BrowserSecurityConfig
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
tokenRepository.setDataSource(dataSource);
//启动时建表,下次启动服务记得关掉
//tokenRepository.setCreateTableOnStartup(true);
return tokenRepository;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
/*
http.formLogin() //表单登录
.loginPage("/imooc-signIn.html") //指定登录页面,替代spring security默认页面
.loginProcessingUrl("/authentication/form") //对应form表单中的action,UsernamePasswordAuthenticationFilter将处理此URL对应的请求
//http.httpBasic() //http登录对话框
.and()
.authorizeRequests()
.antMatchers("/imooc-signIn.html").permitAll() //别忘了,不然会循环跳转
//.antMatchers("/authentication/form").permitAll() //别忘了,不然会循环跳转
.anyRequest()
.authenticated()
.and()
.csrf().disable();
*/
/*
http.formLogin() //表单登录
.loginPage("/authentication/require") //跳转到BrowserSecurityController对应路径
.loginProcessingUrl("/authentication/form") //对应form表单中的action,UsernamePasswordAuthenticationFilter将处理此URL对应的请求
//http.httpBasic() //http登录对话框
.and()
.authorizeRequests()
.antMatchers("/authentication/require").permitAll() //别忘了,不然会循环跳转
.anyRequest()
.authenticated()
.and()
.csrf().disable();
*/
//创建并验证码过滤器ValidateCodeFilter,并把它加到UsernamePasswordAuthenticationFilter前面
//ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
//validateCodeFilter.setAuthenticationFailureHandler(imoocAuthenticationFailureHandler);
//validateCodeFilter.setSecurityProperties(securityProperties);
//validateCodeFilter.afterPropertiesSet();
http
//把ValidateCodeFilter插入到UsernamePasswordAuthenticationFilter前面
.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)
.formLogin() //表单登录
.loginPage("/authentication/require") //跳转到BrowserSecurityController对应路径
.loginProcessingUrl("/authentication/form") //对应form表单中的action,UsernamePasswordAuthenticationFilter将处理此URL对应的请求
.loginProcessingUrl("/authentication/mobile")
//http.httpBasic() //http登录对话框
.successHandler(imoocAuthenticationSuccessHandler) //验证成功后调用此处理器
.failureHandler(imoocAuthenticationFailureHandler) //验证失败后调用此处理器
//remeberMe配置
.and()
.rememberMe()
.tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(securityProperties.getBrowser().getRemmberMeSeconds())
.userDetailsService(userDetailsService)
//验证码配置
.and()
.authorizeRequests()
.antMatchers("/authentication/require",
SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_MOBILE, //authentication/mobile
securityProperties.getBrowser().getLoginPage(),
"/error",
"/code/*" //验证码图片
).permitAll() //别忘了,不然会循环跳转
//此处securityProperties.getBrowser().getLoginPage()读出的就是wxm-spring-security-demo//main/java/resources/application.properties中的"imooc.security.browser.loginPage = /demo-signIn.html"
//.antMatchers("/authentication/form").permitAll() //别忘了,不然会循环跳转
.anyRequest()
.authenticated()
.and()
.csrf().disable();
}