一、自定义登录页面
参考链接:Spring Security 中 defaultSuccessUrl 和 successForwardUrl 的区别
1.1、项目结构
1.2、编写登录页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="/user/login" method="post">
用户名:<input type="text" name="username"/>
<br/>
密 码:<input type="password" name="password"/>
<br/>
<input type="submit" name="login" value="登录"/>
</form>
</body>
</html>
注意:页面提交方式必须为 post 请求,所以上面的页面不能使用,用户名,密码必须为
username
,password
原因:
在执行登录的时候会走一个过滤器 UsernamePasswordAuthenticationFilter
如果修改配置可以调用 usernameParameter()
和 passwordParameter()
方法。
1.3、编写config配置类
package com.xbmu.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
PasswordEncoder password() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin() // 自定义登录页面
.loginPage("/login.html") // 设置登录页面
.loginProcessingUrl("/user/login") // 登录请求访问路径
.defaultSuccessUrl("/user/index").permitAll() // 登录成功之后,跳转的路径。
.and().authorizeRequests()
.antMatchers("/", "/hello/sayHello", "/user/login").permitAll() // 设置那些请求路径可以直接访问,不需要认证
.anyRequest().authenticated() // 设置其他请求需要认证
.and().csrf().disable(); // 关闭csrf防护
}
}
1.4、编写UserDetailsService
接口的实现类LoginService
,实现登录逻辑。
package com.xbmu.service;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.xbmu.entity.Users;
import com.xbmu.mapper.UserMapper;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.List;
@Service
@Slf4j
public class LoginService implements UserDetailsService {
@Autowired
private UserMapper userMapper;
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
QueryWrapper<Users> wrapper = new QueryWrapper<>();
wrapper.eq("username",username);
Users users = userMapper.selectOne(wrapper);
if(null == users){
throw new UsernameNotFoundException("用户名不存在!");
}
log.info("用户信息:"+users);
List<GrantedAuthority> auths = AuthorityUtils.commaSeparatedStringToAuthorityList("role");
return new User(users.getUsername(),users.getPassword(),auths);
}
}
1.5、编写controller
package com.xbmu.controller;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/user")
@Slf4j
public class UserController {
@RequestMapping("login")
public String login(String username,String password){
log.info("======输出,用户名:{},密码:{}======",username,password);
return "login success";
}
@RequestMapping("index")
public String index()
{
return "This is a index page";
}
@RequestMapping("findAll")
public String findAll()
{
return "Get all user infos";
}
}
1.6、测试