实现的效果
访问url时,如果未登录时跳转到Login界面,要求用户登陆,如果登陆过返回请求的数据。
效果图
访问数据时,未登录返回login界面
登陆操作
登陆成功进入登出界面
登陆成功后再次访问数据
POM 文件
加入 Security 配置,数据库使用maybatis。
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.1.6.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.gailguo</groupId> <artifactId>login</artifactId> <version>0.0.1-SNAPSHOT</version> <name>login</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.0.1</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <scope>runtime</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
WebSecurityConfigurerAdapter配置Security信息
1. authorizeRequests() .antMatchers("/user/*").permitAll() .anyRequest().authenticated() 意思代表 /user 不需要进行授权认证,其他都需要认证。
2 .formLogin().loginPage("/login.html").loginProcessingUrl("/signin").successHandler(successHandler).failureHandler(failureHandler) 设置的登陆界面,和登陆的url 以及登陆成功的handler和失败的handler。
3 .usernameParameter("username").passwordParameter("password").permitAll() 用户名和密码的传参数 4 .logout().logoutUrl("/signout").logoutSuccessHandler(logoutSuccessHandler).permitAll(); 登出url ,以及handler 5 .csrf().disable()
@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private AjaxAuthSuccessHandler successHandler; @Autowired private AjaxAuthFailureHandler failureHandler; @Autowired private AjaxLogoutSuccessHandler logoutSuccessHandler; @Autowired private UserDetailsServiceImpl userDetailsService; @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests().antMatchers("/user/*").permitAll() .anyRequest().authenticated() .and() .csrf().disable() .formLogin().loginPage("/login.html").loginProcessingUrl("/signin").successHandler(successHandler).failureHandler(failureHandler) .usernameParameter("username").passwordParameter("password").permitAll() .and() .logout().logoutUrl("/signout").logoutSuccessHandler(logoutSuccessHandler).permitAll(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(new PasswordEncoder() { @Override public String encode(CharSequence charSequence) { return charSequence.toString(); } @Override public boolean matches(CharSequence charSequence, String s) { return s.equals(charSequence.toString()); } }); } }
SimpleUrlAuthenticationSuccessHandler
登陆成功时
@Component public class AjaxAuthSuccessHandler extends SimpleUrlAuthenticationSuccessHandler { private static final Logger logger = LoggerFactory.getLogger(AjaxAuthSuccessHandler.class); @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { logger.info("Authentication success, {} login successfully", request.getParameter("username")); response.setStatus(HttpServletResponse.SC_OK); response.sendRedirect("/home.html"); } }
fail
@Component public class AjaxAuthFailureHandler extends SimpleUrlAuthenticationFailureHandler { private static final Logger logger = LoggerFactory.getLogger(AjaxAuthFailureHandler.class); @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { logger.info("Authentication error, {} login failed", request.getParameter("username")); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentiaction Failed"); } }
loginout success
@Component public class AjaxLogoutSuccessHandler implements LogoutSuccessHandler { private static final Logger logger = LoggerFactory.getLogger(AjaxLogoutSuccessHandler.class); @Override public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { httpServletResponse.setStatus(HttpServletResponse.SC_OK); logger.info("Logout successfully, session id: {}", httpServletRequest.getSession().getId()); } }
UserDetailsService
@Service public class UserDetailsServiceImpl implements UserDetailsService { private Map<String, String> userRepository = new HashMap<>(); @PostConstruct private void init() { userRepository.put("zhangshan", "123456"); userRepository.put("guo", "123456"); } @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { return new User(s, userRepository.get(s), new ArrayList<>()); } }
代码:
https://github.com/galibujianbusana/login
原文地址:https://www.cnblogs.com/galibujianbusana/p/11336940.html
时间: 2024-08-01 20:46:10