使用spring-security来设置登陆功能:
1、增加security配置文件 WebSecurityConfig 配置文件需要继承 WebSecurityConfigurerAdapter
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
/**
* Http 权限控制
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/login").permitAll()
.antMatchers("/static/**").permitAll()
.antMatchers("/user/login").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/user/**").hasAnyRole("ADMIN", "USER")
.antMatchers("/api/user/**").hasAnyRole("ADMIN", "USER")
.and()
.formLogin()
.loginProcessingUrl("/login") //配置角色登陆处理入口
.and();
http.csrf().disable();
http.headers().frameOptions().sameOrigin();
}
/**
* 自定义认证策略
*/
@Autowired
private void configGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN")
.and();
}
}
2、自定义认证的实现
AuthProvider 实现 AuthenticationProvider
public class AuthProvider implements AuthenticationProvider {
@Autowired
private UserMapper userMapper;
private final Md5PasswordEncoder passwordEncoder = new Md5PasswordEncoder();
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String userName = authentication.getName();
String passwd = (String) authentication.getCredentials();
// 数据库获取密码
User user = userMapper.selectByPrimaryKey(1);
if (user == null)
throw new AuthenticationCredentialsNotFoundException("anthError");
if (this.passwordEncoder.isPasswordValid(user.getPassword(), passwd, user.getId())){
}
throw new BadCredentialsException("authError");
}
@Override
public boolean supports(Class<?> aClass) {
return true;
}
}
3、在User类中需要增加,同时继承 UserDetails
private List<GrantedAuthority> authorityList;
4、在service 层中为某一个用户增加权限
public User findUserByName(String userName) {
User user = userMapper.selectByPrimaryKey(1);
if (user == null) {
return null;
}
RoleExample roleExample = new RoleExample();
List<Role> roles = roleMapper.selectByExample(roleExample);
if (roles == null) {
throw new DisabledException("权限非法");
}
List<GrantedAuthority> authorities = new ArrayList<>();
roles.forEach(role -> authorities.add(new SimpleGrantedAuthority("ROLE_"+role.getName())));
user.setAuthorityList(authorities);
return user;
}