一. ssm配置
1.首先在web.xml文件中配置过滤器和监听器
contextConfigLocation
classpath:spring-security.xml
org.springframework.web.context.ContextLoaderListener
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
2.在resources文件夹下创建spring-security配置文件,还要创建验证用户名密码的方法
@Service("userService")
@Transactional(rollbackFor = Exception.class)
public class UserServiceImpl implements IUserService {
private final IUserDao userDao;
private final BCryptPasswordEncoder bCryptPasswordEncoder;
@Autowired
public UserServiceImpl(IUserDao userDao, BCryptPasswordEncoder bCryptPasswordEncoder) {
this.userDao = userDao;
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserInfo userInfo;
User user=null;
try {
userInfo = userDao.findByUsername(username);
if (userInfo!=null) {
user = new User(userInfo.getUsername(), userInfo.getPassword(), userInfo.getStatus() != 0,
true, true, true, getAuthority(userInfo.getRoles()));
}
} catch (Exception e) {
e.printStackTrace();
}
return user;
}
private List getAuthority(List roles){
List list=new ArrayList<>();
for (Role role : roles) {
list.add(new SimpleGrantedAuthority("ROLE_"+role.getRoleName()));
}
return list;
}
这是使用加密类的配置方式,如果不使用加密类,可把
注意:使用springsecurity5,需要加上{noop}指定使用NoOpPasswordEncoder给DelegatingPasswordEncoder去校验密码,这样我们再配置前端登录就可以了
二.springBoot配置
1.springBoot配置起来就简单许多了,我们先配置一个不加密的
package com.logoxiang.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
/**
* @Author: logoxiang
* @Date: 2019/2/14 9:21
*/
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
/**
* 配置拦截器保护请求
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().sameOrigin().and().csrf() .disable().authorizeRequests()
.antMatchers("/admin/**").hasRole("USER")/*与之匹配的请求/用户/*要求对用户进行身份验证,并且必须与用户角色*/
.anyRequest().permitAll().and().
formLogin()
.loginPage("/login.html").loginProcessingUrl("/denglu").
defaultSuccessUrl("/admin/index.html").failureUrl("/login.html").and().logout().logoutSuccessUrl("/login.html");
}
/**
* 配置user-detail服务
* @param auth
* @throws Exception
*/
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder())
.withUser("logoxiang").password("1234").roles("USER");
}
}
public class MyPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return s.equals(charSequence.toString());
}
}
2.再配置一个加密的:
@Component
public class UserDetailsConfig implements UserDetailsService {
@Autowired
private SellerService sellerService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException{
List grantAuths = new ArrayList();
grantAuths.add(new SimpleGrantedAuthority("USER"));
TbSeller seller = sellerService.findOne(username);
if(seller != null){
if(seller.getStatus().equals("1")){
return new User(username,seller.getPassword(),grantAuths );
}else{
return null;
}
}
return null ;
}
}
@Configuration
public class BcryptEncoderConfig {
@Bean
public BCryptPasswordEncoder createB(){
return new BCryptPasswordEncoder();
}
}
这个我写的有点不完善,待更