添加loginPage、loginProcessingUrl方法
//做拦截
@Override
protected void configure(HttpSecurity http) throws Exception {
// 请求授权
http.formLogin()
.loginPage("/require")//自定义登录页面
.loginProcessingUrl("/loginPage")//security默认处理流程 表单:action="/loginPage" method="post"
.and().authorizeRequests()
//授权放行
.antMatchers("/loginPage","/require","/registerVisitor","/judgeSMS","/sendSMS","/visitorRegister","/visitorLogin","/index","/mood","/findMood","/findAllBlog","/findAllAlbum","/findAllArchives","/link",
"/css/**","/editor.md/**","/images/**","/js/**","/layer/**","/social/**","/statics/**","/upload/**").permitAll()
//所有请求
.anyRequest()
//都需要身份认证
.authenticated().and()
//43、使用Layer打开select-mood子页面并配置SpringSecurity允许Iframe嵌入页面
.headers().frameOptions().disable().and()
//跨站请求伪造的防护
.csrf().disable()
//添加我们所写的spring social配置
.apply(zzzSocialSecurityConfig);
}
//在MainController中添加
@RequestMapping("/require")
public String require() {
return "/login.html";
}
表单提交
<form action="/loginPage" method="post" class="login100-form validate-form">
测试:SecurityUserService中打印用户名
//用户名密码登录
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// TODO 在数据库中找
System.out.println(username);
...
}
测试成功
访客登录
package com.zzz.blog.service;
import ...
@Component
public class SecurityUserService implements UserDetailsService{
//加密方法返回值
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private UserService userService;
@Autowired
private VisitorService visitorService;
//用户名密码登录
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// TODO 在数据库中找
System.out.println(username);
User user = userService.findUserByUsername(username);
if(user != null) {
//将用户信息给SpringSecurity管理
return new SocialUser(user.getUsername(), passwordEncoder.encode(user.getPassword()), AuthorityUtils.commaSeparatedStringToAuthorityList("ADMIN"));
}
Visitor visitor = visitorService.findVisitorByUsername(username);
if(visitor != null) {
return new SocialUser(visitor.getUsername(), passwordEncoder.encode(visitor.getPassword()), AuthorityUtils.commaSeparatedStringToAuthorityList("VISITOR"));
}
throw new UsernameNotFoundException("用户不存在!!");
}
}
拓展登录失败与登录成功的Handler的事件处理,添加handler
package com.zzz.blog.config;
import ...
//安全配置类
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
//SpringSecurity加密方法返回值
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
private SpringSocialConfigurer zzzSocialSecurityConfig;
@Autowired
private LoginSuccessHandler loginSuccessHandler;
@Autowired
private LoginFailureHandler loginFailureHandler;
//做拦截
@Override
protected void configure(HttpSecurity http) throws Exception {
// 请求授权
http.formLogin()
.loginPage("/require")//自己的登录页面
.loginProcessingUrl("/loginPage")//security默认处理流程 表单登录提交路径:action="/loginPage" method="post"
.failureHandler(loginFailureHandler) //登录失败的Handler
.successHandler(loginSuccessHandler) //登录成功的Handler
.and().authorizeRequests()
//授权放行
.antMatchers("/loginPage","/require","/registerVisitor","/judgeSMS","/sendSMS","/visitorRegister","/visitorLogin","/index","/mood","/findMood","/findAllBlog","/findAllAlbum","/findAllArchives","/link",
"/css/**","/editor.md/**","/images/**","/js/**","/layer/**","/social/**","/statics/**","/upload/**").permitAll()
//所有请求
.anyRequest()
//都需要身份认证
.authenticated().and()
//43、使用Layer打开select-mood子页面并配置SpringSecurity允许Iframe嵌入页面
.headers().frameOptions().disable().and()
//跨站请求伪造的防护
.csrf().disable()
//添加我们所写的spring social配置
.apply(zzzSocialSecurityConfig);
}
}
package com.zzz.blog.handler;
import ...
@Component
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws ServletException, IOException {
// TODO 登录成功后的处理
super.onAuthenticationSuccess(request, response, authentication);
}
}
package com.zzz.blog.handler;
import ...
@Component
public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler{
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
// TODO 登录失败后的处理
super.onAuthenticationFailure(request, response, exception);
}
}