文章目录
功能: 简化用户每次登录都要输入用户名和密码的麻烦,提高用户体验
1、配置类
注意:
一定要添加lazy注解防止依赖循环
@Resource
@Lazy
private UserServiceImpl userService;
@Resource
@Lazy
private PersistentTokenRepository persistentTokenRepository;
package com.atmae.securitydemo.config;
import com.atmae.securitydemo.handle.MyAccessDeniedHandler;
import com.atmae.securitydemo.service.impl.UserServiceImpl;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import javax.annotation.Resource;
import javax.sql.DataSource;
/**
* @author Mae
*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Resource
private MyAccessDeniedHandler myAccessDeniedHandler;
@Resource
@Lazy
private UserServiceImpl userService;
@Resource
private DataSource dataSource;
@Resource
@Lazy
private PersistentTokenRepository persistentTokenRepository;
@Bean
public PersistentTokenRepository getPersistentTokenRepository() {
JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
/** 自动建表 第一次启动 第二次注释掉即可会报错*/
/** jdbcTokenRepository.setCreateTableOnStartup(true);*/
jdbcTokenRepository.setDataSource(dataSource);
return jdbcTokenRepository;
}
@Bean
public PasswordEncoder getPw() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
/** 表单提交*/
http.formLogin()
.usernameParameter("username")
.passwordParameter("password")
/** 当发现/login时 认为是登录 需和表单提交地址相同*/
.loginProcessingUrl("/login")
/** 自定义登录页面*/
.loginPage("/login.html")
/** 成功后执行post请求*/
.successForwardUrl("/index")
/** 失败后执行post请求*/
.failureForwardUrl("/error");
http.authorizeHttpRequests()
/** 放行*/
.antMatchers("/error.html").permitAll()
.antMatchers("/login.html").permitAll()
.antMatchers("/**/*.png").permitAll()
/** 正则表达式*/
.regexMatchers(".+[.]png").permitAll()
/** 权限管理*/
/** .antMatchers("/member.html").hasAnyAuthority("admin")*/
/** 角色判断*/
/** .antMatchers("/member.html").hasRole("student")*/
/** 所有请求都必须被认证*/
.anyRequest().authenticated();
/** 关闭防火墙*/
http.csrf().disable();
/** 异常处理*/
http.exceptionHandling()
.accessDeniedHandler(myAccessDeniedHandler);
/**记住我功能*/
http.rememberMe()
/** 自定义登录逻辑*/
.userDetailsService(userService)
/** 失效时间 60s*/
.tokenValiditySeconds(60)
/** 持久层登录*/
.tokenRepository(persistentTokenRepository);
}
}
2、自定义逻辑
package com.atmae.securitydemo.service.impl;
import com.atmae.securitydemo.mapper.UserMapper;
import com.atmae.securitydemo.pojo.User;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
/**
* @author Mae
*/
@Service
public class UserServiceImpl implements UserDetailsService {
@Resource
private UserMapper userMapper;
@Resource
private PasswordEncoder passwordEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
/** 查询数据库判断用户名是否存在*/
User user = userMapper.findUserByUsername(username);
System.out.println(user);
if (user == null) {
throw new UsernameNotFoundException("用户名没有找到");
}
/** 把查询出的密码(注册时已经过加密)进行解析,或者直接把密码放入构造方法*/
String password = passwordEncoder.encode(user.getPassword());
return new org.springframework.security.core.userdetails.User(username, password, AuthorityUtils
.commaSeparatedStringToAuthorityList("admin,normal0,ROLE_student0"));
}
}
3、登陆页
记住我的name一定要是 remember-me 否则需要自己配置
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登录页</title>
</head>
<body>
<form action="/login" method="post">
<label for="username">用户名:<input type="text" id="username" name="username" placeholder="请输入用户名"></label><br/>
<label for="password">密码:<input type="password" id="password" name="password" placeholder="请输入密码"></label><br/>
<label for="remember-me">
记住我:
<input id="remember-me" type="checkbox" name="remember-me" value="1"/>
</label><br>
<input type="submit" value="提交">
</form>
</body>
</html>
4、持久层和控制层
package com.atmae.securitydemo.controller;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
/**
* @author Mae
*/
@Controller
public class UserController {
@Secured("ROLE_student0")
@PreAuthorize("hasRole('ROLE_student0')") /** 可以不以Role开头*/
@RequestMapping("/index")
public String indexPage() {
return "redirect:index.html";
}
}
package com.atmae.securitydemo.mapper;
import com.atmae.securitydemo.pojo.User;
import org.apache.ibatis.annotations.Mapper;
/**
* @author Mae
*/
@Mapper
public interface UserMapper {
/**
* 根据用户名查询用户
* @param username 用户名
* @return 用户
*/
User findUserByUsername(String username);
}
5、功能
第一次登录
自动生成的数据表
第二次登录直接进入登录页
关闭浏览器直接进入主页则需重新登陆
