今日目标:
1.登录成功,登录失败,无权访问,登出成功,未登录访问的数据以JSON形式返回给前端
1.登录成功
SuccessHandler.java
package com.alumni_circle.controller.security;
import cn.hutool.core.util.IdUtil;
import cn.hutool.json.JSON;
import cn.hutool.json.JSONUtil;
import com.alumni_circle.core.utils.JwtUtils;
import com.alumni_circle.core.utils.RedisUtils;
import com.alumni_circle.entity.me.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
/**
* @author 龙小虬
* @since 2020-08-01 12:49
*
* 用户登录成功返回类
*/
public class SuccessHandler implements AuthenticationSuccessHandler {
@Autowired
RedisUtils redisUtils;
@Autowired
JwtUtils jwtUtils;
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
Map<String,String> map = new HashMap<>();
map.put("登录成功","200");
String key = IdUtil.simpleUUID();
//用户基本信息数据
User user = new User();
user.setOpenid("角色");
...
//将登录用户的数据存入redis
redisUtils.set(key,user,1800);
//进行JWT加密
map.put("token", jwtUtils.encryption(key));
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json;charset=utf-8");
PrintWriter printWriter = httpServletResponse.getWriter();
JSON json = JSONUtil.parse(map);
printWriter.write(json.toString());
}
}
用户登录失败
FailHandler.java
package com.alumni_circle.controller.security;
import cn.hutool.json.JSON;
import cn.hutool.json.JSONUtil;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
/**
* @author 龙小虬
* @since 2020-08-01 13:33
*
* 用户登录失败返回类
*/
public class FailHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
Map<String,String> map = new HashMap<>();
map.put("登录失败","403");
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json;charset=utf-8");
PrintWriter printWriter = httpServletResponse.getWriter();
System.out.println(map.toString());
JSON json = JSONUtil.parse(map);
System.out.println(json);
printWriter.write(json.toString());
printWriter.close();
}
}
无权访问
PermissionDeniedHandler.java
package com.alumni_circle.controller.security;
import cn.hutool.json.JSON;
import cn.hutool.json.JSONUtil;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
/**
* @author 龙小虬
* @since 2020-08-01 14:27
*
* 用户访问了本人无权限的返回类
*/
public class PermissionDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
Map<String,String> map = new HashMap<>();
map.put("权限不足","200");
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json;charset=utf-8");
PrintWriter printWriter = httpServletResponse.getWriter();
System.out.println(map.toString());
JSON json = JSONUtil.parse(map);
printWriter.write(json.toString());
}
}
未登录访问接口
package com.alumni_circle.controller.security;
import cn.hutool.json.JSON;
import cn.hutool.json.JSONUtil;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
/**
* @author 龙小虬
* @since 2020-08-01 14:18
*
* 未登录用户访问接口处理类
*/
public class NoLoginHandler implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
Map<String,String> map = new HashMap<>();
map.put("未登录","200");
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json;charset=utf-8");
PrintWriter printWriter = httpServletResponse.getWriter();
JSON json = JSONUtil.parse(map);
System.out.println(json.toString());
printWriter.write(map.toString());
}
}
成功退出登录
SuccessLogoutHandler.java
package com.alumni_circle.controller.security;
import cn.hutool.json.JSON;
import cn.hutool.json.JSONUtil;
import com.alumni_circle.core.utils.JwtUtils;
import com.alumni_circle.core.utils.RedisUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
/**
* @author 龙小虬
* @since 2020-08-01 14:00
*
* 用户退出登录成功返回类
*/
public class SuccessLogoutHandler implements LogoutSuccessHandler {
@Autowired
JwtUtils jwtUtils;
@Autowired
RedisUtils redisUtils;
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
//清理token数据
String token = httpServletRequest.getHeader("token");
String key = jwtUtils.validateToken(token);
redisUtils.del(key);
//返回成功退出的json数据
Map<String,String> map = new HashMap<>();
map.put("退出成功","200");
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json;charset=utf-8");
PrintWriter printWriter = httpServletResponse.getWriter();
//清理token
redisUtils.del(jwtUtils.validateToken(httpServletRequest.getHeader("token")));
System.out.println(map.toString());
JSON json = JSONUtil.parse(map);
printWriter.write(json.toString());
}
}
再将所有自定义好的类加入到security.xml中(这里我就贴出所有的了,注释也写得很清楚)
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!--
不拦截的页面,security="none"
可以设置一些静态资源 或 下面配置拦截所有请求的时候,
选择不拦截登录页面
-->
<security:http pattern="/login.jsp" security="none" />
<security:http pattern="/index.jsp" security="none"/>
<!-- auto-config="true" 表示自动加载spring security的配置文件-->
<security:http auto-config="true" entry-point-ref="noLoginHandler">
<!-- 对** 的url进行拦截,只有拥有ROLE_USER权限的用户才能进入 -->
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<!--访问接口的权限不足-->
<security:access-denied-handler ref="permissionDeniedHandler"/>
<security:custom-filter ref="jsonLoginFilter" before="FORM_LOGIN_FILTER"/>
<!--
login-page="/login.jsp" 拦截以后重定向到自定义的登录页面
authentication-failure-url="/login.jsp"登录的用户没有 ROLE_USER权限跳转的页面
default-target-url="/admin" 登录的用户有 ROLE_USER权限跳转的页面
login-processing-url="/login" 更改登录的接口名称
username-parameter="username" 更改默认(j_username)登录参数名
password-parameter="password" 更改默认(j_password)登录参数名
authentication-success-handler-ref="successHandler" 登录成功返回JSON(successHandler)
authentication-failure-handler-ref="failHandler" 登录失败返回JSON (failHandler)
-->
<security:form-login login-page="/login.jsp" login-processing-url="/login"
username-parameter="username" password-parameter="password"
authentication-success-handler-ref="successHandler"
authentication-failure-handler-ref="failHandler"
/>
<!-- <security:openid-login login-page="/loginOpenid.jsp" />-->
<!--
invalidate-session="true" 指定注销是否还会导致HttpSession失效,这通常是需要的。如果未指定,则默认为true。
success-handler-ref="successLogoutHandler" 成功退出返回JSON
-->
<security:logout logout-url="/logout" invalidate-session="true" success-handler-ref="successLogoutHandler"/>
</security:http>
<bean id="jsonLoginFilter" class="com.alumni_circle.core.filter.JsonLoginFilter">
</bean>
<!-- JWT工具类-->
<bean id="jwtUtils" class="com.alumni_circle.core.utils.JwtUtils"/>
<!-- 登录成功-->
<bean id="successHandler" class="com.alumni_circle.controller.security.SuccessHandler"/>
<!-- 登录失败-->
<bean id="failHandler" class="com.alumni_circle.controller.security.FailHandler"/>
<!-- 退出成功-->
<bean id="successLogoutHandler" class="com.alumni_circle.controller.security.SuccessLogoutHandler"/>
<!--未登录-->
<bean id="noLoginHandler" class="com.alumni_circle.controller.security.NoLoginHandler"/>
<!--权限不足-->
<bean id="permissionDeniedHandler" class="com.alumni_circle.controller.security.PermissionDeniedHandler"/>
<!-- 账号密码验证-->
<bean id="userSecurityService" class="com.alumni_circle.service.security.impl.UserSecurityServiceImpl"/>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userSecurityService">
<!-- <security:authentication-provider>-->
<!-- <security:user-service>-->
<!--<!– 给root 用户 配置 "ROLE_USER" 权限 –>-->
<!-- <security:user name="root" password="123456" authorities="ROLE_USER" />-->
<!-- </security:user-service>-->
</security:authentication-provider>
</security:authentication-manager>
</beans>
应网友要求贴出pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.alumni_circle</groupId>
<artifactId>alumni_circle</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<!-- 用来设置版本号 -->
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.encoding>UTF-8</maven.compiler.encoding>
<java.version>1.8</java.version>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<spring.version>4.0.2.RELEASE</spring.version>
<mybatis.version>3.2.8</mybatis.version>
<slf4j.version>1.7.12</slf4j.version>
<log4j.version>1.2.17</log4j.version>
<druid.version>1.1.23</druid.version>
<lombok.version>1.18.8</lombok.version>
<httpclient.version>4.5.12</httpclient.version>
<swagger.version>2.5.0</swagger.version>
<mybatis-plus.version>3.3.2</mybatis-plus.version>
<pagehelper.version>5.1.4</pagehelper.version>
<jackson.version>2.5.1</jackson.version>
<spring.security.version>3.2.3.RELEASE</spring.security.version>
<javax.servlet>3.0.1</javax.servlet>
<commons-fileupload>1.3.2</commons-fileupload>
<junit.version>4.12</junit.version>
<spring.redis>1.6.1.RELEASE</spring.redis>
<redis.clients>2.7.3</redis.clients>
<swagger.springmvc>1.0.2</swagger.springmvc>
<mysql.version>5.1.37</mysql.version>
<thumbnailator.version>0.4.11</thumbnailator.version>
<hutool.version>5.3.10</hutool.version>
<spring.beans.version>4.0.2.RELEASE</spring.beans.version>
<jjwt.version>0.9.1</jjwt.version>
<google.guava>25.1-jre</google.guava>
</properties>
<!-- 用到的jar包 -->
<dependencies>
<!--jwt-->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>${jjwt.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${spring.beans.version}</version>
</dependency>
<!--security-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<!--hutool工具包-->
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>${hutool.version}</version>
</dependency>
<!--图片压缩-->
<dependency>
<groupId>net.coobird</groupId>
<artifactId>thumbnailator</artifactId>
<version>${thumbnailator.version}</version>
</dependency>
<!-- Redis 相关依赖 -->
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-redis</artifactId>
<version>${spring.redis}</version>
</dependency>
<dependency>
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
<version>${redis.clients}</version>
</dependency>
<!--MultipartFile 文件上传-->
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>${commons-fileupload}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>${commons-fileupload}</version>
</dependency>
<!--pagehelper 分页插件-->
<dependency>
<groupId>com.github.pagehelper</groupId>
<artifactId>pagehelper</artifactId>
<version>${pagehelper.version}</version>
</dependency>
<!-- jackson -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<!--HttpServletResponse-->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>${javax.servlet}</version>
<scope>provided</scope>
</dependency>
<!-- 单元测试 -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>${junit.version}</version>
<scope>compile</scope>
</dependency>
<!--lombok-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${lombok.version}</version>
</dependency>
<!-- spring框架包 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-oxm</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- spring框架包 -->
<!-- mybatis框架包 -->
<!-- <dependency>-->
<!-- <groupId>org.mybatis</groupId>-->
<!-- <artifactId>mybatis</artifactId>-->
<!-- <version>${mybatis.version}</version>-->
<!-- </dependency>-->
<!-- <dependency>-->
<!-- <groupId>org.mybatis</groupId>-->
<!-- <artifactId>mybatis-spring</artifactId>-->
<!-- <version>1.2.2</version>-->
<!-- </dependency>-->
<!-- mybatis框架包 -->
<!-- 数据库驱动 -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${mysql.version}</version>
</dependency>
<!-- log -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>${log4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>${slf4j.version}</version>
</dependency>
<!-- 连接池 -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>${druid.version}</version>
</dependency>
<dependency>
<!--httpclient-->
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${httpclient.version}</version>
</dependency>
<!--mybatis-plus-->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus</artifactId>
<version>${mybatis-plus.version}</version>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-core</artifactId>
<version>${mybatis-plus.version}</version>
</dependency>
<!-- swagger2 -->
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>${swagger.version}</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>${swagger.version}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>${google.guava}</version>
</dependency>
</dependencies>
<build>
<finalName>ROOT</finalName>
<pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
<plugins>
<plugin>
<artifactId>maven-clean-plugin</artifactId>
<version>3.1.0</version>
</plugin>
<!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging -->
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>3.0.2</version>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.0</version>
</plugin>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.22.1</version>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>3.2.2</version>
</plugin>
<plugin>
<artifactId>maven-install-plugin</artifactId>
<version>2.5.2</version>
</plugin>
<plugin>
<artifactId>maven-deploy-plugin</artifactId>
<version>2.8.2</version>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>