SpringBoot安全登录验证

项目结构:
SpringBoot安全登录验证_第1张图片

验证实现——WebSecurityConfig.java

package com.dx.config;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
@Configuration
public class WebSecurityConfig extends WebMvcConfigurerAdapter{
     /**
     * 登录session key
     */
    public final static String SESSION_KEY = "user";
    @Bean
    public SecurityInterceptor getSecurityInterceptor() {
        return new SecurityInterceptor();
    }
    public void addInterceptors(InterceptorRegistry registry) {
        InterceptorRegistration addInterceptor = registry.addInterceptor(getSecurityInterceptor());
        // 排除配置
        addInterceptor.excludePathPatterns("/error");
        addInterceptor.excludePathPatterns("/login**");
        // 拦截配置
        addInterceptor.addPathPatterns("/**");
    }
    private class SecurityInterceptor extends HandlerInterceptorAdapter {
        @Override
        public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
                throws Exception {
            HttpSession session = request.getSession();
            if (session.getAttribute(SESSION_KEY) != null)
                return true;
            // 跳转登录
            String url = "/login";
            response.sendRedirect(url);
            return false;
        }
    }
}

请求处理——MainController.java

package com.dx.controller;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpSession;

import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.SessionAttribute;

import com.dx.config.WebSecurityConfig;

@Controller
public class MainController {

    @GetMapping("/")
    public String index(
            @SessionAttribute(WebSecurityConfig.SESSION_KEY) String account,
            Model model) {
        model.addAttribute("name", account);
        return "index";
    }
    @GetMapping("/login")
    public String login() {
        return "login";
    }
    @PostMapping("/loginPost")
    public String loginPost(String account,
            String password, HttpSession session) {
        Map map = new HashMap<>();
        if (!"123456".equals(password)) {
            map.put("success", false);
            map.put("message", "密码错误");
            return "err";
        }
        // 设置session
        session.setAttribute(WebSecurityConfig.SESSION_KEY, account);
        map.put("success", true);
        map.put("message", "登录成功");
        return "index";
    }

    @GetMapping("/logout")
    public String logout(HttpSession session) {
        // 移除session
        session.removeAttribute(WebSecurityConfig.SESSION_KEY);
        return "redirect:/login";
    }
}

index.html


<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>玩转spring boot——简单登录认证title>
head>
<body>
    <h1>登陆成功!<a href="/logout"><font color="blue">注销font>a>h1>
body>
html>

login.xml


<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>玩转spring boot——简单登录认证title>
head>
<body>
    <h1>玩转spring boot——简单登录认证h1>
    <form action="/loginPost" method="post">
        用户名:<input type="text" name="account"/> <br/>
        密码:<input type="password" name="password"/> 
        <br />
        <input type="submit" value="登录" />
    form>
body>
html>

err.html


<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>玩转spring boot——简单登录认证title>
head>
<body>
    <h1>登陆失败!<a href="/logout"><font color="blue">返回font>a>h1>
body>
html>

你可能感兴趣的:(SpringBoot安全登录验证)