快速构建SpringSecurity环境
1. 引入jar包
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
2. 配置文件
新建SpringSecurityConfig
//开启SpringSecurity
@EnableWebSecurity
//开启基于注解的权限管理
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsServiceImpl")
//登录业务类
private UserDetailsService userDetailsService;
@Autowired
//登录成功处理器
private LoginSuccessHandler loginSuccessHandler;
@Autowired
//登录失败处理器
private LoginFailureHandler loginFailureHandler;
@Autowired
//密码解析器
private BCryptPasswordEncoder passwordEncoder;
//授权规则
@Override
protected void configure(HttpSecurity http) throws Exception {
//拦截规则
http.authorizeRequests()
.antMatchers("/user/login").permitAll()
.antMatchers("/login.html").permitAll()
.antMatchers("/image/**").permitAll()
.antMatchers("/system/**").hasRole("1")
.antMatchers("/data/**").hasRole("1")
.anyRequest().authenticated();
//登录配置
http.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/user/login")
.usernameParameter("username")
.passwordParameter("password")
.successHandler(loginSuccessHandler)
.failureHandler(loginFailureHandler);
//注销配置
http.logout()
.logoutUrl("/user/logout")
.logoutSuccessUrl("/login.html");
//关闭csrf防护
http.csrf().disable();
//配置iframe请求
http.headers().frameOptions().disable();
}
//认证配置
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder);
}
//配置密码解析器
@Bean
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
3. 编辑登录业务类
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserDao userDao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
SysUser user = userDao.selectById(username);
if (user == null){
throw new UsernameNotFoundException("用户名没有找到");
}
//返回三个参数:用户名、加密后数据库中的密码、权限列表
//如果权限以“ROLE_”开头,则为所属角色
return new User(username,
user.getPassword(),
AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_" + user.getType().toString()));
}
}
4. 编写登陆成功处理器
@Controller
public class LoginSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
response.setCharacterEncoding("utf-8");
response.setContentType("application/json;charset=utf-8");
response.getWriter().print(JSONUtil.toJsonStr(new BaseVo(HttpResult.SUCCESS)));
}
}
5. 编写登陆失败处理器
@Controller
public class LoginFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
response.setCharacterEncoding("utf-8");
response.setContentType("application/json;charset=utf-8");
response.getWriter().print(JSONUtil.toJsonStr(new BaseVo(HttpResult.USERNAME_OR_PASSWORD_ERROR)));
}
}