Spring Boot & Spring Security 最佳实践 - Hello, World! - 专题

Spring Boot 最佳实践

vim Hi.java

package com.example;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@SpringBootApplication
public class Hi {

    public static void main(String[] args) {
        SpringApplication.run(Main.class, args);
    }
}

@RestController
class HelloWorld {

    @RequestMapping("/")
    public String helloworld() {
        return "Hello, World!";
    }
}

build.gradle

 apply plugin: 'java'
 ...
 dependencies {
  implementation 'org.springframework.boot:spring-boot-starter-web:2.3.0.RELEASE'
 }

Run：

gradle -PrunClassName=com.example.Hi runSingle

访问网址和默认端口 - http://localhost:8080/

Spring Security 最佳实践

vim Hi.java

package com.example;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@SpringBootApplication
public class Hi {

    public static void main(String[] args) {
        SpringApplication.run(Main.class, args);
    }
}

@RestController
class HelloWorld {

    @RequestMapping("/")
    public String helloworld() {
        return "Hello, World!";
    }
}

// [可选 - 仅用于Spring Security]
@EnableWebSecurity
class WSCA extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        //  http 404 example - http://localhost:8080/new/404
        http.authorizeRequests().antMatchers("/new/**").permitAll();

        super.configure(http);
    }
}

build.gradle

 apply plugin: 'java'
 ...
 dependencies {
  implementation 'org.springframework.boot:spring-boot-starter-web:2.3.0.RELEASE'

  // [可选] 启用Form Login表单登录页
  // 表单登录默认用户名是user 密码则会输出在控制台 - Using generated security password: 随机生成
  implementation 'org.springframework.boot:spring-boot-starter-security:2.3.0.RELEASE'
 }

[可选] Spring Security配置文件：
src/main/resources/application.yml

#   更改内置错误页路径 /error 至 /new/error
server:
  error:
    path: /new/error
#   设定默认用户名和密码
spring:
  security:
    user:
      name: user
      password: user

Run：
gradle -PrunClassName=com.example.Hi runSingle

访问网址和默认端口 - http://localhost:8080/

Spring CORS跨域：

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@Configuration
public class SpringCORS {

    // 用于Spring Security时应提升该Filter优先级：httpSecurity.cors()...
    @Bean
    CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.addAllowedOrigin("*");
        config.setAllowCredentials(true);
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
    }
}