SpringSecurity实现拦截未登录页面

最新推荐文章于 2024-03-19 14:13:44 发布

怪只怪满眼尽是人间烟火

最新推荐文章于 2024-03-19 14:13:44 发布

阅读量6.7k

点赞数

分类专栏： SpringSecurity

本文链接：https://blog.csdn.net/weixin_38959210/article/details/95045081

版权

SpringSecurity 专栏收录该内容

3 篇文章 0 订阅

订阅专栏

首先引入依赖：

            <dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-thymeleaf</artifactId>
		    </dependency>	 

            <dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		    </dependency>

两个前端页面第一个login.html：

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">

<title>Insert title here</title>
</head>
<body>
        登录页面   <p th:text="${msg}"></p>
	<form action="/login_check" method="post">
		<input type="text" name="username" /></br> </br> <input type="text"
			name="password" /></br> </br> <input type="submit" value="登录" /></br>
	</form>


</body>
</html>

第二个页面index.html

<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
    <form action="/login" method="post">
		<input type="submit" value="退出" /></br>
	</form>
	你好啊！ <p th:text="${user}"></p>
</body>
</html>

java代码：controller

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
 
@Controller
public class IndexController {
 
	@RequestMapping("/index")
	@ResponseBody
	public ModelAndView index() {
		ModelAndView mode=new ModelAndView();
		mode.addObject("user", "qushen");
		mode.setViewName("index");
		return mode;
	}
 
	@RequestMapping("/login")
	public ModelAndView login() {
		ModelAndView mode=new ModelAndView();
		mode.addObject("msg", "后台消息模板返回成功...");
		mode.setViewName("login");
		return mode;
	}
}

下面就是 Security的java类配置文件：

首先先写一个加密方式 MyPasswordEncoder.java：

import org.springframework.security.crypto.password.PasswordEncoder;

public class MyPasswordEncoder implements PasswordEncoder{

	@Override
	public String encode(CharSequence RawPassword) {
		
		return RawPassword.toString();
	}

	@Override
	public boolean matches(CharSequence RawPassword, String EncodePassword) {
		
		return EncodePassword.equals(RawPassword.toString());
	}

	
	
}

然后写Security的主要配置文件：

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
	
	
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 
		auth.inMemoryAuthentication().withUser("qushen").password("123456").roles("ADMIN").and().passwordEncoder(new MyPasswordEncoder());
	}
	
	@Bean
	@Override
	protected AuthenticationManager authenticationManager() throws Exception {
		return super.authenticationManager();
	}
 
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().disable(); // 关闭跨站检测
		http.authorizeRequests().anyRequest().fullyAuthenticated(); // 所有的请求全验证
		http.formLogin().loginPage("/login").loginProcessingUrl("/login_check").failureUrl("/login").defaultSuccessUrl("/index").permitAll();
		http.logout().permitAll();
	}
 
}