篇幅原因,这里是记录个人感觉比较重要的代码块(下图的config包和controller包),crud代码不在粘贴,想要源码的兄弟们可以去文章底部链接,去下载大佬的源码哈
配置类CustomSpringBootWebSecurityConfiguration.java,Security登陆时的核心配置类
@Configuration
@ConditionalOnClass(WebSecurityConfigurerAdapter.class)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
public class CustomSpringBootWebSecurityConfiguration {
private static final String LOGIN_PROCESSING_URL = "/process";
/**
* The type Default configurer adapter.
*/
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER)
static class DefaultConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.cors()
.and()
.authorizeRequests().anyRequest().authenticated()
.and()
// .addFilterBefore(preLoginFilter, UsernamePasswordAuthenticationFilter.class)
// 登录
.formLogin().loginProcessingUrl(LOGIN_PROCESSING_URL).successForwardUrl("/login/success").failureForwardUrl("/login/failure");
//.and().logout().addLogoutHandler(new CustomLogoutHandler()).logoutSuccessHandler(new CustomLogoutSuccessHandler());
}
}
}
自定义配置类 UserDetailsServiceConfiguration.java,这个类的作用是自定义一个 UserDetailsManager,这样的话,返回的数据就是你自己想返回的,而不是security自定义返回数据,UserDetailsManager是security对用户信息进行crud操作的一个类,可以看源码哈
@Configuration
public class UserDetailsServiceConfiguration {
/**
* UserDetails 持久化出口.
*
* @return the user details repository
*/
@Bean
public UserDetailsRepository userDetailsRepository() {
return new UserDetailsRepository();
}
/**
* User details manager 自定义.
*
* @param userDetailsRepository the user details repository
* @see org.springframework.security.provisioning.JdbcUserDetailsManager
* @return the user details manager
*/
@Bean
public UserDetailsManager userDetailsManager(UserDetailsRepository userDetailsRepository) {
return new UserDetailsManager() {
@Override
public void createUser(UserDetails user) {
userDetailsRepository.createUser(user);
}
@Override
public void updateUser(UserDetails user) {
userDetailsRepository.updateUser(user);
}
@Override
public void deleteUser(String username) {
userDetailsRepository.deleteUser(username);
}
@Override
public void changePassword(String oldPassword, String newPassword) {
userDetailsRepository.changePassword(oldPassword, newPassword);
}
@Override
public boolean userExists(String username) {
return userDetailsRepository.userExists(username);
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
return userDetailsRepository.loadUserByUsername(username);
}
};
}
}
定义登陆成功或者失败返回的数据
@Slf4j
@RestController
@RequestMapping("/login")
public class LoginController extends BaseApiService {
@Resource
private SysUserService sysUserService;
/**
* 登录失败返回 401 以及提示信息.
*
* @return the rest
*/
@PostMapping("/failure")
public Response loginFailure() {
return setResultError("登陆失败了,老哥");
}
/**
* 登录成功后拿到个人信息.
*
* @return the rest
*/
@PostMapping("/success")
public Response loginSuccess() {
// 登录成功后用户的认证信息 UserDetails会存在 安全上下文寄存器 SecurityContextHolder 中
User principal = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
String username = principal.getUsername();
SysUser sysUser = sysUserService.queryByUsername(username);
// 脱敏
sysUser.setEncodePassword("[PROTECT]");
return setResultSuccess(sysUser);
}
}
启动项目,输入url
文章内容转载来自https://www.felord.cn/categories/spring-security/,感谢大佬的分享