thymeleaf配套Security6

springboot3 security （一）简单模式

Spring Boot 2.x 及更早版本：
使用 spring.security.user.name 和 spring.security.user.password 直接在 application.properties 中配置默认用户是常见做法。
示例：

spring.security.user.name=admin
spring.security.user.password=123456

Spring Boot 2.7+ 和 Spring Security 5.7+：
官方开始弃用 spring.security.user.* 配置，推荐使用更灵活的 SecurityFilterChain 或新的配置方式。
现在写一个最简单的thymeleaf配套Security6的，登录页面是默认的，先用默认的，最简单模式

先写一个SecurityConfig.java

package cn.dails.Security;


import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

/**
 * @author dzl
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/").permitAll()
                        .anyRequest().authenticated()
                )
                .formLogin(form -> form
                        .loginPage("/login") // 默认登录页 URL
                        .permitAll()
                )
                .csrf(csrf -> csrf.disable()); // 临时禁用 CSRF（仅测试用）

        return http.build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) {
        String userPassword = passwordEncoder.encode("123");
        String adminPassword = passwordEncoder.encode("456");


        UserDetails user = User.builder()
                .username("user")
                .password(userPassword)
                .roles("USER")
                .build();

        UserDetails admin = User.builder()
                .username("admin")
                .password(adminPassword)
                .roles("ADMIN")
                .build();

        return new InMemoryUserDetailsManager(user, admin);
    }
}

其次写一个LoginController ，配套一个index.html,让他拦截

package cn.dails.rest;


import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;

/**
 * @author dzl
 */
@Slf4j
@Controller
public class LoginController {

    @GetMapping("/")
    public String home() {
        log.info("index");
        // 返回名为 "index" 的模板或 HTML 页面
        return "index";
    }
    

}

recourse下面建一个templates文件夹

里面写一个index.html

<html xml:th="https://www.thymeleaf.org" xmlns:th="http://www.w3.org/1999/xhtml">
<head>
    <title>
        Hello Spring Security
    </title>
</head>
<body>
<h1>Hello Security</h1>
<a th:href="@{/logout}">Log Out 1 </a>
<a href="/logout">Log Out 2</a>
</body>
</html>