应角色才能访问，如ADMIN .and() .formLogin() // 基于form表单登录验证 .loginPage("/login").failureUrl("/login-error"); // 自定义登录界面 } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() // 认证信息存储与内存中 .withUser("vincent") .password("123456") .roles("ADMIN"); } }