Security安全登录

  • Post author:
  • Post category:其他




Security配置类

使用SpringBoot整合Security安全登录配置



依赖

   <!-- spring security -->
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-security</artifactId>
	</dependency>

	<!-- thymeleaf -->
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-thymeleaf</artifactId>
	</dependency>



配置类

    /**
     * 权限配置
     */
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启全局注解
@EnableWebSecurity//开启服务
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	    @Override
	    protected void configure(HttpSecurity http) throws Exception {
	       // 配置拦截规则
	        http.csrf().disable()
	                .authorizeRequests()
	                .antMatchers("/css/**","/img/**","/js/**","/plugins/**","/*.html").permitAll()//都可以访问
	                .antMatchers("/admin/**").hasRole("LEVEL1")//需要相应的角色才能访问
	          
	                .anyRequest()
	                .authenticated()
	                .and()
	                .httpBasic();
	        // 配置登录功能
	        http.formLogin()
	                .loginPage("/login")  //  登录页
	                .loginProcessingUrl("/login")	//自定义登录页面后端接口地址
	                .usernameParameter("userName")	//登录页面用户名属性名
	                .passwordParameter("passWord")	//登录页面密码属性名
	                .defaultSuccessUrl("/admin") // 登入成功后,跳转至指定页面
	                .failureUrl("/login")//登录失败页面
	                .permitAll() ;
	        //关闭跨站请求伪造保护
	        //http.csrf().disable();
	        //支持内置框架iframe
	        http.headers().frameOptions().sameOrigin();
	        // 注销成功跳转首页
	        http.logout()
	                //自定义退出配置
	                //.logoutUrl()
	                .logoutSuccessUrl("/login");//不配置默认登录页,指定退出到指定页
	        //开启记住我功能
	        http.rememberMe().rememberMeParameter("remeber");
	    }
	    /**
	     * 自定义认证数据源
	     */
	    /*@Override
	    protected void configure(AuthenticationManagerBuilder builder) throws Exception{
	        builder.userDetailsService(userDetailService())
	                .passwordEncoder(passwordEncoder());
	    }
	    @Bean
	    public UserDetailServiceImpl userDetailService (){
	        return new UserDetailServiceImpl () ;
	    }
	    *//**
	     * 密码加密
	     *//*
	    @Bean
	    public BCryptPasswordEncoder passwordEncoder(){
	        return new BCryptPasswordEncoder();
	    }*/
	
	     //硬编码几个用户
	    @Autowired
	    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
	        auth.inMemoryAuthentication()
	                .withUser("spring").password("123456").roles("LEVEL1","LEVEL2");
	        auth.inMemoryAuthentication()
	                .withUser("summer").password("123456").roles("LEVEL2","LEVEL3");
	        auth.inMemoryAuthentication()
	                .withUser("autumn").password("123456").roles("LEVEL1","LEVEL3");
	    }
}



自定义认证用户

需要实现UserDetailsService 接口,根据 username从数据库读取对应的密码、权限并封装到User中,权限都添加在GrantedAuthority集合里

@Component
public class UserDetailServiceImpl implements UserDetailsService {

    @Reference(version = "1.0",interfaceClass = SellerService.class)
    private SellerService sellerService;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        Seller seller = sellerService.findOne(username);

        //认证权限
        List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
        grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_LEVEL1"));

        System.out.println(seller.getStatus());
        if (seller != null){
            if (seller.getStatus().equals("1")){
                return new User(username,seller.getPassword(),grantedAuthorities);
            }else {
                return null;
            }
        }
        return null;
    }

}



控制器

注意此处进首页时,由于配置了角色权限,只允许登录后才可以访问admin下的文件,所以会自动重定向到登录页(/login),登录成功才会跳转到访问页(“/admin”,“/admin/index”,”/admin/index.html)

   /**
     * 首页
     */
    @RequestMapping(value = {"/admin","/admin/index","/admin/index.html"})
    public String index (){
        return "/admin/index" ;
    }
    /**
     * 登录页
     */
    @RequestMapping("/login")
    public String loginPage (){
        return "/login" ;
    }



版权声明:本文为weixin_45534157原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。