Spring Boot Web MVC Security
https://github.com/jalbertomr/bootWebMVCSecLogin.git
Relación de Seguridad de Acceso
Usuario Role Páginas Accesibles Páginas NO Accesibles
bext USER Inicio
ADMIN listaEmpleados -----------
altaEmpleados
employee USER listaEmpleados altaEmpleados
Se crea el proyecto con sprint initializr, y se ajusta la versión de spring security
a una menor en el pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.bext</groupId>
<artifactId>bootWebMVCSecLogin</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>bootWebMVCSecLogin</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<!-- <version>1.5.2.RELEASE</version> -->
<!-- <version>2.1.7.RELEASE</version> Esta version la inserto el spring initiz aqui no compatible -->
<version>1.5.2.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
</dependency>
<!-- Servlet -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
La configuración de seguridad se hace por codificación java.
@Configuration
@EnableWebSecurity
public class EmployeeSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/inicio")
.hasAnyRole("USER","ADMIN").antMatchers("/listaEmpleados").hasAnyRole("USER","ADMIN")
.antMatchers("/altaEmpleado").hasAnyRole("ADMIN").anyRequest().authenticated()
.and().formLogin().permitAll().and().logout().permitAll();
http.csrf().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationMgr) throws Exception {
authenticationMgr.inMemoryAuthentication()
.withUser("empleado").password("empleado").authorities("ROLE_USER")
.and()
.withUser("bext").password("bext").authorities("ROLE_USER","ROLE_ADMIN");
}
}
Estructura del proyecto
Ejecutando el Proyecto
eot
No hay comentarios:
Publicar un comentario