package com.example.springbootmybatis.config;
import com.example.springbootmybatis.user.pojo.UserVo;
import com.example.springbootmybatis.user.service.UserService;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import java.io.IOException;
/**
* @ClassName:SecurityConfig
* @Author: xuli
* @Date: 2024/10/21 19:59
* @Description: security配置类
*/
@EnableWebSecurity
@Configuration
public class SecurityConfig {
@Autowired
private UserService userService;
/**
* 定义过滤器拦截
* @param http
* @return
* @throws Exception
*/
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception{
http.authorizeHttpRequests(auth->auth
.requestMatchers("/").permitAll() // 公开访问
.requestMatchers("/user/**").hasAnyAuthority("user_admin")//资源需具有的权限
.requestMatchers("/teaType/**").hasAnyAuthority("guest","user_admin")
.anyRequest().authenticated())//每个请求都要认证
.formLogin((form)-> form.loginPage("/login")//登录页面
// .successForwardUrl("/main")//登录成功跳转页面,如无效也可使用AuthenticationSuccessHandler
.successHandler(authenticationSuccessHandler())
.failureUrl("/login?error=true")//登录失败重定向登录页面,并提示错误信息
.permitAll()
).logout(logout->logout.logoutUrl("/loginOut"));//推出登录;
http.exceptionHandling(handling->handling.accessDeniedHandler(new MyAccessDeniedHandler()));//权限不足返回页面
return http.build();
}
private AuthenticationSuccessHandler authenticationSuccessHandler(){
return new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
response.sendRedirect("/main");
}
};
}
/**
* 获取用户信息
* @param passwordEncoder
* @return
*/
@Bean
public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder){
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserDetails user=null;
if(!username.isBlank()){
UserVo userVo= userService.getUserByName(username);
if (userVo!=null){
user= User.builder()
.username(userVo.getUserName())
.password(passwordEncoder.encode(userVo.getPassword()))
.authorities(userVo.getAuth())
.build();
}
}
return user;
}
};
}
/**
* 定义加密算法
* @return
*//*
*/
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder(10);//使用BCrypt,加密强度,值越大安全性越高
}
}
springBootMybatis.rar (72个子文件) 
springBootMybatis 
HELP.md 2KB mvnw.cmd 7KB pom.xml 4KB src test java com example springbootmybatis SpringBootMybatisApplicationTests.java 241B main resources templates 
userManagePage.html 207B main.html 244B noPermission.html 190B error loginError.html 171B login.html 750B teaType.html 1001B Mapper UserMapper.xml 701B TeaTypeMapper.xml 1KB static application.yml 491B java com example springbootmybatis SpringBootMybatisApplication.java 356B user mapper UserMapper.java 619B UserController.java 2KB pojo UserVo.java 570B service UserService.java 394B UserServiceImpl.java 801B teaTypeFunction mapper TeaTypeMapper.java 790B controller TeaTypeController.java 1KB TeaTypePageController.java 2KB pojo ResponseMessage.java 708B TeaType.java 369B service TeaTypeServiceImpl.java 1001B TeaTypeService.java 796B config SecurityConfig.java 4KB WebConfig.java 757B MyAccessDeniedHandler.java 874B login LoginController.java 3KB .mvn wrapper maven-wrapper.properties 951B .idea jarRepositories.xml 864B uiDesigner.xml 9KB sqldialects.xml 236B vcs.xml 188B workspace.xml 9KB misc.xml 487B inspectionProfiles Project_Default.xml 987B compiler.xml 795B .gitignore 184B encodings.xml 191B target classes templates userManagePage.html 207B main.html 244B noPermission.html 190B error loginError.html 171B login.html 750B teaType.html 1001B Mapper UserMapper.xml 701B TeaTypeMapper.xml 1KB application.yml 491B com example springbootmybatis SpringBootMybatisApplication.class 798B user mapper UserMapper.class 476B pojo UserVo.class 4KB service UserService.class 392B UserServiceImpl.class 1KB UserController.class 2KB teaTypeFunction mapper TeaTypeMapper.class 1KB controller TeaTypePageController.class 2KB TeaTypeController.class 2KB pojo TeaType.class 3KB ResponseMessage.class 4KB service TeaTypeServiceImpl.class 2KB TeaTypeService.class 642B config SecurityConfig$1.class 1KB WebConfig.class 1KB SecurityConfig.class 7KB MyAccessDeniedHandler.class 1KB SecurityConfig$2.class 3KB login LoginController.class 4KB test-classes com example springbootmybatis SpringBootMybatisApplicationTests.class 596B generated-test-sources test-annotations generated-sources annotations mvnw 10KB .gitignore 395B资源评论
ciku
- 粉丝: 190
- 资源: 2
最新资源
- 以下是一些微信小程序开发相关的资源.docx
- linux的概要介绍与分析
- Python 实现WOA-CNN-BiLSTM鲸鱼算法优化卷积双向长短期记忆神经网络时间序列预测(含完整的程序和代码详解)
- python的概要介绍与分析
- 新建压缩(zipped)文件夹.zip
- Python 实现BO-GRU贝叶斯优化门控循环单元时间序列预测(含完整的程序和代码详解)
- 微信小程序的概要介绍与分析
- 关于使用 Python 实现时间序列预测,特别是 ARIMAX 模型的详细总结(包含详细的完整的程序和数据)
- 卓晴 的概要介绍与分析(1)
- 基于北方苍鹰算法(NGO)优化双向长短期记忆网络(BiLSTM)进行多输入单输出回归预测的Python 示例(包含详细的完整的程
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
