修改和完成SpringSecurity的登录功能

玄尺_0072023-09-22 16:48

1、配置SpringSecurity改变默认表单页面但是流程不变

添加loginPage、loginProcessingUrl方法

java 复制代码 
	//做拦截
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// 请求授权
		http.formLogin()
		.loginPage("/require")//自定义登录页面
		.loginProcessingUrl("/loginPage")//security默认处理流程  表单:action="/loginPage" method="post"
		.and().authorizeRequests()
		//授权放行
		.antMatchers("/loginPage","/require","/registerVisitor","/judgeSMS","/sendSMS","/visitorRegister","/visitorLogin","/index","/mood","/findMood","/findAllBlog","/findAllAlbum","/findAllArchives","/link",
				"/css/**","/editor.md/**","/images/**","/js/**","/layer/**","/social/**","/statics/**","/upload/**").permitAll()
		//所有请求
		.anyRequest()
		//都需要身份认证
		.authenticated().and()
		//43、使用Layer打开select-mood子页面并配置SpringSecurity允许Iframe嵌入页面 
		.headers().frameOptions().disable().and()
		//跨站请求伪造的防护
		.csrf().disable()
		//添加我们所写的spring social配置
		.apply(zzzSocialSecurityConfig);
	}
java 复制代码 
//在MainController中添加
	@RequestMapping("/require")
	public String require() {
		return "/login.html";
	}

表单提交

html 复制代码 
<form action="/loginPage" method="post" class="login100-form validate-form">

测试:SecurityUserService中打印用户名

java 复制代码 
	//用户名密码登录
	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		// TODO 在数据库中找
		System.out.println(username);
		
		...
	}

测试成功

2、完成访客登录功能且拓展登录失败与登录成功的Handler

访客登录

java 复制代码 
package com.zzz.blog.service;

import ...

@Component
public class SecurityUserService implements UserDetailsService{

	//加密方法返回值
	@Autowired
	private PasswordEncoder passwordEncoder;
	
	@Autowired
	private UserService userService;
	
	@Autowired
	private VisitorService visitorService;
	
	//用户名密码登录
	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		// TODO 在数据库中找
		System.out.println(username);
		
		User user = userService.findUserByUsername(username);
		if(user != null) {
			//将用户信息给SpringSecurity管理
			return new SocialUser(user.getUsername(), passwordEncoder.encode(user.getPassword()), AuthorityUtils.commaSeparatedStringToAuthorityList("ADMIN"));
		}
		
		Visitor visitor = visitorService.findVisitorByUsername(username);
		if(visitor != null) {
			return new SocialUser(visitor.getUsername(), passwordEncoder.encode(visitor.getPassword()), AuthorityUtils.commaSeparatedStringToAuthorityList("VISITOR"));
		}
		
		throw new UsernameNotFoundException("用户不存在!!");
	}

}

拓展登录失败与登录成功的Handler的事件处理,添加handler

java 复制代码 
package com.zzz.blog.config;

import ...

//安全配置类
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{

	//SpringSecurity加密方法返回值
	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}
	
	@Autowired
	private SpringSocialConfigurer zzzSocialSecurityConfig;
	
	@Autowired
	private LoginSuccessHandler loginSuccessHandler;
	@Autowired
	private LoginFailureHandler loginFailureHandler;
	
	//做拦截
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// 请求授权
		http.formLogin()
		.loginPage("/require")//自己的登录页面
		.loginProcessingUrl("/loginPage")//security默认处理流程  表单登录提交路径:action="/loginPage" method="post"
		.failureHandler(loginFailureHandler) //登录失败的Handler
		.successHandler(loginSuccessHandler)  //登录成功的Handler
		.and().authorizeRequests()
		//授权放行
		.antMatchers("/loginPage","/require","/registerVisitor","/judgeSMS","/sendSMS","/visitorRegister","/visitorLogin","/index","/mood","/findMood","/findAllBlog","/findAllAlbum","/findAllArchives","/link",
				"/css/**","/editor.md/**","/images/**","/js/**","/layer/**","/social/**","/statics/**","/upload/**").permitAll()
		//所有请求
		.anyRequest()
		//都需要身份认证
		.authenticated().and()
		//43、使用Layer打开select-mood子页面并配置SpringSecurity允许Iframe嵌入页面 
		.headers().frameOptions().disable().and()
		//跨站请求伪造的防护
		.csrf().disable()
		//添加我们所写的spring social配置
		.apply(zzzSocialSecurityConfig);
	}
	
}
java 复制代码 
package com.zzz.blog.handler;

import ...

@Component
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{

	@Override
	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
			Authentication authentication) throws ServletException, IOException {
		// TODO 登录成功后的处理
		
		super.onAuthenticationSuccess(request, response, authentication);
	}
	
}
java 复制代码 
package com.zzz.blog.handler;

import ...

@Component
public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler{

	@Override
	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
			AuthenticationException exception) throws IOException, ServletException {
		// TODO 登录失败后的处理
		
		super.onAuthenticationFailure(request, response, exception);
	}

}
相关推荐
不愿是过客25 分钟前
java实战干货——长方法深递归
java
小北方城市网1 小时前
Redis 分布式锁高可用实现:从原理到生产级落地
java·前端·javascript·spring boot·redis·分布式·wpf
六义义2 小时前
java基础十二
java·数据结构·算法
毕设源码-钟学长3 小时前
【开题答辩全过程】以 基于SpringBoot的智能书城推荐系统的设计与实现为例,包含答辩的问题和答案
java·spring boot·后端
笨手笨脚の3 小时前
深入理解 Java 虚拟机-03 垃圾收集
java·jvm·垃圾回收·标记清除·标记复制·标记整理
莫问前路漫漫3 小时前
WinMerge v2.16.41 中文绿色版深度解析:文件对比与合并的全能工具
java·开发语言·python·jdk·ai编程
九皇叔叔4 小时前
【03】SpringBoot3 MybatisPlus BaseMapper 源码分析
java·开发语言·mybatis·mybatis plus
挖矿大亨4 小时前
c++中的函数模版
java·c++·算法
a程序小傲4 小时前
得物Java面试被问:RocketMQ的消息轨迹追踪实现
java·linux·spring·面试·职场和发展·rocketmq·java-rocketmq
青春男大4 小时前
Redis和RedisTemplate快速上手
java·数据库·redis·后端·spring·缓存
热门推荐
01GitHub 镜像站点02【网络安全测试】Burp Suite工具使用说明、配置及常见问题(有关必回)03OpenCode 入门教程:介绍 · 安装 · 配置第三方 API (如 Claude)04Claude Code Skills 实用使用手册05struts2 XML外部实体注入漏洞复现(CVE-2025-68493)06UV安装并设置国内源07Open Code教程(四)| 高级配置与集成08在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)09在Trae中使用Pencil MCP10AI 规范驱动开发“三剑客”深度对比:Spec-Kit、Kiro 与 OpenSpec 实战指南