{"id":40276,"date":"2023-04-02T19:48:06","date_gmt":"2022-11-05T09:56:59","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/"},"modified":"2024-04-29T21:39:04","modified_gmt":"2024-04-29T13:39:04","slug":"%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/","title":{"rendered":"\u4f7f\u7528Spring Security\u5b9e\u73b0\u4e0eSpring MVC\u548cSpring Boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55"},"content":{"rendered":"
Spring Security \u81ea5.4\u7248\u672c\u4ee5\u540e\uff0c\u5728\u914d\u7f6e\u65b9\u9762\u6709\u4e86\u91cd\u5927\u53d8\u5316\u3002\u66f4\u591a\u8be6\u60c5\u8bf7\u53c2\u9605@suke_masa\u5148\u751f\u5728Spring Security 5.7\u4e2d\u7684\u5927\u5e45\u5b89\u5168\u914d\u7f6e\u53d8\u66f4 – Qiita\u3002<\/div>\n

\u57fa\u672c\u7ed3\u6784\u548c\u673a\u5236\u7684\u8ba8\u8bba
\n\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u7684\u8ba8\u8bba
\n\u8bb0\u4f4f\u6211\u529f\u80fd\u7684\u8ba8\u8bba
\n\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u7684\u8ba8\u8bba
\n\u4f1a\u8bdd\u7ba1\u7406\u7684\u8ba8\u8bba
\n\u54cd\u5e94\u5934\u7684\u8ba8\u8bba
\n\u65b9\u6cd5\u5b89\u5168\u6027\u7684\u8ba8\u8bba
\n\u8de8\u57df\u8d44\u6e90\u5171\u4eab\u7684\u8ba8\u8bba
\nRun-As\u529f\u80fd\u7684\u8ba8\u8bba
\n\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u7684\u8ba8\u8bba
\n\u6d4b\u8bd5\u7684\u8ba8\u8bba<\/p>\n

\u756a\u5916\u7de8
\nSpring Security \u53ef\u4ee5\u505a\u7684\u4e8b\u60c5\u548c\u4e0d\u53ef\u4ee5\u505a\u7684\u4e8b\u60c5<\/p>\n

\n

\u4f7f\u7528Spring MVC\u6216Spring Boot\u4f7f\u7528Spring Security\u7684\u65b9\u6cd5\u4ee5\u53ca\u5176\u4ed6\u76f8\u5173\u5185\u5bb9\u3002<\/p>\n

\u4e0eSpring MVC\u7684\u6574\u5408<\/h1>\n

\u8bf7\u6c42\u8def\u5f84\u7684\u5339\u914d\u5668<\/h2>\n

\u9996\u5148\uff0c\u8bd5\u7740\u4ee5\u4e00\u79cd\u666e\u901a\u7684\u65b9\u5f0f\u8fdb\u884c\u6574\u5408\u3002<\/h3>\n
apply<\/span> plugin:<\/span> 'war'<\/span>\r\n\r\nsourceCompatibility<\/span> =<\/span> '1.8'<\/span>\r\ntargetCompatibility<\/span> =<\/span> '1.8'<\/span>\r\ncompileJava<\/span>.<\/span>options<\/span>.<\/span>encoding<\/span> =<\/span> 'UTF-8'<\/span>\r\n\r\nrepositories<\/span> {<\/span>\r\n    mavenCentral<\/span>()<\/span>\r\n}<\/span>\r\n\r\ndependencies<\/span> {<\/span>\r\n    compile<\/span> 'org.springframework.security:spring-security-web:4.2.3.RELEASE'<\/span>\r\n    compile<\/span> 'org.springframework.security:spring-security-config:4.2.3.RELEASE'<\/span>\r\n    compile<\/span> 'org.springframework:spring-webmvc:4.3.10.RELEASE'<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
    \u4f9d\u5b58\u95a2\u4fc2\u306b spring-webmvc \u3092\u8ffd\u52a0<\/ul>\n
    package<\/span> sample.spring.security.mvc<\/span>;<\/span>\r\n\r\nimport<\/span> org.springframework.web.bind.annotation.GetMapping<\/span>;<\/span>\r\nimport<\/span> org.springframework.web.bind.annotation.RestController<\/span>;<\/span>\r\n\r\n@RestController<\/span>\r\npublic<\/span> class<\/span> MyMvcController<\/span> {<\/span>\r\n    \r\n    @GetMapping<\/span>(<\/span>\"\/foo\"<\/span>)<\/span>\r\n    public<\/span> String<\/span> foo<\/span>()<\/span> {<\/span>\r\n        return<\/span> \"FOO!!\"<\/span>;<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
    \/foo \u306b GET \u30ea\u30af\u30a8\u30b9\u30c8\u304c\u304d\u305f\u3089 “FOO!!” \u3068\u8fd4\u3059\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30af\u30e9\u30b9<\/p>\n
    \u547d\u540d\u7a7a\u95f4<\/p>\n
    <?xml version=\"1.0\" encoding=\"UTF-8\"?><\/span>\r\n<web-app<\/span> xmlns=<\/span>\"http:\/\/xmlns.jcp.org\/xml\/ns\/javaee\"<\/span>\r\n         xmlns:xsi=<\/span>\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\"<\/span>\r\n         xsi:schemaLocation=<\/span>\"http:\/\/xmlns.jcp.org\/xml\/ns\/javaee \r\n         http:\/\/xmlns.jcp.org\/xml\/ns\/javaee\/web-app_3_1.xsd\"<\/span>\r\n         version=<\/span>\"3.1\"<\/span>><\/span>\r\n    \r\n    <context-param><\/span>\r\n        <param-name><\/span>contextConfigLocation<\/param-name><\/span>\r\n        <param-value><\/span>\r\n            \/WEB-INF\/mvc.xml\r\n            \/WEB-INF\/security.xml\r\n        <\/param-value><\/span>\r\n    <\/context-param><\/span>\r\n\r\n    <filter><\/span>\r\n        <filter-name><\/span>springSecurityFilterChain<\/filter-name><\/span>\r\n        <filter-class><\/span>org.springframework.web.filter.DelegatingFilterProxy<\/filter-class><\/span>\r\n    <\/filter><\/span>\r\n\r\n    <filter-mapping><\/span>\r\n        <filter-name><\/span>springSecurityFilterChain<\/filter-name><\/span>\r\n        <url-pattern><\/span>\/*<\/url-pattern><\/span>\r\n    <\/filter-mapping><\/span>\r\n    \r\n    <listener><\/span>\r\n        <listener-class><\/span>org.springframework.web.context.ContextLoaderListener<\/listener-class><\/span>\r\n    <\/listener><\/span>\r\n\r\n    <servlet><\/span>\r\n        <servlet-name><\/span>mvc<\/servlet-name><\/span>\r\n        <servlet-class><\/span>org.springframework.web.servlet.DispatcherServlet<\/servlet-class><\/span>\r\n        <init-param><\/span>\r\n            <param-name><\/span>contextConfigLocation<\/param-name><\/span>\r\n            <param-value><\/param-value><\/span>\r\n        <\/init-param><\/span>\r\n        <load-on-startup><\/span>1<\/load-on-startup><\/span>\r\n    <\/servlet><\/span>\r\n\r\n    <servlet-mapping><\/span>\r\n        <servlet-name><\/span>mvc<\/servlet-name><\/span>\r\n        <url-pattern><\/span>\/*<\/url-pattern><\/span>\r\n    <\/servlet-mapping><\/span>\r\n<\/web-app><\/span>\r\n<\/code><\/pre>\n
      \n
    • \n
        Spring Security \u306e DelegatingFilterProxy \u3068 Spring MVC \u306e DispatcherServlet \u3092\u305d\u308c\u305e\u308c\u5b9a\u7fa9<\/ul>\n<\/li>\n<\/ul>\n
         <\/p>\n
          Spring MVC \u3068 Security \u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3068\u3057\u3066 \/WEB-INF\/mvc.xml \u3068 \/WEB-INF\/security.xml \u3092\u6307\u5b9a<\/ul>\n
          <?xml version=\"1.0\" encoding=\"UTF-8\"?><\/span>\r\n<beans<\/span> xmlns=<\/span>\"http:\/\/www.springframework.org\/schema\/beans\"<\/span>\r\n       xmlns:sec=<\/span>\"http:\/\/www.springframework.org\/schema\/security\"<\/span>\r\n       xmlns:xsi=<\/span>\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\"<\/span>\r\n       xsi:schemaLocation=<\/span>\"\r\n         http:\/\/www.springframework.org\/schema\/beans\r\n         http:\/\/www.springframework.org\/schema\/beans\/spring-beans-3.0.xsd\r\n         http:\/\/www.springframework.org\/schema\/security\r\n         http:\/\/www.springframework.org\/schema\/security\/spring-security.xsd\"<\/span>><\/span>\r\n    \r\n    <sec:http><\/span>\r\n        <sec:intercept-url<\/span> pattern=<\/span>\"\/foo\"<\/span> access=<\/span>\"isAuthenticated()\"<\/span> \/><\/span>\r\n        <sec:form-login<\/span> \/><\/span>\r\n    <\/sec:http><\/span>\r\n\r\n    <sec:authentication-manager<\/span> \/><\/span>\r\n<\/beans><\/span>\r\n<\/code><\/pre>\n
            \n
          • \n
              Spring Security \u306e\u8a2d\u5b9a<\/ul>\n<\/li>\n<\/ul>\n
              \/foo \u3078\u306e\u30a2\u30af\u30bb\u30b9\u306f\u8a8d\u8a3c\u304c\u5fc5\u8981\u3068\u3044\u3046\u3053\u3068\u306b\u3057\u3066\u3044\u308b<\/p>\n
              <?xml version=\"1.0\" encoding=\"UTF-8\"?><\/span>\r\n<beans<\/span> xmlns=<\/span>\"http:\/\/www.springframework.org\/schema\/beans\"<\/span>\r\n       xmlns:xsi=<\/span>\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\"<\/span>\r\n       xmlns:mvc=<\/span>\"http:\/\/www.springframework.org\/schema\/mvc\"<\/span>\r\n       xsi:schemaLocation=<\/span>\"\r\n         http:\/\/www.springframework.org\/schema\/beans\r\n         http:\/\/www.springframework.org\/schema\/beans\/spring-beans-3.0.xsd\r\n         http:\/\/www.springframework.org\/schema\/mvc\r\n         http:\/\/www.springframework.org\/schema\/mvc\/spring-mvc.xsd\"<\/span>><\/span>\r\n\r\n    <mvc:annotation-driven<\/span> \/><\/span>\r\n    \r\n    <bean<\/span> class=<\/span>\"sample.spring.security.mvc.MyMvcController\"<\/span> \/><\/span>\r\n    \r\n<\/beans><\/span>\r\n<\/code><\/pre>\n
                Spring MVC \u7528\u306e\u8a2d\u5b9a<\/ul>\n
                Java \u914d\u7f6e<\/p>\n
                package<\/span> sample.spring.config<\/span>;<\/span>\r\n\r\nimport<\/span> org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer<\/span>;<\/span>\r\n\r\npublic<\/span> class<\/span> MySecurityInitializer<\/span> extends<\/span> AbstractSecurityWebApplicationInitializer<\/span> {<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                  \n
                • \n
                    Spring Security \u306e Filter \u3092\u9069\u7528\u3059\u308b\u305f\u3081\u306e\u30af\u30e9\u30b9<\/ul>\n<\/li>\n<\/ul>\n
                     <\/p>\n
                      Spring Security \u5358\u4f53\u306e\u3068\u304d\u306f\u3001\u3053\u3053\u3067\u8a2d\u5b9a\u30af\u30e9\u30b9\u3092\u89aa\u30af\u30e9\u30b9\u306e\u30b3\u30f3\u30b9\u30c8\u30e9\u30af\u30bf\u306b\u6e21\u3057\u3066\u3044\u305f\u304c\u3001 MVC \u3068\u7d71\u5408\u3057\u305f\u5834\u5408\u306f MVC \u7528\u306e Initializer \u306e\u65b9\u306b\u79fb\u52d5\u3057\u3066\u3044\u308b<\/ul>\n
                      package<\/span> sample.spring.config<\/span>;<\/span>\r\n\r\nimport<\/span> org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer<\/span>;<\/span>\r\n\r\npublic<\/span> class<\/span> MyServletInitializer<\/span> extends<\/span> AbstractAnnotationConfigDispatcherServletInitializer<\/span> {<\/span>\r\n    \r\n    @Override<\/span>\r\n    protected<\/span> Class<\/span><?>[]<\/span> getRootConfigClasses<\/span>()<\/span> {<\/span>\r\n        return<\/span> new<\/span> Class<\/span>[]<\/span> {<\/span>MySecurityConfig<\/span>.<\/span>class<\/span>,<\/span> MyMvcConfig<\/span>.<\/span>class<\/span>};<\/span>\r\n    }<\/span>\r\n\r\n    @Override<\/span>\r\n    protected<\/span> Class<\/span><?>[]<\/span> getServletConfigClasses<\/span>()<\/span> {<\/span>\r\n        return<\/span> new<\/span> Class<\/span>[]<\/span> {};<\/span>\r\n    }<\/span>\r\n    \r\n    @Override<\/span>\r\n    protected<\/span> String<\/span>[]<\/span> getServletMappings<\/span>()<\/span> {<\/span>\r\n        return<\/span> new<\/span> String<\/span>[]<\/span> {<\/span>\"\/\"<\/span>};<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                        \n
                      • \n
                          Spring MVC \u7528\u306e\u521d\u671f\u5316\u30af\u30e9\u30b9<\/ul>\n<\/li>\n<\/ul>\n
                           <\/p>\n
                            MVC \u306e\u8a2d\u5b9a\uff08MyMvcConfig\uff09\u3082 Security \u306e\u8a2d\u5b9a\uff08MySecurityConfig\uff09\u3082\u3001\u4e21\u65b9\u3068\u3082\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30eb\u30fc\u30c8\u3068\u3057\u3066\u8a2d\u5b9a\u3057\u3066\u3044\u308b\uff08\u7406\u7531\u306f\u3088\u304f\u308f\u304b\u3063\u3066\u306a\u3044\u304c\u3001\u3053\u3046\u3057\u306a\u3044\u3068\u5f8c\u8ff0\u3059\u308b mvcMatchers \u304c\u50cd\u304b\u306a\u304b\u3063\u305f\uff09<\/ul>\n
                            package<\/span> sample.spring.config<\/span>;<\/span>\r\n\r\nimport<\/span> org.springframework.security.config.annotation.web.builders.HttpSecurity<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter<\/span>;<\/span>\r\n\r\n@EnableWebSecurity<\/span>\r\npublic<\/span> class<\/span> MySecurityConfig<\/span> extends<\/span> WebSecurityConfigurerAdapter<\/span> {<\/span>\r\n\r\n    @Override<\/span>\r\n    public<\/span> void<\/span> configure<\/span>(<\/span>HttpSecurity<\/span> http<\/span>)<\/span> throws<\/span> Exception<\/span> {<\/span>\r\n        http<\/span>.<\/span>authorizeRequests<\/span>()<\/span>\r\n            .<\/span>antMatchers<\/span>(<\/span>\"\/foo\"<\/span>).<\/span>authenticated<\/span>()<\/span>\r\n            .<\/span>and<\/span>()<\/span>\r\n            .<\/span>formLogin<\/span>();<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                              \n
                            • \n
                                Spring Security \u306e\u8a2d\u5b9a\u30af\u30e9\u30b9<\/ul>\n<\/li>\n<\/ul>\n
                                \/foo \u3078\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306f\u8a8d\u8a3c\u304c\u5fc5\u8981<\/p>\n
                                package<\/span> sample.spring.config<\/span>;<\/span>\r\n\r\nimport<\/span> org.springframework.context.annotation.Bean<\/span>;<\/span>\r\nimport<\/span> org.springframework.web.servlet.config.annotation.EnableWebMvc<\/span>;<\/span>\r\nimport<\/span> org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter<\/span>;<\/span>\r\nimport<\/span> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping<\/span>;<\/span>\r\nimport<\/span> sample.spring.security.mvc.MyMvcController<\/span>;<\/span>\r\n\r\n@EnableWebMvc<\/span>\r\npublic<\/span> class<\/span> MyMvcConfig<\/span> extends<\/span> WebMvcConfigurerAdapter<\/span> {<\/span>\r\n\r\n    @Bean<\/span>\r\n    public<\/span> MyMvcController<\/span> myMvcController<\/span>()<\/span> {<\/span>\r\n        return<\/span> new<\/span> MyMvcController<\/span>();<\/span>\r\n    }<\/span>\r\n\r\n    @Bean<\/span>\r\n    public<\/span> RequestMappingHandlerMapping<\/span> requestMappingHandlerMapping<\/span>()<\/span> {<\/span>\r\n        return<\/span> new<\/span> RequestMappingHandlerMapping<\/span>();<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                                  \n
                                • \n
                                    Spring MVC \u7528\u306e\u8a2d\u5b9a<\/ul>\n<\/li>\n<\/ul>\n
                                     <\/p>\n
                                      \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u3092\u767b\u9332\u3057\u3066\u3044\u308b<\/ul>\n
                                      \u786e\u8ba4\u884c\u52a8<\/h3>\n
                                      \u9996\u5148\u5411 \/foo \u53d1\u51fa\u8bf7\u6c42\uff0c\u7136\u540e\u5411 \/foo.html \u53d1\u51fa\u8bf7\u6c42\u3002<\/p>\n
                                      $ <\/span>curl http:\/\/localhost:8080\/namespace\/foo -i<\/span>\r\nHTTP\/1.1 302 Found\r\nServer: Apache-Coyote\/1.1\r\nCache-Control: no-cache, no-store, max-age=<\/span>0, must-revalidate\r\nPragma: no-cache\r\nExpires: 0\r\nX-XSS-Protection: 1;<\/span> mode<\/span>=<\/span>block\r\nX-Frame-Options: DENY\r\nX-Content-Type-Options: nosniff\r\nSet-Cookie: JSESSIONID<\/span>=<\/span>0AD6574E5F43053B42E5C9926535AC0E;<\/span> Path<\/span>=<\/span>\/namespace\/;<\/span> HttpOnly\r\nLocation: http:\/\/localhost:8080\/namespace\/login\r\nContent-Length: 0\r\nDate: Mon, 31 Jul 2017 13:05:03 GMT\r\n\r\n\r\n$ <\/span>curl http:\/\/localhost:8080\/namespace\/foo.html -i<\/span>\r\nHTTP\/1.1 200 OK\r\nServer: Apache-Coyote\/1.1\r\nCache-Control: no-cache, no-store, max-age=<\/span>0, must-revalidate\r\nPragma: no-cache\r\nExpires: 0\r\nX-XSS-Protection: 1;<\/span> mode<\/span>=<\/span>block\r\nX-Frame-Options: DENY\r\nX-Content-Type-Options: nosniff\r\nContent-Disposition: inline;<\/span>filename<\/span>=<\/span>f.txt\r\nContent-Type: text\/plain;<\/span>charset<\/span>=<\/span>ISO-8859-1\r\nContent-Length: 5\r\nDate: Mon, 31 Jul 2017 13:05:06 GMT\r\n\r\nFOO!!\r\n<\/code><\/pre>\n
                                      \u5728`\/foo`\u7684\u60c5\u51b5\u4e0b\uff0c\u88ab\u91cd\u5b9a\u5411\u5230\u767b\u5f55\u9875\u9762\uff1b\u800c\u5728`\/foo.html`\u7684\u60c5\u51b5\u4e0b\uff0c\u6b63\u5e38\u8c03\u7528\u4e86\u63a7\u5236\u5668\u7684\u5b9e\u73b0\u3002<\/p>\n
                                      \u4e3a\u4ec0\u4e48\u4f1a\u53d8\u6210\u8fd9\u6837\uff1f<\/h3>\n
                                        \n
                                      • \n
                                          Spring MVC \u306f\u3001 \/foo \u3068\u3044\u3046\u30d1\u30b9\u3092\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306b\u30de\u30c3\u30d4\u30f3\u30b0\u3057\u305f\u3068\u304d\u306b\u3001\u8a2d\u5b9a\u306b\u3088\u3063\u3066\u306f \/foo.html \u306a\u3069\u62e1\u5f35\u5b50\u3092\u6307\u5b9a\u3057\u305f\u30d1\u30b9\u3082\u30de\u30c3\u30c1\u30f3\u30b0\u306e\u5bfe\u8c61\u306b\u306a\u308b<\/ul>\n<\/li>\n<\/ul>\n
                                          \u3053\u306e\u6319\u52d5\u81ea\u4f53\u306f\u3001\u30ec\u30b9\u30dd\u30f3\u30b9\u306e\u5f62\u5f0f\u306e\u5207\u308a\u66ff\u3048\u3092\u62e1\u5f35\u5b50\u306b\u3088\u3063\u3066\u6307\u5b9a\u3059\u308b\u30bf\u30a4\u30d7\u306e API \u3092\u7c21\u5358\u306b\u5b9f\u88c5\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b\u3053\u3068\u304c\u76ee\u7684\u3068\u306a\u3063\u3066\u3044\u308b<\/p>\n
                                          \/foo.html \u3082 \/foo.json \u3082\u540c\u3058\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306e\u30e1\u30bd\u30c3\u30c9\u306b\u30de\u30c3\u30d4\u30f3\u30b0\u3055\u308c\u308b\u3088\u3046\u306b\u3057\u3066\u3044\u308b<\/p>\n
                                          \u3057\u304b\u3057\u3001 Spring Security \u306f Ant \u5f62\u5f0f\u3067\u30d1\u30b9\u3092\u6307\u5b9a\u3057\u3066\u3044\u308b\u305f\u3081\u3001 \/foo \u4ee5\u5916\u306e\u30d1\u30b9\u3078\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306f\u3059\u308a\u629c\u3051\u3066\u3057\u307e\u3046<\/p>\n
                                          Spring MVC \u4e2d\u7528\u4e8e\u5339\u914d\u8bf7\u6c42\u7684RequestMatcher\u3002<\/h3>\n
                                            \u3053\u306e\u554f\u984c\u306b\u5bfe\u5fdc\u3059\u308b\u305f\u3081\u3001 Spring Security \u306b\u306f Spring MVC \u306e\u30d1\u30b9\u306e\u30de\u30c3\u30c1\u30f3\u30b0\u51e6\u7406\u3068\u540c\u3058\u30ed\u30b8\u30c3\u30af\u3067\u30d1\u30b9\u306e\u30de\u30c3\u30c1\u30f3\u30b0\u3092\u884c\u3046 Matcher \u304c\u7528\u610f\u3055\u308c\u3066\u3044\u308b<\/ul>\n
                                            \u547d\u540d\u7a7a\u95f4<\/p>\n
                                            <?xml version=\"1.0\" encoding=\"UTF-8\"?><\/span>\r\n<beans<\/span> xmlns=<\/span>\"http:\/\/www.springframework.org\/schema\/beans\"<\/span>\r\n       xmlns:sec=<\/span>\"http:\/\/www.springframework.org\/schema\/security\"<\/span>\r\n       xmlns:xsi=<\/span>\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\"<\/span>\r\n       xsi:schemaLocation=<\/span>\"\r\n         http:\/\/www.springframework.org\/schema\/beans\r\n         http:\/\/www.springframework.org\/schema\/beans\/spring-beans-3.0.xsd\r\n         http:\/\/www.springframework.org\/schema\/security\r\n         http:\/\/www.springframework.org\/schema\/security\/spring-security.xsd\"<\/span>><\/span>\r\n    \r\n    <sec:http<\/span> request-matcher=<\/span>\"mvc\"<\/span>><\/span>\r\n        <sec:intercept-url<\/span> pattern=<\/span>\"\/foo\"<\/span> access=<\/span>\"isAuthenticated()\"<\/span> \/><\/span>\r\n        <sec:form-login<\/span> \/><\/span>\r\n    <\/sec:http><\/span>\r\n\r\n    <sec:authentication-manager<\/span> \/><\/span>\r\n<\/beans><\/span>\r\n<\/code><\/pre>\n
                                            \u30bf\u30b0\u306e request-matcher \u306b mvc \u3092\u6307\u5b9a\u3059\u308b<\/p>\n
                                            Java\u914d\u7f6e<\/p>\n
                                            package<\/span> sample.spring.config<\/span>;<\/span>\r\n\r\nimport<\/span> org.springframework.security.config.annotation.web.builders.HttpSecurity<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter<\/span>;<\/span>\r\n\r\n@EnableWebSecurity<\/span>\r\npublic<\/span> class<\/span> MySecurityConfig<\/span> extends<\/span> WebSecurityConfigurerAdapter<\/span> {<\/span>\r\n\r\n    @Override<\/span>\r\n    public<\/span> void<\/span> configure<\/span>(<\/span>HttpSecurity<\/span> http<\/span>)<\/span> throws<\/span> Exception<\/span> {<\/span>\r\n        http<\/span>.<\/span>authorizeRequests<\/span>()<\/span>\r\n            .<\/span>mvcMatchers<\/span>(<\/span>\"\/foo\"<\/span>).<\/span>authenticated<\/span>()<\/span>\r\n            .<\/span>and<\/span>()<\/span>\r\n            .<\/span>formLogin<\/span>();<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                                            antMatchers() \u306e\u4ee3\u308f\u308a\u306b mvcMatchers() \u3092\u4f7f\u7528\u3059\u308b<\/p>\n
                                            $ <\/span>curl http:\/\/localhost:8080\/namespace\/foo -i<\/span>\r\nHTTP\/1.1 302 Found\r\nServer: Apache-Coyote\/1.1\r\nCache-Control: no-cache, no-store, max-age=<\/span>0, must-revalidate\r\nPragma: no-cache\r\nExpires: 0\r\nX-XSS-Protection: 1;<\/span> mode<\/span>=<\/span>block\r\nX-Frame-Options: DENY\r\nX-Content-Type-Options: nosniff\r\nSet-Cookie: JSESSIONID<\/span>=<\/span>0322DCB394ED74B38CCA600DDEF8CBBF;<\/span> Path<\/span>=<\/span>\/namespace\/;<\/span> HttpOnly\r\nLocation: http:\/\/localhost:8080\/namespace\/login\r\nContent-Length: 0\r\nDate: Mon, 31 Jul 2017 13:07:48 GMT\r\n\r\n\r\n$ <\/span>curl http:\/\/localhost:8080\/namespace\/foo.html -i<\/span>\r\nHTTP\/1.1 302 Found\r\nServer: Apache-Coyote\/1.1\r\nCache-Control: no-cache, no-store, max-age=<\/span>0, must-revalidate\r\nPragma: no-cache\r\nExpires: 0\r\nX-XSS-Protection: 1;<\/span> mode<\/span>=<\/span>block\r\nX-Frame-Options: DENY\r\nX-Content-Type-Options: nosniff\r\nSet-Cookie: JSESSIONID<\/span>=<\/span>BE049E9C138392A8751351762B200D63;<\/span> Path<\/span>=<\/span>\/namespace\/;<\/span> HttpOnly\r\nLocation: http:\/\/localhost:8080\/namespace\/login\r\nContent-Length: 0\r\nDate: Mon, 31 Jul 2017 13:07:49 GMT\r\n<\/code><\/pre>\n
                                            \u8fd9\u6b21\u5373\u4f7f\u52a0\u4e0a .html\uff0c\u4e5f\u4f1a\u8df3\u8f6c\u5230\u767b\u5f55\u9875\u9762\u3002<\/p>\n
                                            \u5728\u63a7\u5236\u5668\u7684\u53c2\u6570\u4e2d\u63a5\u6536\u5f53\u524d\u7684\u4e3b\u4f53<\/h2>\n
                                            \u5b9e\u65bd<\/h3>\n
                                            package<\/span> sample.spring.security.mvc<\/span>;<\/span>\r\n\r\nimport<\/span> org.springframework.security.core.annotation.AuthenticationPrincipal<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.core.userdetails.User<\/span>;<\/span>\r\nimport<\/span> org.springframework.web.bind.annotation.GetMapping<\/span>;<\/span>\r\nimport<\/span> org.springframework.web.bind.annotation.RestController<\/span>;<\/span>\r\n\r\n@RestController<\/span>\r\npublic<\/span> class<\/span> MyMvcController<\/span> {<\/span>\r\n    \r\n    @GetMapping<\/span>(<\/span>\"\/user\"<\/span>)<\/span>\r\n    public<\/span> String<\/span> foo<\/span>(<\/span>@AuthenticationPrincipal<\/span> User<\/span> user<\/span>)<\/span> {<\/span>\r\n        System<\/span>.<\/span>out<\/span>.<\/span>println<\/span>(<\/span>\"username=\"<\/span> +<\/span> user<\/span>.<\/span>getUsername<\/span>()<\/span> +<\/span> \", authorities=\"<\/span> +<\/span> user<\/span>.<\/span>getAuthorities<\/span>());<\/span>\r\n        return<\/span> \"User!!\"<\/span>;<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                                            \u547d\u540d\u7a7a\u95f4<\/p>\n
                                            <?xml version=\"1.0\" encoding=\"UTF-8\"?><\/span>\r\n<beans<\/span> xmlns=<\/span>\"http:\/\/www.springframework.org\/schema\/beans\"<\/span>\r\n       xmlns:xsi=<\/span>\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\"<\/span>\r\n       xmlns:mvc=<\/span>\"http:\/\/www.springframework.org\/schema\/mvc\"<\/span>\r\n       xsi:schemaLocation=<\/span>\"\r\n         http:\/\/www.springframework.org\/schema\/beans\r\n         http:\/\/www.springframework.org\/schema\/beans\/spring-beans-3.0.xsd\r\n         http:\/\/www.springframework.org\/schema\/mvc\r\n         http:\/\/www.springframework.org\/schema\/mvc\/spring-mvc.xsd\"<\/span>><\/span>\r\n\r\n    <mvc:annotation-driven><\/span>\r\n        <mvc:argument-resolvers><\/span>\r\n            <bean<\/span> class=<\/span>\"org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver\"<\/span> \/><\/span>\r\n        <\/mvc:argument-resolvers><\/span>\r\n    <\/mvc:annotation-driven><\/span>\r\n    \r\n    <bean<\/span> class=<\/span>\"sample.spring.security.mvc.MyMvcController\"<\/span> \/><\/span>\r\n    \r\n<\/beans><\/span>\r\n<\/code><\/pre>\n
                                            <?xml version=\"1.0\" encoding=\"UTF-8\"?><\/span>\r\n<beans<\/span> xmlns=<\/span>\"http:\/\/www.springframework.org\/schema\/beans\"<\/span>\r\n       xmlns:sec=<\/span>\"http:\/\/www.springframework.org\/schema\/security\"<\/span>\r\n       xmlns:xsi=<\/span>\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\"<\/span>\r\n       xsi:schemaLocation=<\/span>\"\r\n         http:\/\/www.springframework.org\/schema\/beans\r\n         http:\/\/www.springframework.org\/schema\/beans\/spring-beans-3.0.xsd\r\n         http:\/\/www.springframework.org\/schema\/security\r\n         http:\/\/www.springframework.org\/schema\/security\/spring-security.xsd\"<\/span>><\/span>\r\n    \r\n    <sec:http<\/span> request-matcher=<\/span>\"mvc\"<\/span>><\/span>\r\n        <sec:intercept-url<\/span> pattern=<\/span>\"\/login\"<\/span> access=<\/span>\"permitAll\"<\/span> \/><\/span>\r\n        <sec:intercept-url<\/span> pattern=<\/span>\"\/**\"<\/span> access=<\/span>\"isAuthenticated()\"<\/span> \/><\/span>\r\n        <sec:form-login<\/span> \/><\/span>\r\n        <sec:logout<\/span> \/><\/span>\r\n    <\/sec:http><\/span>\r\n\r\n    <sec:authentication-manager><\/span>\r\n        <sec:authentication-provider><\/span>\r\n            <sec:user-service><\/span>\r\n                <sec:user<\/span> name=<\/span>\"foo\"<\/span> password=<\/span>\"foo\"<\/span> authorities=<\/span>\"GENERAL_USER, ADMINISTRATOR\"<\/span> \/><\/span>\r\n            <\/sec:user-service><\/span>\r\n        <\/sec:authentication-provider><\/span>\r\n    <\/sec:authentication-manager><\/span>\r\n<\/beans><\/span>\r\n<\/code><\/pre>\n
                                            Java\u914d\u7f6e<\/p>\n
                                            MyMvcConfig.java \u65e0\u9700\u66f4\u6539<\/p>\n
                                            package<\/span> sample.spring.config<\/span>;<\/span>\r\n\r\nimport<\/span> org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.config.annotation.web.builders.HttpSecurity<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter<\/span>;<\/span>\r\n\r\n@EnableWebSecurity<\/span>\r\npublic<\/span> class<\/span> MySecurityConfig<\/span> extends<\/span> WebSecurityConfigurerAdapter<\/span> {<\/span>\r\n\r\n    @Override<\/span>\r\n    public<\/span> void<\/span> configure<\/span>(<\/span>HttpSecurity<\/span> http<\/span>)<\/span> throws<\/span> Exception<\/span> {<\/span>\r\n        http<\/span>.<\/span>authorizeRequests<\/span>()<\/span>\r\n            .<\/span>mvcMatchers<\/span>(<\/span>\"\/login\"<\/span>).<\/span>permitAll<\/span>()<\/span>\r\n            .<\/span>anyRequest<\/span>().<\/span>authenticated<\/span>()<\/span>\r\n            .<\/span>and<\/span>()<\/span>\r\n            .<\/span>formLogin<\/span>();<\/span>\r\n    }<\/span>\r\n\r\n    @Override<\/span>\r\n    protected<\/span> void<\/span> configure<\/span>(<\/span>AuthenticationManagerBuilder<\/span> auth<\/span>)<\/span> throws<\/span> Exception<\/span> {<\/span>\r\n        auth<\/span>.<\/span>inMemoryAuthentication<\/span>()<\/span>\r\n            .<\/span>withUser<\/span>(<\/span>\"foo\"<\/span>)<\/span>\r\n            .<\/span>password<\/span>(<\/span>\"foo\"<\/span>)<\/span>\r\n            .<\/span>authorities<\/span>(<\/span>\"GENERAL_USER\"<\/span>,<\/span> \"ADMINISTRATOR\"<\/span>);<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                                            \u52a8\u4f5c\u786e\u8ba4<\/h3>\n
                                            \u5728\u6d4f\u89c8\u5668\u4e2d\u4f7f\u7528 foo \u7528\u6237\u767b\u5f55\u540e\uff0c\u8bbf\u95ee \/user \u9875\u9762\u3002<\/p>\n
                                            username=foo, authorities=[ADMINISTRATOR, GENERAL_USER]\r\n<\/code><\/pre>\n
                                            \u89e3\u91ca<\/h3>\n
                                            import<\/span> org.springframework.security.core.annotation.AuthenticationPrincipal<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.core.userdetails.User<\/span>;<\/span>\r\n\r\n...<\/span>\r\n\r\n    @GetMapping<\/span>(<\/span>\"\/user\"<\/span>)<\/span>\r\n    public<\/span> String<\/span> foo<\/span>(<\/span>@AuthenticationPrincipal<\/span> User<\/span> user<\/span>)<\/span> {<\/span>\r\n        System<\/span>.<\/span>out<\/span>.<\/span>println<\/span>(<\/span>\"username=\"<\/span> +<\/span> user<\/span>.<\/span>getUsername<\/span>()<\/span> +<\/span> \", authorities=\"<\/span> +<\/span> user<\/span>.<\/span>getAuthorities<\/span>());<\/span>\r\n        return<\/span> \"User!!\"<\/span>;<\/span>\r\n    }<\/span>\r\n<\/code><\/pre>\n
                                              \n
                                            • \n
                                                \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306e\u5f15\u6570\u3067 Authentication.getPrincipal() \u304c\u8fd4\u3059\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u53d7\u3051\u53d6\u308b\u3053\u3068\u304c\u3067\u304d\u308b<\/ul>\n<\/li>\n<\/ul>\n
                                                 <\/p>\n
                                                  \n
                                                • \n
                                                    \u5f15\u6570\u3092 @AuthenticationPrincipal \u3067\u30a2\u30ce\u30c6\u30fc\u30c8\u3059\u308b<\/ul>\n<\/li>\n<\/ul>\n
                                                     <\/p>\n
                                                      \u5f15\u6570\u306e\u89e3\u6c7a\u306f\u3001 Spring Security \u304c\u63d0\u4f9b\u3059\u308b AuthenticationPrincipalArgumentResolver \u306b\u3088\u3063\u3066\u884c\u308f\u308c\u308b<\/ul>\n
                                                          <mvc:annotation-driven><\/span>\r\n        <mvc:argument-resolvers><\/span>\r\n            <bean<\/span> class=<\/span>\"org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver\"<\/span> \/><\/span>\r\n        <\/mvc:argument-resolvers><\/span>\r\n    <\/mvc:annotation-driven><\/span>\r\n<\/code><\/pre>\n
                                                        \n
                                                      • \n
                                                          namespace \u3092\u4f7f\u3063\u3066\u3044\u308b\u5834\u5408\u306f\u3001 \u3067 AuthenticationPrincipalArgumentResolver \u3092\u6307\u5b9a\u3057\u3066\u3042\u3052\u308b\u5fc5\u8981\u304c\u3042\u308b<\/ul>\n<\/li>\n<\/ul>\n
                                                           <\/p>\n
                                                            Java Configuration \u3092\u4f7f\u3063\u3066\u3044\u308b\u5834\u5408\u306f\u3001 @EnableWebSecurity \u3092\u4f7f\u3046\u3053\u3068\u3067\u3053\u306e\u8a2d\u5b9a\u304c\u81ea\u52d5\u7684\u306b\u884c\u308f\u308c\u308b\u306e\u3067\u3001\u8ffd\u52a0\u3067\u306e\u8a2d\u5b9a\u306f\u4e0d\u8981<\/ul>\n
                                                            \u63a5\u6536CSRF\u4ee4\u724c<\/h2>\n
                                                            \u5b9e\u65bd<\/h3>\n
                                                            package<\/span> sample.spring.security.mvc<\/span>;<\/span>\r\n\r\nimport<\/span> org.springframework.security.web.csrf.CsrfToken<\/span>;<\/span>\r\nimport<\/span> org.springframework.web.bind.annotation.GetMapping<\/span>;<\/span>\r\nimport<\/span> org.springframework.web.bind.annotation.RestController<\/span>;<\/span>\r\n\r\n@RestController<\/span>\r\npublic<\/span> class<\/span> MyMvcController<\/span> {<\/span>\r\n    \r\n    @GetMapping<\/span>(<\/span>\"\/csrf\"<\/span>)<\/span>\r\n    public<\/span> String<\/span> foo<\/span>(<\/span>CsrfToken<\/span> token<\/span>)<\/span> {<\/span>\r\n        System<\/span>.<\/span>out<\/span>.<\/span>println<\/span>(<\/span>\"token=\"<\/span> +<\/span> token<\/span>.<\/span>getToken<\/span>()<\/span> +<\/span> \", headerName=\"<\/span> +<\/span> token<\/span>.<\/span>getHeaderName<\/span>()<\/span> +<\/span> \", parameterName=\"<\/span> +<\/span> token<\/span>.<\/span>getParameterName<\/span>());<\/span>\r\n        return<\/span> \"CSRF!!\"<\/span>;<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                                                            \u547d\u540d\u7a7a\u95f4<\/p>\n
                                                            <?xml version=\"1.0\" encoding=\"UTF-8\"?><\/span>\r\n<beans<\/span> xmlns=<\/span>\"http:\/\/www.springframework.org\/schema\/beans\"<\/span>\r\n       xmlns:xsi=<\/span>\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\"<\/span>\r\n       xmlns:mvc=<\/span>\"http:\/\/www.springframework.org\/schema\/mvc\"<\/span>\r\n       xsi:schemaLocation=<\/span>\"\r\n         http:\/\/www.springframework.org\/schema\/beans\r\n         http:\/\/www.springframework.org\/schema\/beans\/spring-beans-3.0.xsd\r\n         http:\/\/www.springframework.org\/schema\/mvc\r\n         http:\/\/www.springframework.org\/schema\/mvc\/spring-mvc.xsd\"<\/span>><\/span>\r\n\r\n    <mvc:annotation-driven><\/span>\r\n        <mvc:argument-resolvers><\/span>\r\n            <bean<\/span> class=<\/span>\"org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver\"<\/span> \/><\/span>\r\n        <\/mvc:argument-resolvers><\/span>\r\n    <\/mvc:annotation-driven><\/span>\r\n    \r\n    <bean<\/span> class=<\/span>\"sample.spring.security.mvc.MyMvcController\"<\/span> \/><\/span>\r\n    \r\n<\/beans><\/span>\r\n<\/code><\/pre>\n
                                                            <?xml version=\"1.0\" encoding=\"UTF-8\"?><\/span>\r\n<beans<\/span> xmlns=<\/span>\"http:\/\/www.springframework.org\/schema\/beans\"<\/span>\r\n       xmlns:sec=<\/span>\"http:\/\/www.springframework.org\/schema\/security\"<\/span>\r\n       xmlns:xsi=<\/span>\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\"<\/span>\r\n       xsi:schemaLocation=<\/span>\"\r\n         http:\/\/www.springframework.org\/schema\/beans\r\n         http:\/\/www.springframework.org\/schema\/beans\/spring-beans-3.0.xsd\r\n         http:\/\/www.springframework.org\/schema\/security\r\n         http:\/\/www.springframework.org\/schema\/security\/spring-security.xsd\"<\/span>><\/span>\r\n    \r\n    <sec:http<\/span> request-matcher=<\/span>\"mvc\"<\/span>><\/span>\r\n        <sec:intercept-url<\/span> pattern=<\/span>\"\/**\"<\/span> access=<\/span>\"permitAll\"<\/span> \/><\/span>\r\n        <sec:form-login<\/span> \/><\/span>\r\n        <sec:csrf<\/span> \/><\/span>\r\n    <\/sec:http><\/span>\r\n\r\n    <sec:authentication-manager<\/span> \/><\/span>\r\n<\/beans><\/span>\r\n<\/code><\/pre>\n
                                                            Java \u914d\u7f6e (Java peizhi)<\/p>\n
                                                            \u6211MvcConfig\u6ca1\u6709\u4efb\u4f55\u4fee\u6539\u3002<\/p>\n
                                                            package<\/span> sample.spring.config<\/span>;<\/span>\r\n\r\nimport<\/span> org.springframework.security.config.annotation.web.builders.HttpSecurity<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter<\/span>;<\/span>\r\n\r\n@EnableWebSecurity<\/span>\r\npublic<\/span> class<\/span> MySecurityConfig<\/span> extends<\/span> WebSecurityConfigurerAdapter<\/span> {<\/span>\r\n\r\n    @Override<\/span>\r\n    public<\/span> void<\/span> configure<\/span>(<\/span>HttpSecurity<\/span> http<\/span>)<\/span> throws<\/span> Exception<\/span> {<\/span>\r\n        http<\/span>.<\/span>authorizeRequests<\/span>()<\/span>\r\n            .<\/span>mvcMatchers<\/span>(<\/span>\"\/**\"<\/span>).<\/span>permitAll<\/span>()<\/span>\r\n            .<\/span>and<\/span>()<\/span>\r\n            .<\/span>formLogin<\/span>()<\/span>\r\n            .<\/span>and<\/span>()<\/span>\r\n            .<\/span>csrf<\/span>();<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                                                            \u6267\u884c\u7ed3\u679c<\/h3>\n
                                                            \u8bbf\u95ee\/crsf<\/p>\n
                                                            token=bcac7b2e-f2c0-424c-a563-4b957ff7133e, headerName=X-CSRF-TOKEN, parameterName=_csrf\r\n<\/code><\/pre>\n
                                                            \u89e3\u91ca<\/h3>\n
                                                            import<\/span> org.springframework.security.web.csrf.CsrfToken<\/span>;<\/span>\r\n\r\n...<\/span>\r\n    \r\n    @GetMapping<\/span>(<\/span>\"\/csrf\"<\/span>)<\/span>\r\n    public<\/span> String<\/span> foo<\/span>(<\/span>CsrfToken<\/span> token<\/span>)<\/span> {<\/span>\r\n        System<\/span>.<\/span>out<\/span>.<\/span>println<\/span>(<\/span>\"token=\"<\/span> +<\/span> token<\/span>.<\/span>getToken<\/span>()<\/span> +<\/span> \", headerName=\"<\/span> +<\/span> token<\/span>.<\/span>getHeaderName<\/span>()<\/span> +<\/span> \", parameterName=\"<\/span> +<\/span> token<\/span>.<\/span>getParameterName<\/span>());<\/span>\r\n        return<\/span> \"CSRF!!\"<\/span>;<\/span>\r\n    }<\/span>\r\n<\/code><\/pre>\n
                                                              \n
                                                            • \n
                                                                CSRF \u306e\u30c8\u30fc\u30af\u30f3\u3092\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306e\u30e1\u30bd\u30c3\u30c9\u5f15\u6570\u3067\u53d7\u3051\u53d6\u308b\u3053\u3068\u304c\u3067\u304d\u308b<\/ul>\n<\/li>\n<\/ul>\n
                                                                 <\/p>\n
                                                                  \u30c8\u30fc\u30af\u30f3\u306f CsrfToken \u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3068\u3057\u3066\u53d6\u5f97\u3067\u304d\u308b<\/ul>\n
                                                                      <mvc:annotation-driven><\/span>\r\n        <mvc:argument-resolvers><\/span>\r\n            <bean<\/span> class=<\/span>\"org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver\"<\/span> \/><\/span>\r\n        <\/mvc:argument-resolvers><\/span>\r\n    <\/mvc:annotation-driven><\/span>\r\n<\/code><\/pre>\n
                                                                    \n
                                                                  • \n
                                                                      namespace \u306e\u5834\u5408\u3001 CsrfToken \u3092\u5f15\u6570\u3067\u53d7\u3051\u53d6\u308b\u3088\u3046\u306b\u3059\u308b\u305f\u3081\u306b\u306f\u3001 CsrfTokenArgumentResolver \u3092 \u3067\u6307\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b<\/ul>\n<\/li>\n<\/ul>\n
                                                                       <\/p>\n
                                                                        Java Configuration \u306e\u5834\u5408\u306f @EnableWebSecurity \u3092\u4f7f\u3048\u3070\u81ea\u52d5\u7684\u306b\u767b\u9332\u3055\u308c\u308b\u306e\u3067\u3001\u8ffd\u52a0\u306e\u8a2d\u5b9a\u306f\u4e0d\u8981<\/ul>\n
                                                                        \u4e0eSpring Boot\u7684\u6574\u5408<\/h1>\n
                                                                        \u4f60\u597d\uff0c\u4e16\u754c<\/h2>\n
                                                                        \u843d\u5b9e<\/p>\n
                                                                        buildscript<\/span> {<\/span>\r\n    repositories<\/span> {<\/span>\r\n        mavenCentral<\/span>()<\/span>\r\n    }<\/span>\r\n    dependencies<\/span> {<\/span>\r\n        classpath<\/span> 'org.springframework.boot:spring-boot-gradle-plugin:1.5.6.RELEASE'<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n\r\napply<\/span> plugin:<\/span> 'java'<\/span>\r\napply<\/span> plugin:<\/span> 'spring-boot'<\/span>\r\n\r\nsourceCompatibility<\/span> =<\/span> '1.8'<\/span>\r\ntargetCompatibility<\/span> =<\/span> '1.8'<\/span>\r\ncompileJava<\/span>.<\/span>options<\/span>.<\/span>encoding<\/span> =<\/span> 'UTF-8'<\/span>\r\n\r\nrepositories<\/span> {<\/span>\r\n    mavenCentral<\/span>()<\/span>\r\n}<\/span>\r\n\r\ndependencies<\/span> {<\/span>\r\n    compile<\/span> 'org.springframework.boot:spring-boot-starter-web'<\/span>\r\n    compile<\/span> 'org.springframework.boot:spring-boot-starter-security'<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                                                                        package<\/span> sample.boot<\/span>;<\/span>\r\n\r\nimport<\/span> org.springframework.boot.SpringApplication<\/span>;<\/span>\r\nimport<\/span> org.springframework.boot.autoconfigure.SpringBootApplication<\/span>;<\/span>\r\n\r\n@SpringBootApplication<\/span>\r\npublic<\/span> class<\/span> Main<\/span> {<\/span>\r\n\r\n    public<\/span> static<\/span> void<\/span> main<\/span>(<\/span>String<\/span>[]<\/span> args<\/span>)<\/span> {<\/span>\r\n        SpringApplication<\/span>.<\/span>run<\/span>(<\/span>Main<\/span>.<\/span>class<\/span>,<\/span> args<\/span>);<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                                                                        <!doctype html><\/span>\r\n<html><\/span>\r\n    <head><\/span>\r\n        <meta<\/span> charset=<\/span>\"UTF-8\"<\/span> \/><\/span>\r\n        <title><\/span>Hello Spring Security with Spring Boot<\/title><\/span>\r\n    <\/head><\/span>\r\n    <body><\/span>\r\n        <h1><\/span>Hello Spring Security!!<\/h1><\/span>\r\n    <\/body><\/span>\r\n<\/html><\/span>\r\n<\/code><\/pre>\n
                                                                        \u786e\u8ba4\u52a8\u4f5c<\/p>\n
                                                                        $ gradle bootRun\r\nThe plugin id 'spring-boot' is deprecated. Please use 'org.springframework.boot' instead.\r\n:compileJava\r\n:processResources\r\n:classes\r\n:findMainClass\r\n:bootRun\r\n\r\n  .   ____          _            __ _ _\r\n \/\\\\ \/ ___'_ __ _ _(_)_ __  __ _ \\ \\ \\ \\\r\n( ( )\\___ | '_ | '_| | '_ \\\/ _` | \\ \\ \\ \\\r\n \\\\\/  ___)| |_)| | | | | || (_| |  ) ) ) )\r\n  '  |____| .__|_| |_|_| |_\\__, | \/ \/ \/ \/\r\n =========|_|==============|___\/=\/_\/_\/_\/\r\n :: Spring Boot ::        (v1.5.6.RELEASE)\r\n\r\n2017-08-02 22:55:17.710  INFO 13608 --- [           main] sample.boot.Main                         : Starting Main on .....\r\n with PID 13608 (...\\spring-boot-security\\build\\classes\\main started by .... in ...\\spring-boot-security)\r\n\r\n\uff08\u4e2d\u7565\uff09\r\n\r\n2017-08-02 22:55:19.756  INFO 13608 --- [           main] b.a.s.AuthenticationManagerConfiguration :\r\n\r\nUsing default security password: 40890087-600d-417d-962d-a856e139b9c4\r\n\r\n2017-08-02 22:55:19.808  INFO 13608 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='\/css\/**'], Ant [pattern='\/js\/**'], Ant [pattern='\/images\/**'], Ant [pattern='\/webjars\/**'], Ant [pattern='\/**\/favicon.ico'], Ant [pattern='\/error']]], []\r\n\r\n\uff08\u5f8c\u7565\uff09\r\n<\/code><\/pre>\n
                                                                        \u8bbf\u95ee http:\/\/localhost:8080\/hello.html\u3002<\/p>\n
                                                                        \"spring-boot-security.jpg\"<\/div>\n
                                                                        \u5f53\u5bf9\u8bdd\u6846\u5f39\u51fa\u540e\uff0c\u4f1a\u8981\u6c42\u8f93\u5165\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c\u8bf7\u6309\u7167\u4ee5\u4e0b\u65b9\u5f0f\u8f93\u5165\u3002<\/p>\n
                                                                        \n
                                                                        \u5165\u529b\u9805\u76ee\u5024\u30e6\u30fc\u30b6\u30fc\u540duser<\/code>\u30d1\u30b9\u30ef\u30fc\u30c9\u8d77\u52d5\u6642\u306b\u30b3\u30f3\u30bd\u30fc\u30eb\u306b\u51fa\u529b\u3055\u308c\u305f\u30d1\u30b9\u30ef\u30fc\u30c9<\/div>\n<\/div>\n
                                                                        \u5f53\u5e94\u7528\u7a0b\u5e8f\u542f\u52a8\u65f6\uff0c\u5bc6\u7801\u5c06\u5728\u63a7\u5236\u53f0\u4e0a\u8f93\u51fa\u3002<\/p>\n
                                                                        Using default security password: 40890087-600d-417d-962d-a856e139b9c4\r\n<\/code><\/pre>\n
                                                                        \"spring-boot-security.jpg\"<\/div>\n
                                                                        \u6210\u529f\u767b\u5f55\u540e\uff0c\u5c55\u793ahello.html\u7684\u5185\u5bb9\u3002<\/p>\n
                                                                        \u89e3\u91ca<\/p>\n
                                                                        dependencies<\/span> {<\/span>\r\n    compile<\/span> 'org.springframework.boot:spring-boot-starter-web'<\/span>\r\n    compile<\/span> 'org.springframework.boot:spring-boot-starter-security'<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                                                                        spring-boot-starter-security \u3092\u8ffd\u52a0\u3059\u308b\u3068 Spring Security \u306e\u4f9d\u5b58\u95a2\u4fc2\u304c\u8ffd\u52a0\u3055\u308c\u308b
                                                                        \n\u4f55\u3082\u3057\u306a\u3044\u3068\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u3067 Basic \u8a8d\u8a3c\u304c\u6709\u52b9\u306b\u306a\u308a\u3001 user \u3068\u3044\u3046\u540d\u524d\u306e\u30e6\u30fc\u30b6\u30fc\u304c\u30e1\u30e2\u30ea\u4e0a\u306b\u7528\u610f\u3055\u308c\u308b\uff08\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u8d77\u52d5\u3057\u306a\u304a\u3059\u3068\u5909\u308f\u308b\uff09<\/p>\n
                                                                        \u30d1\u30b9\u30ef\u30fc\u30c9\u306f security.user.password \u30d7\u30ed\u30d1\u30c6\u30a3\u3067\u660e\u793a\u3059\u308b\u3053\u3068\u3082\u53ef\u80fd<\/p>\n
                                                                        \u307e\u305f\u3001 \/js\/**, \/css\/**, \/images\/**, \/webjars\/**, **\/favicon.js \u3078\u306e\u30a2\u30af\u30bb\u30b9\u306f\u8a8d\u8a3c\u306a\u3057\u3067\u53ef\u80fd\u306a\u3088\u3046\u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b<\/p>\n
                                                                        \u660e\u786e\u8bbe\u5b9a<\/h2>\n
                                                                        \u5b9e\u65bd<\/p>\n
                                                                        package<\/span> sample.boot.config<\/span>;<\/span>\r\n\r\nimport<\/span> org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.config.annotation.web.builders.HttpSecurity<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity<\/span>;<\/span>\r\nimport<\/span> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter<\/span>;<\/span>\r\n\r\n@EnableWebSecurity<\/span>\r\npublic<\/span> class<\/span> MySecurityConfig<\/span> extends<\/span> WebSecurityConfigurerAdapter<\/span> {<\/span>\r\n\r\n    @Override<\/span>\r\n    protected<\/span> void<\/span> configure<\/span>(<\/span>HttpSecurity<\/span> http<\/span>)<\/span> throws<\/span> Exception<\/span> {<\/span>\r\n        http<\/span>.<\/span>authorizeRequests<\/span>()<\/span>\r\n            .<\/span>mvcMatchers<\/span>(<\/span>\"\/login\"<\/span>).<\/span>permitAll<\/span>()<\/span>\r\n            .<\/span>anyRequest<\/span>().<\/span>authenticated<\/span>()<\/span>\r\n            .<\/span>and<\/span>()<\/span>\r\n            .<\/span>formLogin<\/span>();<\/span>\r\n    }<\/span>\r\n\r\n    @Override<\/span>\r\n    protected<\/span> void<\/span> configure<\/span>(<\/span>AuthenticationManagerBuilder<\/span> auth<\/span>)<\/span> throws<\/span> Exception<\/span> {<\/span>\r\n        auth<\/span>.<\/span>inMemoryAuthentication<\/span>()<\/span>\r\n            .<\/span>withUser<\/span>(<\/span>\"foo\"<\/span>).<\/span>password<\/span>(<\/span>\"foo\"<\/span>).<\/span>authorities<\/span>(<\/span>\"TEST_USER\"<\/span>);<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
                                                                        \u786e\u8ba4\u64cd\u4f5c\u3002<\/p>\n
                                                                        \u8bbf\u95ee\u94fe\u63a5\uff1ahttp:\/\/localhost:8080\/hello.html<\/p>\n
                                                                        \"spring-boot-security.jpg\"<\/div>\n
                                                                        \u7531\u4e8e\u9ed8\u8ba4\u7684\u767b\u5f55\u9875\u9762\u663e\u793a\u51fa\u6765\u4e86, \u8bf7\u4f7f\u7528foo\u7528\u6237\u767b\u5f55\u3002<\/p>\n
                                                                        \"spring-boot-security.jpg\"<\/div>\n
                                                                        \u89e3\u91ca<\/p>\n
                                                                        \u901a\u8fc7\u6dfb\u52a0\u4f7f\u7528@EnableWebSecurity\u6ce8\u89e3\u7684\u914d\u7f6e\u7c7b\uff0c\u5e76\u901a\u8fc7\u660e\u786eSpring Security\u914d\u7f6e\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49\u9ed8\u8ba4\u884c\u4e3a\u3002<\/p>\n
                                                                        \u7ed9\u51fa\u4ee5\u4e0b\u4e2d\u6587\u53e5\u5b50\u7684\u540c\u4e49\u8868\u8fbe\uff1a<\/h1>\n
                                                                        \u53c2\u8003\u8d44\u6599\uff08can be used as a noun phrase\uff09<\/p>\n
                                                                          \n
                                                                        • \n
                                                                            37. Spring MVC Integration | Spring Security Reference<\/ul>\n<\/li>\n<\/ul>\n
                                                                             <\/p>\n
                                                                              28. Security | Spring Boot Reference Guide<\/ul>\n","protected":false},"excerpt":{"rendered":"
                                                                              Spring Security \u81ea5.4\u7248\u672c\u4ee5\u540e\uff0c\u5728\u914d\u7f6e\u65b9\u9762\u6709\u4e86\u91cd\u5927\u53d8\u5316\u3002\u66f4\u591a\u8be6\u60c5\u8bf7\u53c2\u9605@suke_masa\u5148 […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-40276","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n\u4f7f\u7528Spring Security\u5b9e\u73b0\u4e0eSpring MVC\u548cSpring Boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528spring-security\u5b9e\u73b0\u4e0espring-mvc\u548cspring-boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u4f7f\u7528Spring Security\u5b9e\u73b0\u4e0eSpring MVC\u548cSpring Boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55\" \/>\n<meta property=\"og:description\" content=\"Spring Security \u81ea5.4\u7248\u672c\u4ee5\u540e\uff0c\u5728\u914d\u7f6e\u65b9\u9762\u6709\u4e86\u91cd\u5927\u53d8\u5316\u3002\u66f4\u591a\u8be6\u60c5\u8bf7\u53c2\u9605@suke_masa\u5148 […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528spring-security\u5b9e\u73b0\u4e0espring-mvc\u548cspring-boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-05T09:56:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-29T13:39:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d3f7a37434c4406c8ef6a\/87-0.jpeg\" \/>\n<meta name=\"author\" content=\"\u97f5, \u79d1\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u97f5, \u79d1\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/\",\"name\":\"\u4f7f\u7528Spring Security\u5b9e\u73b0\u4e0eSpring MVC\u548cSpring Boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2022-11-05T09:56:59+00:00\",\"dateModified\":\"2024-04-29T13:39:04+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/6530331a63adef3b3443a1fab53a0e6e\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u4f7f\u7528Spring Security\u5b9e\u73b0\u4e0eSpring MVC\u548cSpring Boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/6530331a63adef3b3443a1fab53a0e6e\",\"name\":\"\u97f5, \u79d1\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/429ccb39b3fff5188bc17986222cfb0936cbadb8cc933cff04ab5ca01bd30a08?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/429ccb39b3fff5188bc17986222cfb0936cbadb8cc933cff04ab5ca01bd30a08?s=96&d=mm&r=g\",\"caption\":\"\u97f5, \u79d1\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/yunke\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u4f7f\u7528Spring Security\u5b9e\u73b0\u4e0eSpring MVC\u548cSpring Boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528spring-security\u5b9e\u73b0\u4e0espring-mvc\u548cspring-boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55\/","og_locale":"zh_CN","og_type":"article","og_title":"\u4f7f\u7528Spring Security\u5b9e\u73b0\u4e0eSpring MVC\u548cSpring Boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55","og_description":"Spring Security \u81ea5.4\u7248\u672c\u4ee5\u540e\uff0c\u5728\u914d\u7f6e\u65b9\u9762\u6709\u4e86\u91cd\u5927\u53d8\u5316\u3002\u66f4\u591a\u8be6\u60c5\u8bf7\u53c2\u9605@suke_masa\u5148 […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528spring-security\u5b9e\u73b0\u4e0espring-mvc\u548cspring-boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2022-11-05T09:56:59+00:00","article_modified_time":"2024-04-29T13:39:04+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d3f7a37434c4406c8ef6a\/87-0.jpeg"}],"author":"\u97f5, \u79d1","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u97f5, \u79d1","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"11 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/","name":"\u4f7f\u7528Spring Security\u5b9e\u73b0\u4e0eSpring MVC\u548cSpring Boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2022-11-05T09:56:59+00:00","dateModified":"2024-04-29T13:39:04+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/6530331a63adef3b3443a1fab53a0e6e"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u4f7f\u7528Spring Security\u5b9e\u73b0\u4e0eSpring MVC\u548cSpring Boot\u7684\u96c6\u6210\u7684\u65b9\u6cd5\u5907\u5fd8\u5f55"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/6530331a63adef3b3443a1fab53a0e6e","name":"\u97f5, \u79d1","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/429ccb39b3fff5188bc17986222cfb0936cbadb8cc933cff04ab5ca01bd30a08?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/429ccb39b3fff5188bc17986222cfb0936cbadb8cc933cff04ab5ca01bd30a08?s=96&d=mm&r=g","caption":"\u97f5, \u79d1"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/yunke\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8spring-security%e5%ae%9e%e7%8e%b0%e4%b8%8espring-mvc%e5%92%8cspring-boot%e7%9a%84%e9%9b%86%e6%88%90%e7%9a%84%e6%96%b9%e6%b3%95%e5%a4%87%e5%bf%98%e5%bd%95\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/40276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=40276"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/40276\/revisions"}],"predecessor-version":[{"id":87793,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/40276\/revisions\/87793"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=40276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=40276"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=40276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}