标签:protected 效果图 redirect factory exce desc epo on() run
访问url时,如果未登录时跳转到Login界面,要求用户登陆,如果登陆过返回请求的数据。
登陆成功进入登出界面
加入 Security 配置,数据库使用maybatis。
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.gailguo</groupId>
<artifactId>login</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>login</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.0.1</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
1. authorizeRequests() .antMatchers("/user/*").permitAll() .anyRequest().authenticated() 意思代表 /user 不需要进行授权认证,其他都需要认证。
2 .formLogin().loginPage("/login.html").loginProcessingUrl("/signin").successHandler(successHandler).failureHandler(failureHandler) 设置的登陆界面,和登陆的url 以及登陆成功的handler和失败的handler。
3 .usernameParameter("username").passwordParameter("password").permitAll() 用户名和密码的传参数
4 .logout().logoutUrl("/signout").logoutSuccessHandler(logoutSuccessHandler).permitAll(); 登出url ,以及handler
5 .csrf().disable()
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AjaxAuthSuccessHandler successHandler;
@Autowired
private AjaxAuthFailureHandler failureHandler;
@Autowired
private AjaxLogoutSuccessHandler logoutSuccessHandler;
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/user/*").permitAll() .anyRequest().authenticated()
.and()
.csrf().disable()
.formLogin().loginPage("/login.html").loginProcessingUrl("/signin").successHandler(successHandler).failureHandler(failureHandler)
.usernameParameter("username").passwordParameter("password").permitAll()
.and()
.logout().logoutUrl("/signout").logoutSuccessHandler(logoutSuccessHandler).permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return s.equals(charSequence.toString());
}
});
}
}
@Component
public class AjaxAuthSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
private static final Logger logger = LoggerFactory.getLogger(AjaxAuthSuccessHandler.class);
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
logger.info("Authentication success, {} login successfully", request.getParameter("username"));
response.setStatus(HttpServletResponse.SC_OK);
response.sendRedirect("/home.html");
}
}
@Component
public class AjaxAuthFailureHandler extends SimpleUrlAuthenticationFailureHandler {
private static final Logger logger = LoggerFactory.getLogger(AjaxAuthFailureHandler.class);
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
logger.info("Authentication error, {} login failed", request.getParameter("username"));
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentiaction Failed");
}
}
@Component
public class AjaxLogoutSuccessHandler implements LogoutSuccessHandler {
private static final Logger logger = LoggerFactory.getLogger(AjaxLogoutSuccessHandler.class);
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
httpServletResponse.setStatus(HttpServletResponse.SC_OK);
logger.info("Logout successfully, session id: {}", httpServletRequest.getSession().getId());
}
}
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
private Map<String, String> userRepository = new HashMap<>();
@PostConstruct
private void init() {
userRepository.put("zhangshan", "123456");
userRepository.put("guo", "123456");
}
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
return new User(s, userRepository.get(s), new ArrayList<>());
}
}
标签:protected 效果图 redirect factory exce desc epo on() run
原文地址:https://www.cnblogs.com/galibujianbusana/p/11336940.html