thymeleaf 安全方言示例 落日映苍穹つ 2022-11-27 03:08 121阅读 0赞 -------------------- ### thymeleaf 安全方言示例 ### ### \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* ### **示例** **\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*** **config 层** **WebConfig** @Configuration public class WebSecurity extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin().and().authorizeRequests() .antMatchers("/hello").hasRole("user") .antMatchers("/hello2").hasRole("admin") .antMatchers("/**").authenticated(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().passwordEncoder(initPasswordEncoder()). withUser("gtlx").password(initPasswordEncoder().encode("123456")).roles("user") .and() .withUser("hzw").password(initPasswordEncoder().encode("123456")).roles("user","admin"); } private PasswordEncoder initPasswordEncoder(){ return new BCryptPasswordEncoder(); } } **\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*** **controller 层** **HelloController** @Controller public class HelloController { @RequestMapping("/hello") public String hello(){ return "index"; } @RequestMapping("/hello2") public String hello2(){ return "index"; } } **\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*** **前端页面** **index.html** <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/extras/spring-security"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <style> div { font-weight: bolder; } a { color: aquamarine; } </style> <body> <div th:align="center" style="color: coral"> <div sec:authorize="isAuthenticated()"> <span th:text="'当前认证用户为:'+${#authentication.name}"></span><br> <span th:text="${#authentication.name}+'用户权限为:'+${#authentication.authorities}"></span> </div> <div th:if="${#authorization.expression('isAuthenticated()')}"> <span th:text="'当前认证用户:'"></span> <span sec:authentication="name"></span><br> <span th:text="${#authentication.name}+'用户权限'"></span> <span sec:authentication="principal.authorities"></span> </div><br> <div sec:authorize="hasRole('admin')"> <span th:text="${#authentication.name}+'具有权限:admin'"></span> <span th:text="${#authentication.name}+'的权限为:'+${#authentication.authorities}"></span> </div> <div th:if="${#authorization.expression('hasRole(''admin'')')}"> <span th:text="${#authentication.name}+'具有权限:admin'"></span> <span th:text="${#authentication.name}+'的权限为:'+${#authentication.authorities}"></span> </div><br> <div sec:authorize="hasRole('user') and isAuthenticated()"> <span th:text="${#authentication.name}+'认证过,且具有权限:user'"></span> </div> <div th:if="${#authorization.expression('hasRole(''user'') and isAuthenticated()')}"> <span th:text="${#authentication.name}+'认证过,且具有权限:user'"></span> </div><br> <div th:if="${#authorization.url('/hello2')}"> <a href="hello2">hello2</a> </div> <div sec:authorize-url="/hello2"> <a href="/hello2">hello2</a> </div> </div> </body> </html> ### \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* ### **使用测试** **localhost:8080/hello** **认证用户:gtlx** ![20200813164758435.png][] **认证用户:hzw** ![20200813165206750.png][] **hzw 具有权限admin、且能访问 /hello2,因而可显示相应内容** [20200813164758435.png]: /images/20221124/9cb5122604244c80b57545bb0b741231.png [20200813165206750.png]: /images/20221124/f0bc428df0694fc6bb75f292c7337f57.png
还没有评论,来说两句吧...