Spring boot Security 登陆安全配置
2024-08-26 09:13:37
实现的效果
访问url时,如果未登录时跳转到Login界面,要求用户登陆,如果登陆过返回请求的数据。
效果图
访问数据时,未登录返回login界面
登陆操作
登陆成功进入登出界面
登陆成功后再次访问数据
POM 文件
加入 Security 配置,数据库使用maybatis。
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent> <groupId>com.gailguo</groupId>
<artifactId>login</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>login</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.0.1</version>
</dependency> <dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency> <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency> <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency> </dependencies> <build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build> </project>
WebSecurityConfigurerAdapter配置Security信息
1. authorizeRequests() .antMatchers("/user/*").permitAll() .anyRequest().authenticated() 意思代表 /user 不需要进行授权认证,其他都需要认证。
2 .formLogin().loginPage("/login.html").loginProcessingUrl("/signin").successHandler(successHandler).failureHandler(failureHandler) 设置的登陆界面,和登陆的url 以及登陆成功的handler和失败的handler。
3 .usernameParameter("username").passwordParameter("password").permitAll() 用户名和密码的传参数
4 .logout().logoutUrl("/signout").logoutSuccessHandler(logoutSuccessHandler).permitAll(); 登出url ,以及handler
5 .csrf().disable()
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired
private AjaxAuthSuccessHandler successHandler; @Autowired
private AjaxAuthFailureHandler failureHandler; @Autowired
private AjaxLogoutSuccessHandler logoutSuccessHandler; @Autowired
private UserDetailsServiceImpl userDetailsService; @Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/user/*").permitAll() .anyRequest().authenticated()
.and()
.csrf().disable()
.formLogin().loginPage("/login.html").loginProcessingUrl("/signin").successHandler(successHandler).failureHandler(failureHandler)
.usernameParameter("username").passwordParameter("password").permitAll()
.and()
.logout().logoutUrl("/signout").logoutSuccessHandler(logoutSuccessHandler).permitAll();
} @Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
} @Override
public boolean matches(CharSequence charSequence, String s) {
return s.equals(charSequence.toString());
}
});
}
}
SimpleUrlAuthenticationSuccessHandler
登陆成功时
@Component
public class AjaxAuthSuccessHandler extends SimpleUrlAuthenticationSuccessHandler { private static final Logger logger = LoggerFactory.getLogger(AjaxAuthSuccessHandler.class); @Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
logger.info("Authentication success, {} login successfully", request.getParameter("username"));
response.setStatus(HttpServletResponse.SC_OK);
response.sendRedirect("/home.html");
}
}
fail
@Component
public class AjaxAuthFailureHandler extends SimpleUrlAuthenticationFailureHandler { private static final Logger logger = LoggerFactory.getLogger(AjaxAuthFailureHandler.class); @Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
logger.info("Authentication error, {} login failed", request.getParameter("username"));
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentiaction Failed");
}
}
loginout success
@Component
public class AjaxLogoutSuccessHandler implements LogoutSuccessHandler { private static final Logger logger = LoggerFactory.getLogger(AjaxLogoutSuccessHandler.class); @Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
httpServletResponse.setStatus(HttpServletResponse.SC_OK);
logger.info("Logout successfully, session id: {}", httpServletRequest.getSession().getId());
}
}
UserDetailsService
@Service
public class UserDetailsServiceImpl implements UserDetailsService { private Map<String, String> userRepository = new HashMap<>(); @PostConstruct
private void init() {
userRepository.put("zhangshan", "123456");
userRepository.put("guo", "123456");
} @Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
return new User(s, userRepository.get(s), new ArrayList<>());
}
}
代码:
https://github.com/galibujianbusana/login
最新文章
- 手动实现jQuery Tools里面tab功能
- java基础—继承题目:编写一个Animal类,具有属性:种类;具有功能:吃、睡。定义其子类Fish
- Eclipse 代码自动提示的设置
- ELK+redis集群搭建
- [TSP+floyd]POJ3311 Hie with the Pie
- 不同的路径 II
- codeforces #268 div2 D
- Badge分析&如何逼死处女座
- 终于有人把O2O、C2C、B2B、B2C的区别讲透了!
- FTP与TFTP
- javaScript 设计模式系列之四:组合模式
- CentOs下Mongodb的下载与安装
- JavaScript工作体系中不可或缺的函数
- Nginx 针对建立TCP连接优化
- JAVA版本8u171与8u172的区别
- C# 之抽象类和抽象方法
- python中常见的错误类型
- shiro实现账号同一时间只能在一处登录(非单点登录)
- 创新大师Steve Blank: 你真的知道什么是真正的精益创业吗?
- halcon 手眼标定的坐标转换原理讲解