一、登录配置
1、代码配置
在httpsecurity中增加一些配置,如下
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//路径规则符合这样的要有什么样的角色,还有hasAnyRole()
.antMatchers("/admin/**").hasRole("admin")
// .antMatchers("user/**").hasAnyRole("admin","user")
.antMatchers("/user/**").access("hasAnyRole('user','admin')")//另一种写法
.anyRequest().authenticated()//剩下的所有请求登录后就能访问
.and()
//表单登录 处理登录请求的地址
.formLogin()
.loginProcessingUrl("/doLogin")//处理登录的那个接口
.loginPage("/login")//登录页面
.usernameParameter("username1")//登录时候的用户名和密码的键值
.passwordParameter("password1")
//登录成功的处理
.successHandler(new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication) throws IOException, ServletException {
//authentication 保存了登录成功后的用户的信息
resp.setContentType("application/json;charset=utf-8");
PrintWriter out = resp.getWriter();
Map<String,Object> map = new HashMap<>();
map.put("status",200);
map.put("msg",authentication.getPrincipal());
out.write(new ObjectMapper().writeValueAsString(map));
out.flush();
out.close();
}
})//告诉前端登录是成功的处理器
//登录失败的处理
.failureHandler(new AuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest req, HttpServletResponse resp, AuthenticationException e) throws IOException, ServletException {
resp.setContentType("application/json;charset=utf-8");
PrintWriter out = resp.getWriter();
Map<String,Object> map = new HashMap<>();
map.put("status",401);
if(e instanceof LockedException){
map.put("msg","账户被锁定,登陆失败!");
} else if(e instanceof BadCredentialsException){
map.put("msg","用户名或密码错误,登录失败!");
} else if(e instanceof DisabledException){
map.put("msg","账户被禁用,登录失败!");
} else if(e instanceof AccountExpiredException){
map.put("msg","账户过期,登录失败");
} else if (e instanceof CredentialsExpiredException){
map.put("msg","登录失败");
}
out.write(new ObjectMapper().writeValueAsString(map));
out.flush();
out.close();
}
})
.permitAll() //跟登录相关的接口直接就能过
.and()
.csrf().disable();//关闭csrf攻击
}
2、测试
二、注销配置
1、在登录的配置下继续配置
代码
.permitAll() //跟登录相关的接口直接就能过
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessHandler(new LogoutSuccessHandler() {
@Override
public void onLogoutSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication)
throws IOException, ServletException {
resp.setContentType("application/json;charset=utf-8");
PrintWriter out = resp.getWriter();
Map<String,Object> map = new HashMap<>();
map.put("status",200);
map.put("msg","注销登录成功");
out.write(new ObjectMapper().writeValueAsString(map));
out.flush();
out.close();
}
})
.and()
.csrf().disable();//关闭csrf攻击