1.编写获取用户信息的接口
2.对mapper数据层接口进行实现
3.编写登陆业务层
4.编写登陆的逻辑
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Resource
LoginServiceImpl loginServiceImpl;
@Bean
PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder(10);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(loginServiceImpl);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
/*
* 这里允许所有请求经过
*
* */
// http.authorizeRequests()
// .anyRequest().permitAll().and().logout().permitAll()
// .and().csrf().disable();
//暂时把跨域攻击关了 不然不发POST请求
http.authorizeRequests()
.antMatchers("/api/**").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
.antMatchers("/Adminapi/**").hasRole("admin")
.antMatchers("/Dbapi/**").hasRole("dba")
.antMatchers("/registered/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginProcessingUrl("/login")
.usernameParameter("username")
.passwordParameter("password")
.successHandler(new NokiaAuthenticationSuccessHandler())
.failureHandler(new NokiaAuthenticationFailureHandler())
.permitAll()
.and()
.exceptionHandling()
.authenticationEntryPoint(new NokiaAuthenticationEntryPoint())
.and()
.csrf().disable();
}
}
5.实现三个控制器 对登陆成功 失败 未验证三种情况的返回值进行处理