securityconfigration主要的配置文件
@Configuration
@EnableWebSecurity //开启websecurity相关功能
@EnableMethodSecurity //开启方法安全校验
public class SecurityConfigration {
@Resource
DataSource dataSource;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http,PersistentTokenRepository repository) throws Exception {
return http
.authorizeHttpRequests()
.antMatchers("/register.html").permitAll()
.antMatchers("/static/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("dologin")
.defaultSuccessUrl("/")
.permitAll()
.and()
.logout()
.logoutUrl("/dologout")
.logoutSuccessUrl("/login")
.permitAll()
.and()
.rememberMe()
.tokenRepository(repository)
.tokenValiditySeconds(60*60*24)
.and()
.csrf()
.disable()
.cors()
.configurationSource(this.corsConfigurationSource())
.and()
.build();
}
// return http
// .authorizeHttpRequests(auth -> { // 验证请求拦截和放行配置
// auth.antMatchers("/static/**").permitAll(); //放行静态资源
// auth.antMatchers().authenticated();
// })
// .formLogin(conf -> { //表单登录相关配置
// conf.loginPage("/login"); //将登录页面设置为我们自己的登录页面
// conf.loginProcessingUrl("/dologin"); //登录表单提交的地址,可以自定义
// conf.defaultSuccessUrl("/"); //登录成功后跳转的页面
// conf.permitAll(); //将登录相关的地址放行,否则未登录的用户连登录界面都进不去
// //用户名和密码的表单字段名称,不过默认就是这个,可以不配置,除非有特殊需求
// conf.usernameParameter("username");
// conf.passwordParameter("password");
// })
// .logout(conf -> {
// conf.logoutUrl("/dologout");
// conf.logoutSuccessUrl("/login");
// conf.permitAll();
// })
// .cors(conf -> conf.disable())
// .rememberMe(conf -> {
// conf.alwaysRemember(false); //这里不要开启始终记住,我们需要配置为用户自行勾选默认为false
// conf.rememberMeParameter("remember-me"); //记住我表单字段名,可以自定义,默认为remember-me
// })
// .build();
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
private CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration cors = new CorsConfiguration();
cors.addAllowedOriginPattern("*");
cors.setAllowCredentials(true);
cors.addExposedHeader("*");
cors.addAllowedMethod("*");
cors.addExposedHeader("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**",cors);
return source;
}
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
tokenRepository.setDataSource(dataSource);
// 设置表名,默认为 persistent_logins,如果你的表名不同,可以在这里设置
// tokenRepository.setTableName("persistent_logins");
tokenRepository.setCreateTableOnStartup(false);
return tokenRepository;
}
}
进行密码校验的配置文件
@Service
public class AuthorizeServiceImpl implements AuthorizeService {
@Autowired
AdminDao adminDao;
@Autowired
StringRedisTemplate redisTemplate;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Admin adminByUsername = adminDao.findAdminByUsername(username);
String token = "user" + UUID.randomUUID() + ":" +adminByUsername.getId();
if (adminByUsername == null)
throw new UsernameNotFoundException("用户名或密码错误");
String s = JSON.toJSONString(adminByUsername);
redisTemplate.opsForValue().set(token,s);
System.out.println("登录成功:"+s);
return User
.withUsername(adminByUsername.getUsername())
.password(adminByUsername.getPassword())
.roles("user")
.build();
}
}