目录结构:
code:
pom.xml
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>5.1.5.RELEASE</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.8</version>
</dependency>
</dependencies>
init.SpringApplicationInitializer.java
public class SpringApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
//spring容器,相当于加载applicationContext.xml
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[]{ApplicationConfig.class}; //指定rootContext的配置类
}
//servletContext,相当与加载springmvc.xml
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{WebConfig.class}; //指定servletConext的配置类
}
//url-mapping
@Override
protected String[] getServletMappings() {
return new String[]{"/"}; //默认根路径
}
}
Controller.java
@RestController
public class LoginController {
@Autowired
private AuthenticationService authenticationService;
@RequestMapping(value = "/login",produces = "text/plain.charset=utf-8")
public String login(AuthenticationRequest authenticationRequest, HttpSession session){
UserDto userDto = authenticationService.authentication(authenticationRequest);
//存入session
session.setAttribute(userDto.SESSION_USER_KEY,userDto);
return userDto.getUsername()+"login success";
}
@GetMapping(value = "r/r1",produces = "text/plain.charset=utf-8")
public String r1(HttpSession session){
Object object = session.getAttribute(UserDto.SESSION_USER_KEY);
UserDto user;
if(object == null){
return "no name";
}else{
user = (UserDto) object;
}
return user.getFullname()+"访问资源r1";
}
@GetMapping(value = "/r/r2",produces = "text/plain.charset=utf-8")
public String r2(HttpSession session){
Object object = session.getAttribute(UserDto.SESSION_USER_KEY);
UserDto user;
if(object == null){
return "no name";
}else{
user = (UserDto) object;
}
return user.getFullname()+"访问资源r2";
}
@GetMapping("/logout")
public String logout(HttpSession session){
session.invalidate();
return "推出成功";
}
}
model:
@Data
public class AuthenticationRequest {
//认证请求参数
private String username;
private String password;
}
@Data
@AllArgsConstructor
@NoArgsConstructor
public class UserDto {
//会话信息
public static final String SESSION_USER_KEY = "_user";
//用户信息
private String id;
private String username;
private String password;
private String fullname;
private String mobile;
//用户权限
private Set<String> authorities;
}
Service:
@Service
public class AuthenticationServiceImpl implements AuthenticationService{
public UserDto authentication(AuthenticationRequest authenticationRequest) {
if(authenticationRequest == null
|| StringUtils.isEmpty(authenticationRequest.getPassword())
|| StringUtils.isEmpty(authenticationRequest.getUsername())){
throw new RuntimeException("null");
}
UserDto user = getUserDto(authenticationRequest.getUsername());
if(user == null){
throw new RuntimeException("no");
}
if(!authenticationRequest.getPassword().equals(user.getPassword())){
throw new RuntimeException("error");
}
return user;
}
//查询用户信息
private UserDto getUserDto(String username) {
return userMap.get(username);
}
//定义用户信息
private Map<String,UserDto> userMap = new HashMap<String,UserDto>();
{
Set<String> authorities1 = new HashSet<String>();
authorities1.add("p1"); //这个p1我们人为让他和/r/r1对应,所以需要拦截控制interceptor
Set<String> authorities2 = new HashSet<String>();
authorities1.add("p2"); //这个p1我们人为让他和/r/r2对应
//给zhangsan p1权限
userMap.put("zhangsan",new UserDto("1010","zhangsan","123","zs","123456",authorities1));
//给lisi p2权限
userMap.put("lisi",new UserDto("1012","lisi","456","ls","654321",authorities2));
}
}
Config:
@Configuration
@ComponentScan(basePackages="com.xuyu.security.springmvc"
,excludeFilters={@ComponentScan.Filter(type= FilterType.ANNOTATION,value= Controller.class)})
public class ApplicationConfig {
}
@Configuration //相当于springmvc.xml文件
@EnableWebMvc
@ComponentScan(basePackages="com.xuyu.security.springmvc"
,includeFilters={@ComponentScan.Filter(type= FilterType.ANNOTATION.ANNOTATION,value= Controller.class)})
public class WebConfig implements WebMvcConfigurer {
//注入拦截器
@Autowired
private SimpleAuthenticationInterceptor simpleAuthenticationInterceptor;
//配置视频解析器
@Bean
public InternalResourceViewResolver viewResolver(){
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setPrefix("/WEB-INF/view"); //创建视图位置前缀
viewResolver.setSuffix(".jsp"); //后缀 jsp作为视图文件
return viewResolver;
}
public void addViewControllers(ViewControllerRegistry registry){
registry.addViewController("/").setViewName("login"); //加前后缀指向login页面
}
//生效拦截器
public void addInterceptors(InterceptorRegistry registry){
registry.addInterceptor(simpleAuthenticationInterceptor).addPathPatterns("/r/**"); //一定要加限制,不然全部需要登录
}
}
拦截器Interceptor:
//记住在webConfig中让拦截器生效
@Component
public class SimpleAuthenticationInterceptor implements HandlerInterceptor {
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//校验用户请求的url是否在用户的权限范围内
Object o = request.getSession().getAttribute(UserDto.SESSION_USER_KEY);
//用户没有登陆资源不能访问
if(o == null){
//没有登陆请登录
writeContent(response,"please login");
}
UserDto userDto = (UserDto) o;
//请求的uri
String requestURI = request.getRequestURI();
//用户p1请求r/r1,放行
if(userDto.getAuthorities().contains("p1") && requestURI.contains("r/r1")){
return true;
}
if(userDto.getAuthorities().contains("p2") && requestURI.contains("r/r2")){
return true;
}
writeContent(response,"没有权限,拒绝访问");
return false;
}
private void writeContent(HttpServletResponse response, String msg) throws IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter writer = response.getWriter();
writer.println(msg);
writer.close();
}
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
}
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
}
}