1、SpringSecurit实践入门
1.1、自定义登录逻辑
- 自定义密码加密的编码器
@Bean
public PasswordEncoder getPasswordEncoder() {
return new BCryptPasswordEncoder();
}
- 自定义用户名及密码
@Service
public class MyUserDetailService implements UserDetailsService {
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
if (!"lzq".equals(username)){
throw new UsernameNotFoundException("用户名不存在");
}
return new User(username,
passwordEncoder.encode("12345"),//设置密码
AuthorityUtils.commaSeparatedStringToAuthorityList("admin,user"));//设置认证权限
}
}
- 自定义登录页面
@EnableWebSecurity(debug = true)
public class SecurityConfig {
@Bean
SecurityFilterChain configure(HttpSecurity http) throws Exception {
http.formLogin()
//自定义登录页面
.loginPage("/login.html")
//自定义登录请求接口的url
.loginProcessingUrl("/login")
//自定义登录成功后跳转的接口请求url
.successForwardUrl("/hello");
http.authorizeHttpRequests()
//放行登录页面请求
.antMatchers("/login.html").permitAll().
//其余请求都需要登录认证
anyRequest() .authenticated();
//关闭csrf防护
http.csrf().disable();
return http.build();
}
}
4.自定义登录成功及失败的处理器
http.formLogin().successHandler(自定义的登录成功处理类)//自定义登录成功类实现AuthenticationSuccessHandler接口并重写onAuthenticationSuccess方法,在方法内编写登录成功逻辑。
http.formLogin().failureHandler(自定义的登录失败处理类)//自定义登录失败类实现AuthenticationFailureHandler接口并重写onAuthenticationFailure方法,在方法内编写登录失败逻辑。
