修改和完成SpringSecurity的登录功能

玄尺_0072023-09-22 16:48

1、配置SpringSecurity改变默认表单页面但是流程不变

添加loginPage、loginProcessingUrl方法

java 复制代码 
	//做拦截
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// 请求授权
		http.formLogin()
		.loginPage("/require")//自定义登录页面
		.loginProcessingUrl("/loginPage")//security默认处理流程  表单:action="/loginPage" method="post"
		.and().authorizeRequests()
		//授权放行
		.antMatchers("/loginPage","/require","/registerVisitor","/judgeSMS","/sendSMS","/visitorRegister","/visitorLogin","/index","/mood","/findMood","/findAllBlog","/findAllAlbum","/findAllArchives","/link",
				"/css/**","/editor.md/**","/images/**","/js/**","/layer/**","/social/**","/statics/**","/upload/**").permitAll()
		//所有请求
		.anyRequest()
		//都需要身份认证
		.authenticated().and()
		//43、使用Layer打开select-mood子页面并配置SpringSecurity允许Iframe嵌入页面 
		.headers().frameOptions().disable().and()
		//跨站请求伪造的防护
		.csrf().disable()
		//添加我们所写的spring social配置
		.apply(zzzSocialSecurityConfig);
	}
java 复制代码 
//在MainController中添加
	@RequestMapping("/require")
	public String require() {
		return "/login.html";
	}

表单提交

html 复制代码 
<form action="/loginPage" method="post" class="login100-form validate-form">

测试:SecurityUserService中打印用户名

java 复制代码 
	//用户名密码登录
	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		// TODO 在数据库中找
		System.out.println(username);
		
		...
	}

测试成功

2、完成访客登录功能且拓展登录失败与登录成功的Handler

访客登录

java 复制代码 
package com.zzz.blog.service;

import ...

@Component
public class SecurityUserService implements UserDetailsService{

	//加密方法返回值
	@Autowired
	private PasswordEncoder passwordEncoder;
	
	@Autowired
	private UserService userService;
	
	@Autowired
	private VisitorService visitorService;
	
	//用户名密码登录
	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		// TODO 在数据库中找
		System.out.println(username);
		
		User user = userService.findUserByUsername(username);
		if(user != null) {
			//将用户信息给SpringSecurity管理
			return new SocialUser(user.getUsername(), passwordEncoder.encode(user.getPassword()), AuthorityUtils.commaSeparatedStringToAuthorityList("ADMIN"));
		}
		
		Visitor visitor = visitorService.findVisitorByUsername(username);
		if(visitor != null) {
			return new SocialUser(visitor.getUsername(), passwordEncoder.encode(visitor.getPassword()), AuthorityUtils.commaSeparatedStringToAuthorityList("VISITOR"));
		}
		
		throw new UsernameNotFoundException("用户不存在!!");
	}

}

拓展登录失败与登录成功的Handler的事件处理,添加handler

java 复制代码 
package com.zzz.blog.config;

import ...

//安全配置类
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{

	//SpringSecurity加密方法返回值
	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}
	
	@Autowired
	private SpringSocialConfigurer zzzSocialSecurityConfig;
	
	@Autowired
	private LoginSuccessHandler loginSuccessHandler;
	@Autowired
	private LoginFailureHandler loginFailureHandler;
	
	//做拦截
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// 请求授权
		http.formLogin()
		.loginPage("/require")//自己的登录页面
		.loginProcessingUrl("/loginPage")//security默认处理流程  表单登录提交路径:action="/loginPage" method="post"
		.failureHandler(loginFailureHandler) //登录失败的Handler
		.successHandler(loginSuccessHandler)  //登录成功的Handler
		.and().authorizeRequests()
		//授权放行
		.antMatchers("/loginPage","/require","/registerVisitor","/judgeSMS","/sendSMS","/visitorRegister","/visitorLogin","/index","/mood","/findMood","/findAllBlog","/findAllAlbum","/findAllArchives","/link",
				"/css/**","/editor.md/**","/images/**","/js/**","/layer/**","/social/**","/statics/**","/upload/**").permitAll()
		//所有请求
		.anyRequest()
		//都需要身份认证
		.authenticated().and()
		//43、使用Layer打开select-mood子页面并配置SpringSecurity允许Iframe嵌入页面 
		.headers().frameOptions().disable().and()
		//跨站请求伪造的防护
		.csrf().disable()
		//添加我们所写的spring social配置
		.apply(zzzSocialSecurityConfig);
	}
	
}
java 复制代码 
package com.zzz.blog.handler;

import ...

@Component
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{

	@Override
	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
			Authentication authentication) throws ServletException, IOException {
		// TODO 登录成功后的处理
		
		super.onAuthenticationSuccess(request, response, authentication);
	}
	
}
java 复制代码 
package com.zzz.blog.handler;

import ...

@Component
public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler{

	@Override
	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
			AuthenticationException exception) throws IOException, ServletException {
		// TODO 登录失败后的处理
		
		super.onAuthenticationFailure(request, response, exception);
	}

}
相关推荐
试行9 分钟前
Android实现自定义下拉列表绑定数据
android·java
茜茜西西CeCe15 分钟前
移动技术开发:简单计算器界面
java·gitee·安卓·android-studio·移动技术开发·原生安卓开发
bjzhang7515 分钟前
SpringBoot开发——集成Tess4j实现OCR图像文字识别
spring boot·ocr·tess4j
救救孩子把20 分钟前
Java基础之IO流
java·开发语言
flying jiang20 分钟前
Spring Boot 入门面试五道题
spring boot
小菜yh21 分钟前
关于Redis
java·数据库·spring boot·redis·spring·缓存
宇卿.27 分钟前
Java键盘输入语句
java·开发语言
浅念同学28 分钟前
算法.图论-并查集上
java·算法·图论
立志成为coding大牛的菜鸟.41 分钟前
力扣1143-最长公共子序列(Java详细题解)
java·算法·leetcode
鱼跃鹰飞41 分钟前
Leetcode面试经典150题-130.被围绕的区域
java·算法·leetcode·面试·职场和发展·深度优先
热门推荐
01RAG 实践- Ollama+RagFlow 部署本地知识库02组基轨迹建模 GBTM的介绍与实现(Stata 或 R)032024年高教社杯数学建模国赛C题超详细解题思路分析04Coze扣子平台完整体验和实践(附国内和国际版对比)05苍穹外卖面试总结06【2024数模国赛赛题思路公开】国赛B题思路丨附可运行代码丨无偿自提07yolov8实战第五天——yolov8+ffmpg实时视频流检测并进行实时推流——(推流,保姆教学)08CCF-CSP认证考试 202406-3 文本分词 100分题解09【2024高教社杯全国大学生数学建模竞赛】B题 生产过程中的决策问题——解题思路 代码 论文10浏览器插件——ModHeader 的分享和学习