修改和完成SpringSecurity的登录功能

1、配置SpringSecurity改变默认表单页面但是流程不变

添加loginPage、loginProcessingUrl方法

	//做拦截
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// 请求授权
		http.formLogin()
		.loginPage("/require")//自定义登录页面
		.loginProcessingUrl("/loginPage")//security默认处理流程  表单:action="/loginPage" method="post"
		.and().authorizeRequests()
		//授权放行
		.antMatchers("/loginPage","/require","/registerVisitor","/judgeSMS","/sendSMS","/visitorRegister","/visitorLogin","/index","/mood","/findMood","/findAllBlog","/findAllAlbum","/findAllArchives","/link",
				"/css/**","/editor.md/**","/images/**","/js/**","/layer/**","/social/**","/statics/**","/upload/**").permitAll()
		//所有请求
		.anyRequest()
		//都需要身份认证
		.authenticated().and()
		//43、使用Layer打开select-mood子页面并配置SpringSecurity允许Iframe嵌入页面 
		.headers().frameOptions().disable().and()
		//跨站请求伪造的防护
		.csrf().disable()
		//添加我们所写的spring social配置
		.apply(zzzSocialSecurityConfig);
	}
//在MainController中添加
	@RequestMapping("/require")
	public String require() {
		return "/login.html";
	}

表单提交

<form action="/loginPage" method="post" class="login100-form validate-form">

测试:SecurityUserService中打印用户名

	//用户名密码登录
	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		// TODO 在数据库中找
		System.out.println(username);
		
		...
	}

测试成功

2、完成访客登录功能且拓展登录失败与登录成功的Handler

访客登录

package com.zzz.blog.service;

import ...

@Component
public class SecurityUserService implements UserDetailsService{

	//加密方法返回值
	@Autowired
	private PasswordEncoder passwordEncoder;
	
	@Autowired
	private UserService userService;
	
	@Autowired
	private VisitorService visitorService;
	
	//用户名密码登录
	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		// TODO 在数据库中找
		System.out.println(username);
		
		User user = userService.findUserByUsername(username);
		if(user != null) {
			//将用户信息给SpringSecurity管理
			return new SocialUser(user.getUsername(), passwordEncoder.encode(user.getPassword()), AuthorityUtils.commaSeparatedStringToAuthorityList("ADMIN"));
		}
		
		Visitor visitor = visitorService.findVisitorByUsername(username);
		if(visitor != null) {
			return new SocialUser(visitor.getUsername(), passwordEncoder.encode(visitor.getPassword()), AuthorityUtils.commaSeparatedStringToAuthorityList("VISITOR"));
		}
		
		throw new UsernameNotFoundException("用户不存在!!");
	}

}

拓展登录失败与登录成功的Handler的事件处理,添加handler

package com.zzz.blog.config;

import ...

//安全配置类
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{

	//SpringSecurity加密方法返回值
	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}
	
	@Autowired
	private SpringSocialConfigurer zzzSocialSecurityConfig;
	
	@Autowired
	private LoginSuccessHandler loginSuccessHandler;
	@Autowired
	private LoginFailureHandler loginFailureHandler;
	
	//做拦截
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// 请求授权
		http.formLogin()
		.loginPage("/require")//自己的登录页面
		.loginProcessingUrl("/loginPage")//security默认处理流程  表单登录提交路径:action="/loginPage" method="post"
		.failureHandler(loginFailureHandler) //登录失败的Handler
		.successHandler(loginSuccessHandler)  //登录成功的Handler
		.and().authorizeRequests()
		//授权放行
		.antMatchers("/loginPage","/require","/registerVisitor","/judgeSMS","/sendSMS","/visitorRegister","/visitorLogin","/index","/mood","/findMood","/findAllBlog","/findAllAlbum","/findAllArchives","/link",
				"/css/**","/editor.md/**","/images/**","/js/**","/layer/**","/social/**","/statics/**","/upload/**").permitAll()
		//所有请求
		.anyRequest()
		//都需要身份认证
		.authenticated().and()
		//43、使用Layer打开select-mood子页面并配置SpringSecurity允许Iframe嵌入页面 
		.headers().frameOptions().disable().and()
		//跨站请求伪造的防护
		.csrf().disable()
		//添加我们所写的spring social配置
		.apply(zzzSocialSecurityConfig);
	}
	
}
package com.zzz.blog.handler;

import ...

@Component
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{

	@Override
	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
			Authentication authentication) throws ServletException, IOException {
		// TODO 登录成功后的处理
		
		super.onAuthenticationSuccess(request, response, authentication);
	}
	
}
package com.zzz.blog.handler;

import ...

@Component
public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler{

	@Override
	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
			AuthenticationException exception) throws IOException, ServletException {
		// TODO 登录失败后的处理
		
		super.onAuthenticationFailure(request, response, exception);
	}

}

你可能感兴趣的:(#,个人博客项目,java,spring,boot)