# security

**Repository Path**: inps/security

## Basic Information

- **Project Name**: security
- **Description**: 测试spring-security的用户登录过程。
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2022-05-19
- **Last Updated**: 2022-05-31

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

###访问地址

http://localhost:8060/
http://localhost:8060/admin/getHello
http://localhost:8060/manager/getHello


1. 采用注解
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
    
    @PreAuthorize("hasRole('admin')")
    @GetMapping("/admin/getHello")
    public String getAdminHello(){
        return "hello admin!";
    }
    
2. 采用config

```
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                // 任何角色允许访问
                .antMatchers("/", "/index").permitAll()
                // 仅admin角色可以访问
                .antMatchers("/admin/**").hasRole("admin")
                // admin和manager两个角色可以访问
                .antMatchers("/manager/**").hasAnyRole("admin", "manager");

        // 没有权限则进入内置的登录页面
        http.formLogin();
        // 自定义登出逻辑
        http.logout().logoutUrl("/logout").logoutSuccessUrl("/index");
        http.csrf().disable();
        http.rememberMe();
    }
```