pom.xml加下springsecurity依赖

<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId>
</dependency>

SecurityConfig配置文件：

package com.java1234.config;import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;/*** spring security配置* @author java1234_小锋 （公众号：java1234）* @site www.java1234.vip* @company 南通小锋网络科技有限公司*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {private static final String URL_WHITELIST[] ={"/login","/logout","/captcha","/password","/image/**","/test/**"} ;@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {super.configure(auth);}@Overrideprotected void configure(HttpSecurity http) throws Exception {// 开启跨域 以及csrf攻击 关闭http.cors().and().csrf().disable()// 登录登出配置.formLogin()
//            .successHandler()
//            .failureHandler()
//        .and()
//            .logout()
//            .logoutSuccessHandler()// session禁用配置.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)  // 无状态// 拦截规则配置.and().authorizeRequests().antMatchers(URL_WHITELIST).permitAll()  // 白名单 放行.anyRequest().authenticated();// 异常处理配置// 自定义过滤器配置}
}