SpringBoot-注销登录配置(续HttpSecurity)

最新推荐文章于 2024-04-07 18:22:23 发布
最新推荐文章于 2024-04-07 18:22:23 发布
阅读量160 收藏
点赞数
分类专栏: SpringBoot 文章标签: java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_39232166/article/details/105341424
版权
本文主要探讨了SpringBoot中如何进行注销登录的配置,通过HttpSecurity进行设置,并通过Postman进行了实际的测试验证。
摘要由CSDN通过智能技术生成

注销登录配置

package org.akk.security.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.CredentialsContainer;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Bean
    PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("uuc").password("123").roles("admin")
                .and()
                .withUser("akk").password("123").roles("user");
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/admin/**").hasRole("admin")
                .antMatchers("user/**").hasAnyRole("admin", "user")
                .anyRequest().authenticated()
                .and()
                .formLogin()
                //这里就是处理登录的url,
                .loginProcessingUrl("/doLogin")
                //跳转的登录界面
                .loginPage("/login")
                .usernameParameter("name")
                .passwordParameter("passwd")
                .successHandler(new AuthenticationSuccessHandler() {
                    //authentication中保存了登陆成功的用户信息
                    @Override
                    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
                        httpServletResponse.setContentType("application/json;charset = utf-8");
                        PrintWriter out = httpServletResponse.getWriter();
                        Map<String, Object> map = new HashMap<>();
                        map.put("status", 200);
                        map.put("msg", authentication.getPrincipal());
                        out.write(new ObjectMapper().writeValueAsString(map));
                        out.flush();
                        out.close();
                    }
                })
                .failureHandler(new AuthenticationFailureHandler() {
                    @Override
                    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
                        httpServletResponse.setContentType("application/json;charset = utf-8");
                        PrintWriter out = httpServletResponse.getWriter();
                        Map<String, Object> map = new HashMap<>();
                        map.put("status", 401);
                        if (e instanceof LockedException) {
                            map.put("msg", "账户被锁定,登陆失败");
                        } else if (e instanceof BadCredentialsException) {
                            map.put("msg", "用户名或者密码输入错误,登陆失败");
                        } else if (e instanceof DisabledException) {
                            map.put("msg", "账户被禁用,登陆失败");
                        } else if (e instanceof AccountExpiredException) {
                            map.put("msg", "账户过期,登陆失败");
                        } else if (e instanceof CredentialsContainer) {
                            map.put("msg", "密码过期,登陆失败");
                        }else{
                            map.put("msg","登陆失败");
                        }
                        out.write(new ObjectMapper().writeValueAsString(map));
                        out.flush();
                        out.close();
                    }
                })
                .permitAll()
                .and()
                //配置logout进行注销
                .logout()
                //请求地址
                .logoutUrl("/logout")
                .logoutSuccessHandler(new LogoutSuccessHandler() {
                    @Override
                    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
                        httpServletResponse.setContentType("application/json;charset = utf-8");
                        PrintWriter out = httpServletResponse.getWriter();
                        Map<String, Object> map = new HashMap<>();
                        map.put("status", 200);
                        map.put("msg", "注销登录成功");
                        out.write(new ObjectMapper().writeValueAsString(map));
                        out.flush();
                        out.close();
                    }
                })
                .and()
                .csrf().disable();
    }
}

postman测试:
在这里插入图片描述

azto
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
serverhttpsecurity 缺少_在类resourceserverconfiguration.configure中使用httpsecurity.requestmatchers在Spring ...
weixin_32308039的博客
01-30 751
如果需要配置多个HttpSecurity在您的应用程序中,HttpSecurity.requestMatchers()或其他(但类似)配置选项之一:HttpSecurity.requestMatcher(RequestMatcher)HttpSecurity.antMatcher(String)HttpSecurity.mvcMatcher(String)HttpSecurity.regexMat...
【第四篇】SpringSecurityHttpSecurity详解
最新发布
筱白爱学习!的博客
06-12 1361
HttpSecurity配置以及结构详解
【DAY7】spring boot实现登陆注销,信息分页显示
HulkWong的博客
07-27 325
今天主要是使用springboot实现了网站的登陆注销以及信息的分页显示。 项目包结构如下 用户登录 controller层中,UserController实现以下几个方法 @GetMapping public String toLogin() { return "admin/login"; } @PostMapping("login") public String login(String username, String password, H
SpringSecurity入门6---注销登录
Anntly的博客
04-08 261
代码地址 实现 SpringSecurity为我们实现了注销的逻辑,修改配置即可实现注销 @Override protected void configure(HttpSecurity http) throws Exception { JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryI...
SpringBoot使用Spring Security实现登录注销
hunwgh的博客
09-22 1235
1.首先看下我的项目结构 我们逐个讲解 /** * 用户登录配置类 * @author Administrator * */ public class AdminUserDateils implements UserDetails { private static final long serialVersionUID = -1546619839676530441L; private transient YCAdmin yCAdmin; public AdminUserDateil
serverhttpsecurity 缺少,不允许使用HTTP 405-Spring Boot + Spring Security
weixin_30119911的博客
12-31 302
I have a simple rest API which works with database. It worked properly until I added the security part. Now it gives HTTP 405 Not Allowed on the POST and DELETE requests. I have no idea why. The GET r...
springboot-06-security.zip
11-30
这通常涉及到配置`WebSecurityConfigurerAdapter`的`configure(HttpSecurity http)`方法。通过`http.formLogin()`和`http.logout()`,我们可以定制登录页面、登录失败处理器、注销链接等。同时,可以使用Thymeleaf或...
springboot - 2.7.3版本 - (九)整合security
10-12
protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/").permitAll() // 允许所有用户访问根路径 .anyRequest().authenticated() // 其他请求需要认证 ....
springboot-security.zip
08-24
protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/").permitAll() // 允许访问根路径 .anyRequest().authenticated() // 其他所有请求需要认证 .and...
Spring security配置用户注销(退出登录
godkzz的博客
09-11 199
配置类的configure(HttpSecurity http) 方法中添加退出映射地址 http.logout().logoutUrl("/logout").logoutSuccessUrl("/index").permitAll();
serverhttpsecurity 缺少_请求失败,HTTP状态401:未经授权在SSRS
weixin_28622215的博客
01-13 343
My Application is in Asp.Net MVC3 coded in C#, i have a SSRS solution in SQL Server Business Intelligence Developement Studio in Visual Studio 2008 , I'm calling the SSRS report through my Asp.Net MV...
serverhttpsecurity 缺少_不允许使用HTTP 405-Spring Boot + Spring Security
weixin_42376940的博客
12-31 644
我有一个简单的rest API,可与数据库一起使用。在添加安全部分之前,它一直工作正常。现在,它在POST和DELETE请求上提供HTTP405不允许。我不知道为什么。GET请求正常工作。所以这是控制器类:@Controllerpublic class MarkerController {private Logger logger = Logger.getLogger(MarkerControll...
ServerHttpSecurity设置pathMatchers.permitAll失效,仍然401.
慢慢的博客
01-26 6313
ServerHttpSecurity401,修改anyExchange访问
软件开发流程
V________的博客
11-16 143
开发流程: 1、功能的设计 2、需求分析 3、功能开发(确定数据结构和算法) 4、功能测试 5、功能维护 6、功能上线
serverhttpsecurity 缺少_看下源码修下 SpringSecurityOAuth2 的bug,解决令牌检查端点未实现 OAuth2 规范带来的坑: ResourceServer int...
weixin_33907300的博客
12-31 622
看下源码修下 SpringSecurityOAuth2 的bug,解决令牌检查端点未实现 OAuth2 规范带来的坑: ResourceServer introspect 错误最近在自己搭一个使用 SpringSecutiryOAuth2 的认证服务器, 这里的接口基于 SpringMVC, 而资源服务器是 SpringCloudGateway 建立的网关层,实现是 WebFlux。目的是为了在网...
Spring GateWay OAuth2ResourceServer 配置ServerHttpSecurity中的hasRole 无效的问题
热门推荐
Sober的博客
03-25 1万+
文章目录问题解决方案JwtGrantedAuthoritiesConverter源码 问题 原因来自于ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec中默认的ReactiveAuthenticationManager没有将jwt中authorities 的负载部分当做Authentication的权限。 简而言之,我们需要把jwt 的Claim...
深入理解 HttpSecurity【源码篇】
2401_84048006的博客
04-07 1298
AbstractSecurityBuilder 类实现了 SecurityBuilder 接口,该类中主要做了一件事,就是确保整个构建只被构建一次。if (!可以看到,这里重新定义了 build 方法,并设置 build 方法为 final 类型,无法被重写,在 build 方法中,通过 AtomicBoolean 实现该方法只被调用一次。具体的构建逻辑则定义了新的抽象方法 doBuild,将来在实现类中通过 doBuild 方法定义构建逻辑。
Spring Security : HTTP请求安全构建器 HttpSecurity
Details Inside Spring
05-13 5263
HttpSecurity是Spring Security Config用于配置http请求安全控制的安全构建器(类似于Spring Security XML配置中的http命名空间配置部分),它的构建目标是一个SecurityFilterChain,实现类使用DefaultSecurityFilterChain。该目标SecurityFilterChain最终会被Spring Security的安...
springboot中springsecurity配置登陆,注销
04-05
springboot配置springsecurity的登陆和注销功能,需要进行如下步骤: 1. 添加springsecurity依赖 在pom.xml文件中添加springsecurity依赖: ``` <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> ``` 2. 配置springsecurity 在应用程序的配置类中添加@EnableWebSecurity注解,开启springsecurity配置功能,并继承WebSecurityConfigurerAdapter类,重写configure方法,进行springsecurity配置: ``` @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/login").permitAll() .antMatchers("/admin/**").hasRole("ADMIN") .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/home") .failureUrl("/login?error=true") .permitAll() .and() .logout() .logoutUrl("/logout") .logoutSuccessUrl("/login") .permitAll() .and() .csrf().disable(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("user").password("{noop}password").roles("USER") .and() .withUser("admin").password("{noop}password").roles("ADMIN"); } } ``` 上述代码中,我们使用了inMemoryAuthentication()方法来配置用户信息。其中,用户"user"的密码为"password",拥有"USER"角色;用户"admin"的密码为"password",拥有"ADMIN"角色。 3. 创建登陆和注销页面 在resources/templates目录下创建login.html和home.html两个页面,分别用于登陆和注销后跳转的页面。 login.html页面示例: ``` <!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <h2>Login</h2> <form th:action="@{/login}" method="post"> <div> <label>Username:</label> <input type="text" name="username"/> </div> <div> <label>Password:</label> <input type="password" name="password"/> </div> <div> <button type="submit">Login</button> </div> <div th:if="${param.error}"> Invalid username and password. </div> </form> </body> </html> ``` home.html页面示例: ``` <!DOCTYPE html> <html> <head> <title>Home</title> </head> <body> <h2>Welcome!</h2> <p>You have successfully logged in.</p> <form th:action="@{/logout}" method="post"> <button type="submit">Logout</button> </form> </body> </html> ``` 4. 运行应用程序 现在,我们可以运行应用程序,打开浏览器访问http://localhost:8080/login,输入用户信息进行登陆。登陆成功后,将跳转到http://localhost:8080/home页面,页面中将显示"Welcome! You have successfully logged in."的欢迎信息。在home.html页面中,我们可以通过"Logout"按钮注销用户,将跳转回登陆页面。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值