package com.negen.config;
/**
* @ Author :Negen
* @ Date :Created in 17:54 2020/3/5
* @ Description:自定义security配置类
* @ Modified By:
* @Version: 1.0
*/
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.negen.common.ResponseEnum;
import com.negen.common.ServerResponse;
import com.negen.entity.User;
import com.negen.util.PrintUtil;
import com.negen.util.TokenUtil;
import lombok.SneakyThrows;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import com.negen.repository.UserRepository;
import com.negen.service.impl.TemplateUserDetailsService;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class TemplateWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserRepository userRepository;
@Autowired
TemplateUserDetailsService templateUserDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests()
//过滤 swagger2
.antMatchers("/user/create",
"/swagger*//**",
"/v2/api-docs",
"/webjars*//**").permitAll()
//配置所有除上面以为的所有请求必须认证(登录)后才能访问
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/user/login")
//登录接口地址
.loginProcessingUrl("/login")
//登录成功处理
.successHandler(authenticationSuccessHandler())
//登录失败处理
.failureHandler(authenticationFailureHandler())
.and().logout()
.logoutSuccessUrl("/user/login")
// .logoutSuccessHandler(onLogoutSuccess)
.deleteCookies("JSESSIONID")
.permitAll();
}
// 密码加密方式
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
// 设置是否隐藏 UserNotFoundException
provider.setHideUserNotFoundExceptions(false);
provider.setUserDetailsService(templateUserDetailsService);
provider.setPasswordEncoder(passwordEncoder());
return provider;
}
/**
* 认证成功处理
* @return
*/
@Bean
public AuthenticationSuccessHandler authenticationSuccessHandler() {
// 认证(登录)成功
return new AuthenticationSuccessHandler() {
@SneakyThrows
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
//更新并返回token
User user = userRepository.findByUserName(authentication.getName());
String token = TokenUtil.createToken(Long.toString(user.getId()), user.getUserName());
user.setToken(token);
userRepository.save(user);
HashMap dataMap = new HashMap();
dataMap.put("token", token);
System.out.println("Negen=======>登录成功");
PrintUtil.response(response,
ServerResponse.getInstance().responseEnum(ResponseEnum.LOGIN_SUCCESS).data(dataMap).toString());
}
};
}
// 认证失败处理
@Bean
public AuthenticationFailureHandler authenticationFailureHandler() {
return new AuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
if (exception instanceof UsernameNotFoundException) {
// 账号不存在
PrintUtil.response(response,
ServerResponse.getInstance().responseEnum(ResponseEnum.ACCOUNT_NOT_FOUND).toString());
return;
}
// 密码错误
PrintUtil.response(response,
ServerResponse.getInstance().responseEnum(ResponseEnum.LOGIN_FAILED).toString());
}
};
}
}
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
学生信息管理系统后端代码.zip (38个子文件)
student-manage-system-rear-master
pom.xml 3KB
src
test
java
com
negen
StudentManageSystemApplicationTests.java 1KB
main
resources
application-dev.yml 343B
application.yml 35B
java
com
negen
ServletInitializer.java 412B
repository
TeacherRepository.java 660B
StudentRespository.java 580B
ClazzRepository.java 874B
UserRepository.java 821B
StudentManageSystemApplication.java 328B
controller
FileController.java 1KB
ClazzController.java 2KB
UserController.java 2KB
TeacherController.java 2KB
StudentController.java 1KB
service
IClazzService.java 573B
ITeacherService.java 517B
IUserService.java 529B
IStudentService.java 527B
impl
ClazzService.java 5KB
UserService.java 4KB
StudentService.java 4KB
TemplateUserDetailsService.java 2KB
TeacherService.java 4KB
common
ServerResponse.java 1KB
ResponseEnum.java 975B
entity
Teacher.java 560B
Clazz.java 575B
Permission.java 620B
Role.java 663B
Student.java 565B
User.java 925B
util
TokenUtil.java 3KB
PrintUtil.java 643B
vo
ClazzInfoVo.java 419B
UserInfoVo.java 587B
config
TemplateWebSecurityConfig.java 6KB
CorsConfig.java 753B
共 38 条
- 1
资源评论
博士僧小星
- 粉丝: 1945
- 资源: 5903
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功