修改和完成SpringSecurity的登录功能

玄尺_0072023-09-22 16:48

1、配置SpringSecurity改变默认表单页面但是流程不变

添加loginPage、loginProcessingUrl方法

java 复制代码 
	//做拦截
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// 请求授权
		http.formLogin()
		.loginPage("/require")//自定义登录页面
		.loginProcessingUrl("/loginPage")//security默认处理流程  表单:action="/loginPage" method="post"
		.and().authorizeRequests()
		//授权放行
		.antMatchers("/loginPage","/require","/registerVisitor","/judgeSMS","/sendSMS","/visitorRegister","/visitorLogin","/index","/mood","/findMood","/findAllBlog","/findAllAlbum","/findAllArchives","/link",
				"/css/**","/editor.md/**","/images/**","/js/**","/layer/**","/social/**","/statics/**","/upload/**").permitAll()
		//所有请求
		.anyRequest()
		//都需要身份认证
		.authenticated().and()
		//43、使用Layer打开select-mood子页面并配置SpringSecurity允许Iframe嵌入页面 
		.headers().frameOptions().disable().and()
		//跨站请求伪造的防护
		.csrf().disable()
		//添加我们所写的spring social配置
		.apply(zzzSocialSecurityConfig);
	}
java 复制代码 
//在MainController中添加
	@RequestMapping("/require")
	public String require() {
		return "/login.html";
	}

表单提交

html 复制代码 
<form action="/loginPage" method="post" class="login100-form validate-form">

测试:SecurityUserService中打印用户名

java 复制代码 
	//用户名密码登录
	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		// TODO 在数据库中找
		System.out.println(username);
		
		...
	}

测试成功

2、完成访客登录功能且拓展登录失败与登录成功的Handler

访客登录

java 复制代码 
package com.zzz.blog.service;

import ...

@Component
public class SecurityUserService implements UserDetailsService{

	//加密方法返回值
	@Autowired
	private PasswordEncoder passwordEncoder;
	
	@Autowired
	private UserService userService;
	
	@Autowired
	private VisitorService visitorService;
	
	//用户名密码登录
	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		// TODO 在数据库中找
		System.out.println(username);
		
		User user = userService.findUserByUsername(username);
		if(user != null) {
			//将用户信息给SpringSecurity管理
			return new SocialUser(user.getUsername(), passwordEncoder.encode(user.getPassword()), AuthorityUtils.commaSeparatedStringToAuthorityList("ADMIN"));
		}
		
		Visitor visitor = visitorService.findVisitorByUsername(username);
		if(visitor != null) {
			return new SocialUser(visitor.getUsername(), passwordEncoder.encode(visitor.getPassword()), AuthorityUtils.commaSeparatedStringToAuthorityList("VISITOR"));
		}
		
		throw new UsernameNotFoundException("用户不存在!!");
	}

}

拓展登录失败与登录成功的Handler的事件处理,添加handler

java 复制代码 
package com.zzz.blog.config;

import ...

//安全配置类
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{

	//SpringSecurity加密方法返回值
	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}
	
	@Autowired
	private SpringSocialConfigurer zzzSocialSecurityConfig;
	
	@Autowired
	private LoginSuccessHandler loginSuccessHandler;
	@Autowired
	private LoginFailureHandler loginFailureHandler;
	
	//做拦截
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// 请求授权
		http.formLogin()
		.loginPage("/require")//自己的登录页面
		.loginProcessingUrl("/loginPage")//security默认处理流程  表单登录提交路径:action="/loginPage" method="post"
		.failureHandler(loginFailureHandler) //登录失败的Handler
		.successHandler(loginSuccessHandler)  //登录成功的Handler
		.and().authorizeRequests()
		//授权放行
		.antMatchers("/loginPage","/require","/registerVisitor","/judgeSMS","/sendSMS","/visitorRegister","/visitorLogin","/index","/mood","/findMood","/findAllBlog","/findAllAlbum","/findAllArchives","/link",
				"/css/**","/editor.md/**","/images/**","/js/**","/layer/**","/social/**","/statics/**","/upload/**").permitAll()
		//所有请求
		.anyRequest()
		//都需要身份认证
		.authenticated().and()
		//43、使用Layer打开select-mood子页面并配置SpringSecurity允许Iframe嵌入页面 
		.headers().frameOptions().disable().and()
		//跨站请求伪造的防护
		.csrf().disable()
		//添加我们所写的spring social配置
		.apply(zzzSocialSecurityConfig);
	}
	
}
java 复制代码 
package com.zzz.blog.handler;

import ...

@Component
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{

	@Override
	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
			Authentication authentication) throws ServletException, IOException {
		// TODO 登录成功后的处理
		
		super.onAuthenticationSuccess(request, response, authentication);
	}
	
}
java 复制代码 
package com.zzz.blog.handler;

import ...

@Component
public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler{

	@Override
	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
			AuthenticationException exception) throws IOException, ServletException {
		// TODO 登录失败后的处理
		
		super.onAuthenticationFailure(request, response, exception);
	}

}
相关推荐
我命由我123452 分钟前
Android 开发问题:项目同时引入了两个包含相同类文件的库(AndroidX 库、旧版本支持库),导致了重复类错误
android·java·java-ee·android studio·android-studio·androidx·android runtime
梓色系8 分钟前
Spring AI 实战:从零搭建 MCP 客户端与服务端,让大模型拥有“手脚“
java·人工智能·spring
秦时星星17 分钟前
Spring AI + FastMCP 跨语言集成踩坑实录
java·人工智能·spring
见牛羊19 分钟前
docker理解
java·docker·容器
codingPower23 分钟前
JAVA后端安全进阶:基于HMAC-SHA256+Nonce+Timestamp的API防重放攻击方案
java·开发语言·spring boot·安全
寂夜了无痕29 分钟前
IntelliJ IDEA 高效配置:新建文件自动生成作者与时间注释
java·ide·intellij-idea
霸道流氓气质36 分钟前
Windows批处理脚本完整指南:可移植的交互式SpringBoot项目管理
windows·spring boot·后端
leonidZhao37 分钟前
Java 25新特性:模块导入申明
java
weixin_489690021 小时前
【IDEA 2025.2.4】 Maven 仅能手动 Reload All Maven Projects 问题解决
java·maven·intellij-idea
雨辰AI1 小时前
MySQL 迁移至达梦 DM9 完整改造指南|99% SQL 零改动
java·开发语言·数据库·sql·mysql·政务
热门推荐
01GitHub 镜像站点02DeepSeek V4 + Claude Code thinking mode 400 错误修复方案03【AI】2026 年具身智能模型和世界模型总结04Codex 接入 DeepSeek API 完整配置文档05【踩坑记录 | 第一篇】微软商店无法使用时,如何手动安装 OpenAI Codex?附`.msix`文件系统错误解决方法06CC-Switch & Claude 基于 Linux 服务器安装使用指南07裂开!ChatGPT 居然开始要手机号验证,附详细解决方法08CC-Switch 全平台下载、安装与使用全指南(Windows/macOS/Linux)09几个好用的ip纯净度检测网站102026年AI编程工具终极横评:Cursor vs Claude Code vs Copilot