本文共 6742 字,大约阅读时间需要 22 分钟。
4.0.0 org.springframework.boot spring-boot-starter-parent 1.5.20.BUILD-SNAPSHOT com.example safe-demo 0.0.1-SNAPSHOT safe-demo Demo project for Spring Boot 1.8 org.springframework.boot spring-boot-starter-security org.springframework.boot spring-boot-starter-thymeleaf org.springframework.boot spring-boot-starter-web org.thymeleaf.extras thymeleaf-extras-springsecurity4 org.springframework.boot spring-boot-starter-test test org.springframework.security spring-security-test test org.springframework.boot spring-boot-devtools true org.springframework springloaded 1.2.6.RELEASE ch.qos.logback logback-core 1.1.8 ch.qos.logback logback-classic 1.1.8 org.slf4j slf4j-api 1.7.22 org.projectlombok lombok 1.16.12 com.alibaba druid 1.0.9 org.mybatis.spring.boot mybatis-spring-boot-starter 1.3.2 com.github.pagehelper pagehelper 4.1.6 mysql mysql-connector-java 5.1.39 com.google.code.gson gson 2.8.0 org.springframework.boot spring-boot-maven-plugin spring-snapshots Spring Snapshots https://repo.spring.io/snapshot true spring-milestones Spring Milestones https://repo.spring.io/milestone spring-snapshots Spring Snapshots https://repo.spring.io/snapshot true spring-milestones Spring Milestones https://repo.spring.io/milestone
public class BrowerSecurityConfig extends WebSecurityConfigurerAdapter { private final static BCryptPasswordEncoder ENCODER = new BCryptPasswordEncoder(); @Bean public PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } @Bean public MyUserDetailService myUserDetailService(){ return new MyUserDetailService(); } @Autowired private UserLoginAuthenticationFailureHandler userLoginAuthenticationFailureHandler; @Autowired private UserLoginAuthenticationSuccessHandler userLoginAuthenticationSuccessHandler; @Autowired private UserLogoutSuccessHandler userLogoutSuccessHandler; @Autowired private UserAuthenticationAccessDeniedHandler userAuthenticationAccessDeniedHandler; @Override protected void configure(HttpSecurity http) throws Exception { http .headers().frameOptions().sameOrigin()//设置弹出层 .and() .authorizeRequests() .antMatchers("/admin/**","/setUserAdmin","/setUser","/deleteUserById") .access("hasRole('ROLE_ADMIN')")//只有管理员才能访问 .antMatchers("/home","/static/**","/getAllUser","/register_page", "/register","/checkNameIsExistOrNot")//静态资源等不需要验证 .permitAll()//不需要身份认证 .anyRequest().authenticated()//其他路径必须验证身份 .and() .formLogin() .loginPage("/login_page")//登录页面 .loginProcessingUrl("/login") .usernameParameter("username") .passwordParameter("password") .failureHandler(userLoginAuthenticationFailureHandler)//验证失败处理 .successHandler(userLoginAuthenticationSuccessHandler)//验证成功处理 .permitAll()//登录页面不需要验证 .and() .logout() .logoutSuccessHandler(userLogoutSuccessHandler)//登出处理 .permitAll() .and() .csrf().disable() .exceptionHandling().accessDeniedHandler(userAuthenticationAccessDeniedHandler);//无权限时的处理 } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(myUserDetailService()).passwordEncoder(new PasswordEncoder() { @Override public String encode(CharSequence charSequence) { return ENCODER.encode(charSequence); } @Override public boolean matches(CharSequence charSequence, String s) { if ( !ENCODER.matches(charSequence,s)){ // log.info("{}","密码对不上"); }else { // log.info("{}","密码OK"); } return ENCODER.matches(charSequence,s); } }); }}
转载地址:http://fxcqb.baihongyu.com/