<dependency>
 <groupId>org.springframework.boot</groupId>  
 <artifactId>spring-boot-starter-security</artifactId>  
</dependency>

import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import com.fasterxml.jackson.databind.ObjectMapper;

/**
 * 參考網(wǎng)址：
 * https://blog.csdn.net/XlxfyzsFdblj/article/details/82083443
 * https://blog.csdn.net/lizc_lizc/article/details/84059004
 * https://blog.csdn.net/XlxfyzsFdblj/article/details/82084183
 * https://blog.csdn.net/weixin_36451151/article/details/83868891
 * 查找了很多文件，有用的還有有的，感謝他們的辛勤付出
 * Security配置文件，項目啟動時就加載了
 * @author 程就人生
 *
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
 
 @Autowired
 private MyPasswordEncoder myPasswordEncoder;
 
 @Autowired
 private UserDetailsService myCustomUserService;
 
 @Autowired
 private ObjectMapper objectMapper;

 @Override
 protected void configure(HttpSecurity http) throws Exception {
 
  http
  .authenticationProvider(authenticationProvider())
  .httpBasic()
  //未登錄時，進(jìn)行json格式的提示，很喜歡這種寫法，不用單獨寫一個又一個的類
   .authenticationEntryPoint((request,response,authException) -> {
    response.setContentType("application/json;charset=utf-8");
    response.setStatus(HttpServletResponse.SC_FORBIDDEN);
    PrintWriter out = response.getWriter();
    Map<String,Object> map = new HashMap<String,Object>();
    map.put("code",403);
    map.put("message","未登錄");
    out.write(objectMapper.writeValueAsString(map));
    out.flush();
    out.close();
   })
   
   .and()
   .authorizeRequests()
   .anyRequest().authenticated() //必須授權(quán)才能范圍
   
   .and()
   .formLogin() //使用自帶的登錄
   .permitAll()
   //登錄失敗，返回json
   .failureHandler((request,response,ex) -> {
    response.setContentType("application/json;charset=utf-8");
    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    PrintWriter out = response.getWriter();
    Map<String,Object> map = new HashMap<String,Object>();
    map.put("code",401);
    if (ex instanceof UsernameNotFoundException || ex instanceof BadCredentialsException) {
     map.put("message","用戶名或密碼錯誤");
    } else if (ex instanceof DisabledException) {
     map.put("message","賬戶被禁用");
    } else {
     map.put("message","登錄失敗!");
    }
    out.write(objectMapper.writeValueAsString(map));
    out.flush();
    out.close();
   })
   //登錄成功，返回json
   .successHandler((request,response,authentication) -> {
    Map<String,Object> map = new HashMap<String,Object>();
    map.put("code",200);
    map.put("message","登錄成功");
    map.put("data",authentication);
    response.setContentType("application/json;charset=utf-8");
    PrintWriter out = response.getWriter();
    out.write(objectMapper.writeValueAsString(map));
    out.flush();
    out.close();
   })
   .and()
   .exceptionHandling()
   //沒有權(quán)限，返回json
   .accessDeniedHandler((request,response,ex) -> {
    response.setContentType("application/json;charset=utf-8");
    response.setStatus(HttpServletResponse.SC_FORBIDDEN);
    PrintWriter out = response.getWriter();
    Map<String,Object> map = new HashMap<String,Object>();
    map.put("code",403);
    map.put("message", "權(quán)限不足");
    out.write(objectMapper.writeValueAsString(map));
    out.flush();
    out.close();
   })
   .and()
   .logout()
   //退出成功，返回json
   .logoutSuccessHandler((request,response,authentication) -> {
    Map<String,Object> map = new HashMap<String,Object>();
    map.put("code",200);
    map.put("message","退出成功");
    map.put("data",authentication);
    response.setContentType("application/json;charset=utf-8");
    PrintWriter out = response.getWriter();
    out.write(objectMapper.writeValueAsString(map));
    out.flush();
    out.close();
   })
   .permitAll();
   //開啟跨域訪問
   http.cors().disable();
   //開啟模擬請求，比如API POST測試工具的測試，不開啟時，API POST為報403錯誤
   http.csrf().disable();
 }
 
 @Override
 public void configure(WebSecurity web) {
  //對于在header里面增加token等類似情況，放行所有OPTIONS請求。
  web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**");
 }

 @Bean
 public AuthenticationProvider authenticationProvider() {
  DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
  //對默認(rèn)的UserDetailsService進(jìn)行覆蓋
  authenticationProvider.setUserDetailsService(myCustomUserService);
  authenticationProvider.setPasswordEncoder(myPasswordEncoder);
  return authenticationProvider;
 }
 
}

import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
/**
 * 登錄專用類
 * 自定義類，實現(xiàn)了UserDetailsService接口，用戶登錄時調(diào)用的第一類
 * @author 程就人生
 *
 */
@Component
public class MyCustomUserService implements UserDetailsService {

 /**
  * 登陸驗證時，通過username獲取用戶的所有權(quán)限信息
  * 并返回UserDetails放到spring的全局緩存SecurityContextHolder中，以供授權(quán)器使用
  */
 @Override
 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
  //在這里可以自己調(diào)用數(shù)據(jù)庫，對username進(jìn)行查詢，看看在數(shù)據(jù)庫中是否存在
  MyUserDetails myUserDetail = new MyUserDetails();
  myUserDetail.setUsername(username);
  myUserDetail.setPassword("123456");
  return myUserDetail;
 }
}

import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
/**
 * 自定義的密碼加密方法，實現(xiàn)了PasswordEncoder接口
 * @author 程就人生
 *
 */
@Component
public class MyPasswordEncoder implements PasswordEncoder {

 @Override
 public String encode(CharSequence charSequence) {
  //加密方法可以根據(jù)自己的需要修改
  return charSequence.toString();
 }

 @Override
 public boolean matches(CharSequence charSequence, String s) {
  return encode(charSequence).equals(s);
 }
}

import java.util.Collection;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

/**
 * 實現(xiàn)了UserDetails接口，只留必需的屬性，也可添加自己需要的屬性
 * @author 程就人生
 *
 */
@Component
public class MyUserDetails implements UserDetails {

 /**
  * 
  */
 private static final long serialVersionUID = 1L;

 //登錄用戶名
 private String username;
 //登錄密碼
 private String password;

 private Collection<? extends GrantedAuthority> authorities;

 public void setUsername(String username) {
  this.username = username;
 }

 public void setPassword(String password) {
  this.password = password;
 }

 public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
  this.authorities = authorities;
 }

 @Override
 public Collection<? extends GrantedAuthority> getAuthorities() {
  return this.authorities;
 }

 @Override
 public String getPassword() {
  return this.password;
 }

 @Override
 public String getUsername() {
  return this.username;
 }

 @Override
 public boolean isAccountNonExpired() {
  return true;
 }

 @Override
 public boolean isAccountNonLocked() {
  return true;
 }

 @Override
 public boolean isCredentialsNonExpired() {
  return true;
 }

 @Override
 public boolean isEnabled() {
  return true;
 }
}

MyUserDetails myUserDetails= (MyUserDetails) SecurityContextHolder.getContext().getAuthentication() .getPrincipal();

//開啟跨域訪問
http.cors().disable();
//開啟模擬請求，比如API POST測試工具的測試，不開啟時，API POST為報403錯誤
http.csrf().disable();