项目结构:
验证实现——WebSecurityConfig.java
package com.dx.config;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
@Configuration
public class WebSecurityConfig extends WebMvcConfigurerAdapter{
/**
* 登录session key
*/
public final static String SESSION_KEY = "user";
@Bean
public SecurityInterceptor getSecurityInterceptor() {
return new SecurityInterceptor();
}
public void addInterceptors(InterceptorRegistry registry) {
InterceptorRegistration addInterceptor = registry.addInterceptor(getSecurityInterceptor());
// 排除配置
addInterceptor.excludePathPatterns("/error");
addInterceptor.excludePathPatterns("/login**");
// 拦截配置
addInterceptor.addPathPatterns("/**");
}
private class SecurityInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
HttpSession session = request.getSession();
if (session.getAttribute(SESSION_KEY) != null)
return true;
// 跳转登录
String url = "/login";
response.sendRedirect(url);
return false;
}
}
}
请求处理——MainController.java
package com.dx.controller;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.SessionAttribute;
import com.dx.config.WebSecurityConfig;
@Controller
public class MainController {
@GetMapping("/")
public String index(
@SessionAttribute(WebSecurityConfig.SESSION_KEY) String account,
Model model) {
model.addAttribute("name", account);
return "index";
}
@GetMapping("/login")
public String login() {
return "login";
}
@PostMapping("/loginPost")
public String loginPost(String account,
String password, HttpSession session) {
Map<String, Object> map = new HashMap<>();
if (!"123456".equals(password)) {
map.put("success", false);
map.put("message", "密码错误");
return "err";
}
// 设置session
session.setAttribute(WebSecurityConfig.SESSION_KEY, account);
map.put("success", true);
map.put("message", "登录成功");
return "index";
}
@GetMapping("/logout")
public String logout(HttpSession session) {
// 移除session
session.removeAttribute(WebSecurityConfig.SESSION_KEY);
return "redirect:/login";
}
}
index.html
<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>玩转spring boot——简单登录认证</title>
</head>
<body>
<h1>登陆成功!<a href="/logout"><font color="blue">注销</font></a></h1>
</body>
</html>
login.xml
<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>玩转spring boot——简单登录认证</title>
</head>
<body>
<h1>玩转spring boot——简单登录认证</h1>
<form action="/loginPost" method="post">
用户名:<input type="text" name="account"/> <br/>
密码:<input type="password" name="password"/>
<br />
<input type="submit" value="登录" />
</form>
</body>
</html>
err.html
<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>玩转spring boot——简单登录认证</title>
</head>
<body>
<h1>登陆失败!<a href="/logout"><font color="blue">返回</font></a></h1>
</body>
</html>