SpringSecurity 一款权限框架,第一次配置真的是搞毛了。
首先导包
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
/*@Override
public void configure(HttpSecurity http) throws Exception {
// 请求进行拦截 验证 accessToken
http
.authorizeRequests()
// .antMatchers("/api-user/web/**").hasAnyAuthority("SuperAdmin", "SysAdmin")
///任何请求,登录后可以访问
.anyRequest()
.authenticated()
//允许所有用户访问与基于表单的登出
.and()
.logout()//设置登出
.permitAll()
//允许所有用户访问与基于表单的登录
.and()
.formLogin()//设置表单登录
.usernameParameter("username").passwordParameter("password")//设置验证的字段
.loginPage("http://localhost:63343/tm_web/login.html")//设置登录页面
.loginProcessingUrl("/api-user/public/storeUser/managerUserLogin")//设置请求登录接口
.successHandler(myAuthenctiationSuccessHandler) // 自定义登录成功处理
.failureHandler(myAuthenctiationFailureHandler) // 自定义登录失败处理
//解决跨域
.and()
.cors()
// 关闭csrf防护
.and()
.csrf()
.disable();
}*/
//登录失败
@Component("myAuthenctiationFailureHandler")
public class MyAuthenctiationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
private Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
private ObjectMapper objectMapper;
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
logger.info("登录失败");
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
response.setContentType("application/json;charset=UTF-8");
// response.getWriter().write(objectMapper.writeValueAsString(new BaseResponse(exception.getMessage())));
JSONObject jsonObject = new JSONObject();
jsonObject.put("state", "200");
jsonObject.put("message", "登录失败");
jsonObject.put("objectMapper", objectMapper.writeValueAsString(new BaseResponse(exception.getMessage())));
response.getWriter().write(jsonObject.toJSONString());
ServletOutputStream out = response.getOutputStream();
out.flush();
out.close();
}
}
//登陆成功
@Component("myAuthenctiationSuccessHandler")
public class MyAuthenctiationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
@Autowired
private ObjectMapper objectMapper;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
System.out.println("登录成功");
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
SecurityContextHolder.getContext().setAuthentication(authentication);
String token = jwtTokenUtil.generateToken(userDetails);
response.setContentType("application/json;charset=UTF-8");
// response.getWriter().write(objectMapper.writeValueAsString(authentication));
JSONObject jsonObject = new JSONObject();
jsonObject.put("state", "200");
jsonObject.put("message", "登录成功");
jsonObject.put("token", token);
jsonObject.put("objectMapper", objectMapper.writeValueAsString(authentication));
response.getWriter().write(jsonObject.toJSONString());
ServletOutputStream out = response.getOutputStream();
out.flush();
out.close();
}
}