package com.example.springbootmybatis.config;
import com.example.springbootmybatis.user.pojo.UserVo;
import com.example.springbootmybatis.user.service.UserService;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import java.io.IOException;
/**
* @ClassName:SecurityConfig
* @Author: xuli
* @Date: 2024/10/21 19:59
* @Description: security配置类
*/
@EnableWebSecurity
@Configuration
public class SecurityConfig {
@Autowired
private UserService userService;
/**
* 定义过滤器拦截
* @param http
* @return
* @throws Exception
*/
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception{
http.authorizeHttpRequests(auth->auth
.requestMatchers("/").permitAll() // 公开访问
.requestMatchers("/user/**").hasAnyAuthority("user_admin")//资源需具有的权限
.requestMatchers("/teaType/**").hasAnyAuthority("guest","user_admin")
.anyRequest().authenticated())//每个请求都要认证
.formLogin((form)-> form.loginPage("/login")//登录页面
// .successForwardUrl("/main")//登录成功跳转页面,如无效也可使用AuthenticationSuccessHandler
.successHandler(authenticationSuccessHandler())
.failureUrl("/login?error=true")//登录失败重定向登录页面,并提示错误信息
.permitAll()
).logout(logout->logout.logoutUrl("/loginOut"));//推出登录;
http.exceptionHandling(handling->handling.accessDeniedHandler(new MyAccessDeniedHandler()));//权限不足返回页面
return http.build();
}
private AuthenticationSuccessHandler authenticationSuccessHandler(){
return new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
response.sendRedirect("/main");
}
};
}
/**
* 获取用户信息
* @param passwordEncoder
* @return
*/
@Bean
public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder){
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserDetails user=null;
if(!username.isBlank()){
UserVo userVo= userService.getUserByName(username);
if (userVo!=null){
user= User.builder()
.username(userVo.getUserName())
.password(passwordEncoder.encode(userVo.getPassword()))
.authorities(userVo.getAuth())
.build();
}
}
return user;
}
};
}
/**
* 定义加密算法
* @return
*//*
*/
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder(10);//使用BCrypt,加密强度,值越大安全性越高
}
}
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
springBootMybatis.rar (72个子文件)
springBootMybatis
HELP.md 2KB
mvnw.cmd 7KB
pom.xml 4KB
src
test
java
com
example
springbootmybatis
SpringBootMybatisApplicationTests.java 241B
main
resources
templates
userManagePage.html 207B
main.html 244B
noPermission.html 190B
error
loginError.html 171B
login.html 750B
teaType.html 1001B
Mapper
UserMapper.xml 701B
TeaTypeMapper.xml 1KB
static
application.yml 491B
java
com
example
springbootmybatis
SpringBootMybatisApplication.java 356B
user
mapper
UserMapper.java 619B
UserController.java 2KB
pojo
UserVo.java 570B
service
UserService.java 394B
UserServiceImpl.java 801B
teaTypeFunction
mapper
TeaTypeMapper.java 790B
controller
TeaTypeController.java 1KB
TeaTypePageController.java 2KB
pojo
ResponseMessage.java 708B
TeaType.java 369B
service
TeaTypeServiceImpl.java 1001B
TeaTypeService.java 796B
config
SecurityConfig.java 4KB
WebConfig.java 757B
MyAccessDeniedHandler.java 874B
login
LoginController.java 3KB
.mvn
wrapper
maven-wrapper.properties 951B
.idea
jarRepositories.xml 864B
uiDesigner.xml 9KB
sqldialects.xml 236B
vcs.xml 188B
workspace.xml 9KB
misc.xml 487B
inspectionProfiles
Project_Default.xml 987B
compiler.xml 795B
.gitignore 184B
encodings.xml 191B
target
classes
templates
userManagePage.html 207B
main.html 244B
noPermission.html 190B
error
loginError.html 171B
login.html 750B
teaType.html 1001B
Mapper
UserMapper.xml 701B
TeaTypeMapper.xml 1KB
application.yml 491B
com
example
springbootmybatis
SpringBootMybatisApplication.class 798B
user
mapper
UserMapper.class 476B
pojo
UserVo.class 4KB
service
UserService.class 392B
UserServiceImpl.class 1KB
UserController.class 2KB
teaTypeFunction
mapper
TeaTypeMapper.class 1KB
controller
TeaTypePageController.class 2KB
TeaTypeController.class 2KB
pojo
TeaType.class 3KB
ResponseMessage.class 4KB
service
TeaTypeServiceImpl.class 2KB
TeaTypeService.class 642B
config
SecurityConfig$1.class 1KB
WebConfig.class 1KB
SecurityConfig.class 7KB
MyAccessDeniedHandler.class 1KB
SecurityConfig$2.class 3KB
login
LoginController.class 4KB
test-classes
com
example
springbootmybatis
SpringBootMybatisApplicationTests.class 596B
generated-test-sources
test-annotations
generated-sources
annotations
mvnw 10KB
.gitignore 395B
共 72 条
- 1
资源评论
ciku
- 粉丝: 190
- 资源: 2
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 以下是一些微信小程序开发相关的资源.docx
- linux的概要介绍与分析
- Python 实现WOA-CNN-BiLSTM鲸鱼算法优化卷积双向长短期记忆神经网络时间序列预测(含完整的程序和代码详解)
- python的概要介绍与分析
- 新建压缩(zipped)文件夹.zip
- Python 实现BO-GRU贝叶斯优化门控循环单元时间序列预测(含完整的程序和代码详解)
- 微信小程序的概要介绍与分析
- 关于使用 Python 实现时间序列预测,特别是 ARIMAX 模型的详细总结(包含详细的完整的程序和数据)
- 卓晴 的概要介绍与分析(1)
- 基于北方苍鹰算法(NGO)优化双向长短期记忆网络(BiLSTM)进行多输入单输出回归预测的Python 示例(包含详细的完整的程
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功