package com.nroad.heartserver.model;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import javax.persistence.*;
import java.sql.Timestamp;
import java.util.Collection;
/**
* Operator entity. @author MyEclipse Persistence Tools
*/
@Entity
@Table(name = "operator", schema = "heart_server")
public class Operator implements UserDetails {
// Property accessors
@Id
@Column(unique = true, nullable = false, length = 32)
private String username;
@Column(length = 32)
@Enumerated(EnumType.STRING)
private ROLE role;
@Column(length = 32)
private String password;
@Column(length = 8)
private String addPerson;
@Column( length = 23)
private Timestamp addDate;
// Constructors
/**
* default constructor
*/
public Operator() {
}
/**
* minimal constructor
*/
public Operator(String username) {
this.username = username;
}
/**
* full constructor
*/
public Operator(String username, ROLE role, String password, String addPerson, Timestamp addDate) {
this.username = username;
this.role = role;
this.password = password;
this.addPerson = addPerson;
this.addDate = addDate;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public ROLE getRole() {
return role;
}
public void setRole(ROLE role) {
this.role = role;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return null;
}
public String getPassword() {
return this.password;
}
public void setPassword(String password) {
this.password = password;
}
public String getAddPerson() {
return this.addPerson;
}
public void setAddPerson(String addPerson) {
this.addPerson = addPerson;
}
public Timestamp getAddDate() {
return this.addDate;
}
public void setAddDate(Timestamp addDate) {
this.addDate = addDate;
}
/**
* Returns {@code true} if the supplied object is a {@code User} instance with the
* same {@code username} value.
* <p>
* In other words, the objects are equal if they have the same username, representing the
* same principal.
*/
@Override
public boolean equals(Object rhs) {
if (rhs instanceof Operator) {
return username.equals(((Operator) rhs).username);
}
return false;
}
/**
* Returns the hashcode of the {@code username}.
*/
@Override
public int hashCode() {
return username.hashCode();
}
@Override
public boolean isAccountNonExpired() {
return false;
}
@Override
public boolean isAccountNonLocked() {
return false;
}
@Override
public boolean isCredentialsNonExpired() {
return false;
}
@Override
public boolean isEnabled() {
return false;
}
}
package com.nroad.heartserver.config;
import com.nroad.heartserver.security.CustomUserDetailsService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.session.HttpSessionEventPublisher;
/**
* MyWebSecurityConfigurerAdapter
* Created by jiyy on 2017/1/9.
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MyWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
@Bean
protected UserDetailsService userDetailsService() {
return new CustomUserDetailsService();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder( new Md5PasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().sameOrigin();//set X-Frame-Options
http.csrf().disable();//set csrf
http
.authorizeRequests()//验证请求每个macher按照他们的声明顺序执行
.antMatchers("/**","/","/heartserver")//resources and main server url
.permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.usernameParameter("username") // default is username
.passwordParameter("password") // default is password
.loginPage("/heartserver") // default is /login with an HTTP get
.loginProcessingUrl("/login") // default is /login ,here use security default
.successForwardUrl("/after-login")
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.permitAll()
.and()
.sessionManagement()
.invalidSessionUrl("/heartserver")
.maximumSessions(1)//防止用户多次登录
.expiredUrl("/heartserver")
.and()
.and()
.httpBasic();
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
}
设置了单点登陆,但还是能登陆。求大神指导