SpringSecurity 一款權限框架,第一次配置真的是搞毛了。
首先導包
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
/*@Override
public void configure(HttpSecurity http) throws Exception {
// 請求進行攔截 驗證 accessToken
http
.authorizeRequests()
// .antMatchers("/api-user/web/**").hasAnyAuthority("SuperAdmin", "SysAdmin")
///任何請求,登錄後可以訪問
.anyRequest()
.authenticated()
//允許所有用戶訪問與基於表單的登出
.and()
.logout()//設置登出
.permitAll()
//允許所有用戶訪問與基於表單的登錄
.and()
.formLogin()//設置表單登錄
.usernameParameter("username").passwordParameter("password")//設置驗證的字段
.loginPage("http://localhost:63343/tm_web/login.html")//設置登錄頁面
.loginProcessingUrl("/api-user/public/storeUser/managerUserLogin")//設置請求登錄接口
.successHandler(myAuthenctiationSuccessHandler) // 自定義登錄成功處理
.failureHandler(myAuthenctiationFailureHandler) // 自定義登錄失敗處理
//解決跨域
.and()
.cors()
// 關閉csrf防護
.and()
.csrf()
.disable();
}*/
//登錄失敗
@Component("myAuthenctiationFailureHandler")
public class MyAuthenctiationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
private Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
private ObjectMapper objectMapper;
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
logger.info("登錄失敗");
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
response.setContentType("application/json;charset=UTF-8");
// response.getWriter().write(objectMapper.writeValueAsString(new BaseResponse(exception.getMessage())));
JSONObject jsonObject = new JSONObject();
jsonObject.put("state", "200");
jsonObject.put("message", "登錄失敗");
jsonObject.put("objectMapper", objectMapper.writeValueAsString(new BaseResponse(exception.getMessage())));
response.getWriter().write(jsonObject.toJSONString());
ServletOutputStream out = response.getOutputStream();
out.flush();
out.close();
}
}
//登陸成功
@Component("myAuthenctiationSuccessHandler")
public class MyAuthenctiationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
@Autowired
private ObjectMapper objectMapper;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
System.out.println("登錄成功");
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
SecurityContextHolder.getContext().setAuthentication(authentication);
String token = jwtTokenUtil.generateToken(userDetails);
response.setContentType("application/json;charset=UTF-8");
// response.getWriter().write(objectMapper.writeValueAsString(authentication));
JSONObject jsonObject = new JSONObject();
jsonObject.put("state", "200");
jsonObject.put("message", "登錄成功");
jsonObject.put("token", token);
jsonObject.put("objectMapper", objectMapper.writeValueAsString(authentication));
response.getWriter().write(jsonObject.toJSONString());
ServletOutputStream out = response.getOutputStream();
out.flush();
out.close();
}
}