package com.vismee.springmvcsecurity.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.provisioning.JdbcUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import javax.sql.DataSource;
@Configuration
public class SecurityConfig
{
@Bean
public UserDetailsManager userDetailsManager(DataSource dataSource)
{
JdbcUserDetailsManager manager = new JdbcUserDetailsManager(dataSource);
manager.setUsersByUsernameQuery("select user_id, pw, active from members where user_id=?");
manager.setAuthoritiesByUsernameQuery("select user_id, role from roles where user_id=?");
return manager;
}
/* Using Spring Security Db Default Schema
@Bean
public UserDetailsManager userDetailsManager(DataSource dataSource)
{
return new JdbcUserDetailsManager(dataSource);
}
*/
/* In Memory authentication
@Bean
public InMemoryUserDetailsManager userDetailsManager()
{
UserDetails john = User.builder().
username("john").
password("{noop}john123").
roles("EMPLOYEE").
build();
UserDetails mary = User.builder().
username("mary").
password("{noop}mary123").
roles("MANAGER").
build();
UserDetails susan = User.builder().
username("susan").
password("{noop}susan123").
roles("ADMIN").
build();
return new InMemoryUserDetailsManager(john,mary,susan);
}
*/
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception
{
http.
// To setup role based access
authorizeHttpRequests(configurer -> configurer.
requestMatchers("/").hasAnyRole("EMPLOYEE","MANAGER","ADMIN").
requestMatchers("/courseMaterials/**").hasAnyRole("MANAGER", "ADMIN").
requestMatchers("/courseFees/**").hasRole("ADMIN").
anyRequest().authenticated()).
// Configuring custom access denied page for forbidden access
exceptionHandling(configurer -> configurer.accessDeniedPage("/accessDenied")).
/* Referencing custom login form instead of Spring Boot default login form
/showLogin - request mapping that we need to create to show the login form
/authenticateUser - the login form should post/submit the data to this url for processing. No need to create this code.
*/
formLogin(form -> form.loginPage("/showLogin").loginProcessingUrl("/authenticateUser").permitAll()).
/*
Configuring application logout support. This will by default expose the url /logout
for logging out of the application. We need to create logout button wherever needed
as a form button so that it can post the data to Url /logout. And we dont want to create
code for /logout.
Spring Boot handles logging out of the application by
1. Invalidating user's HTTP session and session cookies
2. Sending user back to login page
3. Appending ?logout parameter in url
*/
logout(logout -> logout.permitAll());
return http.build();
}
}
Spring MVC Security-添加自定义登录表单,显示无效凭据、基于角色的访问、自定义访问被拒绝的错误消息.zip
版权申诉
76 浏览量
2024-01-09
14:31:13
上传
评论
收藏 76KB ZIP 举报
Spring MVC Security-添加自定义登录表单,显示无效凭据、基于角色的访问、自定义访问被拒绝的错误消息.zip (21个子文件) 
SpringMVCSecurity-master 
mvnw.cmd 7KB sql-scripts employee-directory.sql 705B 04-setup-spring-security-demo-database-plaintext.sql 1KB 05-setup-spring-security-demo-database-bcrypt.sql 1KB pom.xml 2KB src test java com vismee springmvcsecurity SpringmvcsecurityApplicationTests.java 231B main resources application.properties 210B templates 
home.html 1KB login-prettypage.html 2KB course-material.html 453B login-page.html 580B access-denied.html 287B course-fee.html 458B java com vismee springmvcsecurity SpringmvcsecurityApplication.java 343B security SecurityConfig.java 4KB controller LoginController.java 427B HomeController.java 507B .mvn wrapper maven-wrapper.properties 233B
maven-wrapper.jar 61KB mvnw 11KB .gitignore 395B 1 资源评论
