登录
使用session登录
- 配置拦截器(设置你的登陆界面)
@Configuration
public class MyMvcConfig implements WebMvcConfigurer{
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LoginHandlerInterceptor())
.addPathPatterns("/**").excludePathPatterns("/user/login");
}
}
- 配置corsFilter过滤器
tips:corsFilter配置的是全局过滤器,会在项目运行的时候配置完成。需要主要注意的是你后续的配置(比如设置请求头)可能会把这里的设置覆盖。
@Configuration
public class CorsConfig implements WebMvcConfigurer {
@Bean
public CorsFilter corsFilter() {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOriginPattern("*");
config.setAllowCredentials(true);
config.addAllowedMethod("*");
config.addAllowedHeader("*");
UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource();
configSource.registerCorsConfiguration("/**", config);
return new CorsFilter(configSource);
}
}
- 重写prehandle
public class LoginHandlerInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Object session = request.getSession().getAttribute("LoginUser");
if (session == null) {
response.reset();
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8");
response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
response.addHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
response.addHeader("Access-Control-Max-Age", "3600");
String origin = request.getHeader("Origin");
response.setHeader("Access-Control-Allow-Origin", origin);
response.setHeader("Access-Control-Allow-Credentials", "true");
PrintWriter printWriter=response.getWriter();
printWriter.write("{\"status\":403}");
printWriter.flush();
printWriter.close();
return false;
} else {
return true;
}
}
}
- 登陆函数
- userMapper里的获取用户名密码这里就不赘述了
@RestController
@Slf4j
public class LoginController {
@Autowired
private UserMapper userMapper;
@CrossOrigin
@RequestMapping(value = "/user/login", method = RequestMethod.POST)
public Result login(@RequestParam("username") String userName,
@RequestParam("password") String password,
HttpServletRequest request, HttpServletResponse response) {
HttpSession session = request.getSession();
session.setAttribute("LoginUser", userName);
User user = userMapper.getUserByName(userName);
if (user == null) {
System.out.println("用户名为空!!");
}
else if (password.equals(user.getPassword())) {
return new Result(ResponseCode.successCode, "登录成功");
} else {
return new Result(ResponseCode.passwordErrorCode, "密码错误");
}
return new Result(ResponseCode.passwordErrorCode, "用户名或密码错误");
}
@RequestMapping(value = "/user/loginOut", method = RequestMethod.POST)
public void loginOut(HttpSession session, HttpServletRequest request, HttpServletResponse response) {
session.removeAttribute("LoginUser");
session.invalidate();
}
}
spring-security登录
- 引入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
- 配置Spring Security配置类
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsServiceImpl;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsServiceImpl);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginProcessingUrl("/user/login")
.successHandler((request,response,authentication) -> {
Map<String,Object> map = new HashMap<>();
map.put("status",200);
map.put("message","登录成功");
map.put("data",authentication);
response.setContentType("application/json;charset=utf-8");
PrintWriter out = response.getWriter();
JSONObject json = new JSONObject(map);
out.write(json.toJSONString());
out.flush();
out.close();
})
.failureHandler((request,response,ex) -> {
response.setContentType("application/json;charset=utf-8");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
PrintWriter out = response.getWriter();
Map<String,Object> map = new HashMap<>();
map.put("status",201);
if (ex instanceof UsernameNotFoundException || ex instanceof BadCredentialsException) {
map.put("status",401);
map.put("message","用户名或密码错误");
} else if (ex instanceof DisabledException || ex instanceof InternalAuthenticationServiceException) {
response.setStatus(200);
map.put("status",402);
map.put("message","账户被禁用!!");
} else {
map.put("message","登录失败!");
}
JSONObject json = new JSONObject(map);
out.write(json.toJSONString());
out.flush();
out.close();
})
.permitAll()
.and()
.authorizeRequests()
.requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
.antMatchers("/v2/api-docs","/swagger-resources/**","/swagger-ui.html", "/webjars/**").permitAll()
.anyRequest().authenticated()
.and()
.csrf().disable()
.cors()
.and()
.exceptionHandling()
.authenticationEntryPoint(new AuthenticationEntryPoint() {
@Override
public void commence(HttpServletRequest req, HttpServletResponse resp, AuthenticationException authException) throws IOException, ServletException {
resp.setContentType("application/json;charset=utf-8");
PrintWriter out = resp.getWriter();
Map<String,Object> map = new HashMap<>();
map.put("status",403);
map.put("message","登录信息失效!");
out.write(new ObjectMapper().writeValueAsString(map));
out.flush();
out.close();
}
});
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
- 重写登录函数loadUserByUsername
@Service
public class securityUserDetailsServiceImpl implements UserDetailsService {
@Autowired
UsersMapper usersMapper;
@Autowired
RolesMapper rolesMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DisabledException{
if (username == null || "".equals(username)) {
throw new BadCredentialsException("用户不能为空");
}
Users user = usersMapper.selectOne(new QueryWrapper<Users>().eq("username",username));
boolean isEnabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
if (user == null) {
throw new UsernameNotFoundException("用户不存在");
}
if (user.getStatus() == 0) {
isEnabled = false;
}
user.setLastLoginTime(LocalDateTime.now());
usersMapper.updateById(user);
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
String role = rolesMapper.selectOne(new QueryWrapper<Roles>().eq("id", user.getRid())).getRole();
GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_" + role);
grantedAuthorities.add(grantedAuthority);
return new User(user.getUsername(), user.getPassword(), isEnabled, accountNonExpired, credentialsNonExpired, accountNonLocked, grantedAuthorities);
}
}
- 接口权限控制
- tips:spring-security还可以在数据库存储不同角色对应的url路径,通过控制不同路径的权限来实现前端不同角色对应不同的菜单页面。