在配置主类添加代码
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers(new String[]{"/js/**","/css/**","/picture/**","/images/**","/fonts/**","/**/favicon.ico"}).permitAll() .antMatchers("/home/*").permitAll() .anyRequest().authenticated() // .antMatchers(StaticParams.PATHREGX.NOAUTH,StaticParams.PATHREGX.CSS,StaticParams.PATHREGX.JS,StaticParams.PATHREGX.IMG).permitAll()//无需访问权限 //.antMatchers(StaticParams.PATHREGX.AUTHADMIN).hasAuthority(StaticParams.USERROLE.ROLE_ADMIN)//admin角色访问权限 //.antMatchers(StaticParams.PATHREGX.AUTHUSER).hasAuthority(StaticParams.USERROLE.ROLE_USER)//user角色访问权限 StaticParams自定义枚举 .and() .formLogin().successHandler(zhu()) //配置过滤器 .loginPage("/login") .failureUrl("/login?error") //.defaultSuccessUrl("/equipment/getIndex", true) .permitAll() .and() .logout() .invalidateHttpSession(true) //是否清除Http session中的内容 .permitAll().and() .csrf() //关闭csrf验证 .disable(); } @Bean public MyAuthenticationSuccessHandler zhu() { return new MyAuthenticationSuccessHandler(); //自写的security过滤器 }
新建MyAuthenticationSuccessHandler 实现AuthenticationSuccessHandler接口
/** * * security跳转过滤器 * @author 苏俊源 * */ @Component //定义filter类 public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication arg2) throws IOException, ServletException { // TODO Auto-generated method stub String f = request.getParameter("f"); //login前端页面表单中添加name为f的隐藏字段 if (StringUtils.isNotEmpty(f)) { if(f.equals("su")){ //response.setCharacterEncoding("UTF-8"); //response.getWriter().write("登录成功123"); response.sendRedirect("/"); } }else{ request.getRequestDispatcher("/").forward(request, response); } }
