spring boot + spring security + ajax 实现登录退出session管理

最新推荐文章于 2023-05-25 11:23:14 发布
最新推荐文章于 2023-05-25 11:23:14 发布
阅读量469 收藏
点赞数
文章标签: java spring spring boot
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_37958655/article/details/105320511
版权

文章目录

登录验证–> 权限管理–>session 设置

Maven导入jar包

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.66</version>
        </dependency>

数据库设计

   --用户表
       CREATE TABLE L_USER (
			ID NUMBER NULL ,
			USERNAME VARCHAR2(30 BYTE) NULL ,
			PASSWORD VARCHAR2(255 BYTE) NULL ,
			ENABLED NUMBER NULL ,
			LOCKED NUMBER NULL 
		)
		-- 权限表
		CREATE TABLE L_ROLE (
			ID NUMBER NULL ,
			NAME VARCHAR2(50 BYTE) NULL ,
			NAMEZH VARCHAR2(50 BYTE) NULL 
		)
		-- 用户权限关联表
		CREATE TABLE L_USER_ROLE (
			ID NUMBER NULL ,
			USERID NUMBER NULL ,
			ROLEID NUMBER NULL 
		)

创建实体类

@ApiModel(value = "用户实体类", description = "用户信息描述类")
public class User implements UserDetails {
    @ApiModelProperty(value = "用户名id")
    private Integer id ;
    @ApiModelProperty(value = "用户名")
    private String username ;
    @ApiModelProperty(value = "密码")
    private String password ;
    @ApiModelProperty(value = "是否可用")
    private Boolean enabled ;
    @ApiModelProperty(value = "是否锁定")
    private Boolean locked ;
    @ApiModelProperty(value = "角色")
    private List<Role> roles ;
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
       List<SimpleGrantedAuthority> authorities =  new ArrayList<>();
       for(Role role : roles){
            authorities.add(new SimpleGrantedAuthority(role.getName()));
       }
        return authorities;
    }

    @Override
    public String getPassword() {
        return password;
    }

    @Override
    public String getUsername() {
        return username;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return !locked;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return enabled;
    }

    public Integer getId() {
        return id;
    }

    public void setId(Integer id) {
        this.id = id;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public void setPassword(String password) {
        this.password = password;
    }
  // 这个一定要注释掉,会重复
   /* public Boolean getEnabled() {
        return enabled;
    }*/

    public void setEnabled(Boolean enabled) {
        this.enabled = enabled;
    }

    public Boolean getLocked() {
        return locked;
    }

    public void setLocked(Boolean locked) {
        this.locked = locked;
    }

    public List<Role> getRoles() {
        return roles;
    }

    public void setRoles(List<Role> roles) {
        this.roles = roles;
    }

    public User() {
    }

    @Override
    public String toString() {
        return "User{" +
                "id=" + id +
                ", username='" + username + '\'' +
                ", password='" + password + '\'' +
                ", enabled=" + enabled +
                ", locked=" + locked +
                ", roles=" + roles +
                '}';
    }
}
public class Role {
    private Integer id ;
    private String name ;
    private String nameZH;

    public Integer getId() {
        return id;
    }

    public void setId(Integer id) {
        this.id = id;
    }

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public String getNameZH() {
        return nameZH;
    }

    public void setNameZH(String nameZH) {
        this.nameZH = nameZH;
    }

    @Override
    public String toString() {
        return "Role{" +
                "id=" + id +
                ", name='" + name + '\'' +
                ", nameZH='" + nameZH + '\'' +
                '}';
    }
}
public class Result {
    private Integer code ;
    private String message ;

    public Integer getCode() {
        return code;
    }

    public void setCode(Integer code) {
        this.code = code;
    }

    public String getMessage() {
        return message;
    }

    public void setMessage(String message) {
        this.message = message;
    }
}

Mapper文件(部分代码省去,只有sql语句)

	<select id="loadUserByUsername"  resultType="com.springtest.model.User">
			SELECT *  FROM l_user where username = #{username}
		</select>
	<select id="getUserRolesByUid" resultType="com.springtest.model.Role">
			select a.*,b.NAME,b.NAMEZH
			from
			L_USER_ROLE a LEFT JOIN L_ROLE b
			on a.ROLEID = b.ID
			where a.USERID = #{id}
	</select>

UserService 准备

@Service
public class UserService implements UserDetailsService {
    @Autowired
    UserMapper userMapper;
    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        User user = userMapper.loadUserByUsername(s);
        if(user == null){
            throw new UsernameNotFoundException("用户名不存在");
        }
        user.setRoles(userMapper.getUserRolesByUid(user.getId()));
        return user;
    }
}

登录,权限验证

@Configuration
//@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    UserService userService;
    @Autowired
    MyAuthenticationFailHandler authenticationFailHandler;
    @Autowired
    MyAuthenticationSuccessHandler authenticationSuccessHandler;
    @Autowired
    CustomAccessDeniedHandler deniedHandler;
    @Bean
    PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/js/**","/login_page.html");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService);
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
               .withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
                    @Override
                    public <O extends FilterSecurityInterceptor> O postProcess(O o) {
                        o.setSecurityMetadataSource(cfisms());
                        o.setAccessDecisionManager(cadm());
                        return o;
                    }
                })
               /*.antMatchers("/admin/**").hasRole("admin")
                .antMatchers("/db/**").hasRole("dba")*/
                .anyRequest()
                .authenticated()
                .and()
                .formLogin()
                .loginPage("/login_page.html")
                .loginProcessingUrl("/login")
                //.successForwardUrl("/index.html")
                .permitAll()
                .failureHandler(authenticationFailHandler)
                .successHandler(authenticationSuccessHandler)
                .and()
                .logout()
                .logoutUrl("/logout")
                .clearAuthentication(true)
                .invalidateHttpSession(true)
                .logoutSuccessHandler(new LogoutSuccessHandler() {
                    @Override
                    public void onLogoutSuccess(HttpServletRequest httpServletRequest,
                                                HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
                        httpServletResponse.setStatus(HttpServletResponse.SC_OK);
                        httpServletResponse.setContentType("application/json; charset=utf-8");
                        PrintWriter writer = httpServletResponse.getWriter();
                        Result result = new Result();
                        result.setCode(1);
                        result.setMessage("退出成功");
                        writer.write(new ObjectMapper().writeValueAsString(result));
                        writer.flush();
                        writer.close();
                    }
                })
                .permitAll()
                .and()
                .csrf().disable()
                .exceptionHandling()
                .accessDeniedHandler(deniedHandler)
                .and()
                .sessionManagement() //session超时管理
                .invalidSessionUrl("/login_page.html"); //session超时跳向的url;
    }
    @Bean
    CustomFilterInvocationSecurityMetadataSource cfisms(){
        return new CustomFilterInvocationSecurityMetadataSource();
    }
    @Bean
    CustomAccessDecisionManager cadm(){
       return new CustomAccessDecisionManager();
    }
}
----------------------------------------------------------------
@Component
public class CustomFilterInvocationSecurityMetadataSource
        implements FilterInvocationSecurityMetadataSource {
    AntPathMatcher antPathMatcher = new AntPathMatcher();
    @Autowired
    MenuMapper menuMapper;
    @Override
    public Collection<ConfigAttribute> getAttributes(Object o) throws IllegalArgumentException {
        String requestUrl = ((FilterInvocation) o).getRequestUrl();
        List<Menu> menus = menuMapper.getAllMenus();
        for(Menu menu : menus){
          if(antPathMatcher.match(menu.getPattern(),requestUrl)){
              List<Role> roles = menu.getRoles();
              String[] roleArr = new String[roles.size()];
              for(int i=0 ;i < roleArr.length ; i++){
                  roleArr[i] = roles.get(i).getName();
              }
              return SecurityConfig.createList(roleArr);

          }
        }
        return SecurityConfig.createList("ROLE_LOGIN");
    }

    @Override
    public Collection<ConfigAttribute> getAllConfigAttributes() {
        return null;
    }

    @Override
    public boolean supports(Class<?> aClass) {
        return FilterInvocation.class.isAssignableFrom(aClass);
    }
}
----------------------------------------------------------------------------------
@Component
public class CustomAccessDecisionManager implements AccessDecisionManager {
    @Override
    public void decide(Authentication authentication, Object o, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
        for (ConfigAttribute configAttribute : collection){
            if("ROLE_LOGIN".equals(configAttribute.getAttribute())
                    && authentication instanceof UsernamePasswordAuthenticationToken){
                    return;
            }
            for (GrantedAuthority authority : authorities){
                if(configAttribute.getAttribute().equals(authority.getAuthority())){
                    return;
                }
            }
        }
        throw  new AccessDeniedException("权限不足");
    }

    @Override
    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    @Override
    public boolean supports(Class<?> aClass) {
        return true;
    }
}
-------------------------------------------------------------------------------
@Component
public class CustomAccessDeniedHandler implements AccessDeniedHandler {
    private String errorPage;
    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
        httpServletResponse.setStatus(HttpServletResponse.SC_OK);
        httpServletResponse.setContentType("application/json; charset=utf-8");
        PrintWriter writer = httpServletResponse.getWriter();
        Result result = new Result();
        result.setCode(0);
        result.setMessage("权限不足");
        //httpServletResponse.sendRedirect("/login_page.html");
        writer.write(new ObjectMapper().writeValueAsString(result));
        writer.flush();
        writer.close();

    }
}
-------------------------------------------------------------------------------------------
@Component
public class MyAuthenticationFailHandler implements AuthenticationFailureHandler {
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
                                        AuthenticationException e) throws IOException {

        response.setStatus(HttpServletResponse.SC_OK);
        response.setContentType("application/json; charset=utf-8");
        PrintWriter writer = response.getWriter();
        Result result = new Result();
        result.setCode(0);
        if(e instanceof BadCredentialsException || e instanceof UsernameNotFoundException){
            result.setMessage("账户名或者密码不正确");
        }else if(e instanceof LockedException){
            result.setMessage("账户被锁定,请联系管理员");
        }else if(e instanceof CredentialsExpiredException){
            result.setMessage("密码过期,请联系管理员");
        }else if(e instanceof AccountExpiredException){
            result.setMessage("账户过期,请联系管理员");
        }else if(e instanceof DisabledException){
            result.setMessage("账户被禁,请联系管理员");
        }else {
            result.setMessage("登陆失败");
        }

        writer.write(new ObjectMapper().writeValueAsString(result));
        writer.flush();
        writer.close();




    }
}
-------------------------------------------------------------------------------------
@Component
public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        httpServletResponse.setStatus(HttpServletResponse.SC_OK);
        httpServletResponse.setContentType("application/json; charset=utf-8");
        PrintWriter writer = httpServletResponse.getWriter();
        Result result = new Result();
        result.setCode(1);
        result.setMessage("登录成功");
        writer.write(new ObjectMapper().writeValueAsString(result));
        writer.flush();
        writer.close();
        //httpServletResponse.sendRedirect("/index.html");
    }
}

配置session过期时间

server:
  servlet:
    session:
      timeout: 600 #秒

测试(ajax)

--------------------登录-------------------------
    $('#btn').click(function () {
       var username = $('#username').val();
       var password = $('#password').val();
       $.ajax({
           url: '/login',
           type: "post",
           dataType: 'json',
           data: {
               username:username,
               password:password
           },
           success: function (res) {
               console.log(res);
               if (res.code == '0'){
                   alert(res.message);
               }else{
                  // $(location).attr('href','/index.html');
                  location.href = "index.html";
               }
           },
           error: function (e) {
               console.log(e);
           }

       })
   })
   ---------------------------退出------------------------------
       $('#btn').click(function () {
       $.ajax({
           url: '/logout',
           type: "post",
           dataType: 'json',
           data: {
              id:1
           },
           success: function (res) {
               console.log(res);
               if (res.code == '0'){
                  // alert('权限不足');
               }else{
                   location.href = "login_page.html";
               }
           },
           error: function (e) {
               console.log(e);
           }

       })
   })
CV架构师
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Spring boot+vue3+element plus实现后台管理系统
07-04
Spring boot作为后端,vue框架实现前端,后端整合swagger3测试工具,jwt实现验证码生成,awt生成图形验证码,整合邮箱验证,使用mybatis-generator自动生成实体类以及mapper,设置有拦截器验证登录状态,设置有跨域...
用户登录色一句java_SpringBoot中用SpringSecurity实现用户登录返回其拥有哪些角色...
weixin_39719127的博客
02-24 124
注:在使用springsecurity之前我们用普通的登录方式- _1 v2 C4 a8 h, m8 h6 q2 q+ l: [1、前端发来登录请求会带上username,password: M) f7 B5 T( W9 p' p+ a2、后端根据username去数据库查询用户,查不到表示用户不存在,查到了再拿password去和数据库进行比对5 \7 E* d- m& E( ?  3、...
SpringBoot使用SpringSecurity自定义用户登录与自定义权限-session
chitiguan0536的博客
04-15 6381
SpringSecurity的学习成本比较高,API比较难懂,这里记录一下用SpringSecurity实现项目的登录各种需求 首先实现自定义用户登录与自定义权限的session模式,session其实就是存储在服务器上的用户信息,用户登录后会返回一个sessionID存储到...
SpringBoot SpringSecurity 登录、登出自定义与HttpSecurity配置
scdncby的博客
07-03 1481
SpringBoot SpringSecurity 登录、登出自定义与HttpSecurity配置 yml中的变量配置 ############################ -- 认证 -- ############################ security-fig: login-url: /login login-processing-url: /loginProcess error-url: /loginFail logout-url: /signout .
Springboot +spring security,如何解决Session共享问题
weixin_40991408的博客
05-25 1086
Springboot +spring security,如何解决Session共享问题
SpringBoot整合SpringSecurity遇到的SESSION验证问题
qq_33388068的博客
12-02 4221
SpringBoot整合SpringSecurity遇到的SESSION不一致问题。后端采用springboot+spring security前端还是jsp,所以还是session验证的方式登录。但是整合好后测试发现问题,每次登录跳转到首页之后刷新页面又重定向到了login页面
SpringMVC + Spring Security+Ajax 实现自定义登录
Abdulaziz的博客
03-21 500
SpringMVC + Spring Security+Ajax 实现自定义登录 自定义的用户需要实现UserDetails接口,Security这个框架不关心你的应用时怎么存储用户和权限信息的。只要取出来的时候把它包装成一个CustomUserDetails 对象就OK。 本文只包含关键代码: springsecurity配置文件 <http> <!-- 自定义登陆 --> <form-login login-page="/login" /> <!-- 自
SpringBoot+SpringSecurity处理Ajax登录请求
weixin_33968104的博客
12-20 2236
最近在项目中遇到了这样一个问题:前后端分离,前端用Vue来做,所有的数据请求都使用vue-resource,没有使用表单,因此数据交互都是使用JSON,后台使用Spring Boot,权限验证使用了Spring Security,因为之前用Spring Security都是处理页面的,这次单纯处理Ajax请求,因此记录下遇到的一些问题。这...
springboot+ajax实现登录验证
热门推荐
lyy的博客
10-20 1万+
1.基本思路:        前台登录页面form表单,用jquery设置表单提交按钮点击事件,不考虑其他情况,理想化用户已经输入了用户名和密码,然后点击提交,然后调用ajax向后台传入json数据,后台将json转化为用户自己设置的实体类,然后调用后台函数判断用户输入的用户名和密码的正误,返回给前台一个值,前台根据后台返回的值来进行跳转或者弹窗提示账号或密码错误。 2.只附上关键代码: 获...
基于spring boot + maven + opencv 实现的图像深度学习Demo项目.zip
05-05
基于spring boot + maven + opencv 实现的图像深度学习Demo项目,包含车牌识别、人脸识别、证件识别等功能,贯穿样本处理、模型训练、图像处理、对象检测、对象识别等技术点。 基于spring boot + maven + opencv ...
Springboot+SpringSecurity+SpringSession+Redis+Mybatis-Plus+Swwager.zip
11-17
Springboot+SpringSecurity+SpringSession+Redis+Mybatis-Plus+Swwager
spring boot+thymeleaf+bootstrap实现后台管理系统界面
08-28
主要为大家详细介绍了spring boot+thymeleaf+bootstrap简单实现后台管理系统界面,具有一定的参考价值,感兴趣的小伙伴们可以参考一下
springsecurity+oauth2+jwt实现单点登录demo
06-06
该资源是springsecurity+oauth2+jwt实现的单点登录demo,模式为授权码模式,实现自定义登录页面和自定义授权页面。应用数据存在内存中或者存在数据库中(附带数据库表结构),token存储分为数据库或者Redis。demo...
SpringBoot实现登录登出,登录管理
Naland's Blog
07-09 1万+
账户模块中必要的功能登录登出,相信这个大家都经常使用了。简单介绍下在SpringBoot中的实现 先说下实现思路: 用户名密码存储在数据库中,前端发出请求,拦截器先检测用户有无登录,若有登录可直接请求接口。无需登录就可请求的接口需要加@NoLogin自定义注解。若未登录,前端跳转到登录页面,调用登录接口,系统在后台验证用户名密码,验证通过将用户信息存储在redis中和线程上下文中。 一、设计...
springboot 解决跨域问题
12-04 245
//解决跨域问题 @Configuration public class CrosConfig { private CorsConfiguration buildConfig() { CorsConfiguration corsConfiguration = new CorsConfiguration(); corsConfiguration.addAllowedOrigin("*"); corsConfiguration.addAllowedHea
spring boot+ajax实现邮箱发送验证码
最新发布
08-10
Spring Boot可以通过使用AJAX技术实现邮箱发送验证码功能。以下是一个实现的示例: 1. 在前端页面中,使用HTML和JavaScript创建一个表单来接收用户的邮箱信息和验证码。包括一个输入邮箱的文本框、一个发送验证码...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值