内存版(存储在客户端),配置如下
package com.example.springsecuritydemo.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.MessageDigestPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
// .loginPage("/login.html")// 自定义登录页面路径
// .loginProcessingUrl("/authentication/form")// 自定义页面的登录路径,注意要与登录页面的action值一致,<form action="/authentication/form" method="post">
.successForwardUrl("/product/info") //登录认证成功后转跳的路径
.and()
.authorizeRequests() // 定义哪些URL需要被保护、哪些不需要被保护
.antMatchers("/login.html").permitAll()// 设置所有人都可以访问登录页面
.anyRequest().authenticated() // 除了以上的请求外都需要身份验证
;
http.csrf().disable();// 禁用跨站攻击
http.rememberMe()
.tokenValiditySeconds(20)
.userDetailsService(userDetailsService); //记住我
}
@Autowired
private UserDetailsService userDetailsService;
}
`数据库持久化版(存储到数据库),代码如下
``
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private DataSource dataSource;//注入数据源
//持久化token存储
//数据库的表必须是persistent_logins ,字段必须是username(varchar(64) NOT NULL)、series(序列号(varchar(64) NOT NULL))、token(varchar(64) NOT NULL)、last_used(更新时间timestamp NOT NULL)
// create table persistent_logins (username varchar(64) not null, series varchar(64) primary key,token varchar(64) not null, last_used timestamp not null)
@Bean
public PersistentTokenRepository persistentTokenRepository(){
JdbcTokenRepositoryImpl tokenRepository=new JdbcTokenRepositoryImpl();//这个接口完成建表,查询,修改等操作
tokenRepository.setDataSource(dataSource);
tokenRepository.setCreateTableOnStartup(true);//true表示启动的时候会自动建表,如果表已存在则不能再创建传false
return tokenRepository;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
// .loginPage("/login.html")// 自定义登录页面路径
// .loginProcessingUrl("/authentication/form")// 自定义页面的登录路径,注意要与登录页面的action值一致,<form action="/authentication/form" method="post">
.successForwardUrl("/product/info") //登录认证成功后转跳的路径
.and()
.authorizeRequests() // 定义哪些URL需要被保护、哪些不需要被保护
.antMatchers("/login.html").permitAll()// 设置所有人都可以访问登录页面
.anyRequest().authenticated() // 除了以上的请求外都需要身份验证
;
http.csrf().disable();// 禁用跨站攻击
http.rememberMe()
.tokenValiditySeconds(20)
.tokenRepository(persistentTokenRepository())
.userDetailsService(userDetailsService); //记住我
}
}