用户身份认证信息
Principal是用户身份信息,Credentials是用户凭证信息(密码),Auth是用户权限
package com.alatus.secrurity.config;
import com.alatus.secrurity.Handler.MyAuthenticationEntryPoint;
import com.alatus.secrurity.Handler.MyAuthenticationFailureHandler;
import com.alatus.secrurity.Handler.MyAuthenticationSuccessHandler;
import com.alatus.secrurity.Handler.MyLogoutSuccessHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
import static org.springframework.security.config.Customizer.withDefaults;
@Configuration
//开启Spring Security的自定义配置
@EnableWebSecurity
public class WebSecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated());
http.formLogin(formLogin->{
formLogin.loginPage("/login").permitAll()
// 修改自定义的表单参数
.usernameParameter("myUsername")
.passwordParameter("myPassword")
.failureUrl("/login?failure")
.failureHandler(new MyAuthenticationFailureHandler())
// 这里将默认的登录成功handler改为我们自定义的handler
.successHandler(new MyAuthenticationSuccessHandler());
//如果不配置permitAll,就会导致出现login页是初始登录页,但是这个页面资源又收到保护,导致跳转回登录页
//但是登录页又收到保护,于是又要跳转到登录页,就会形成页面递归导致报错
});
http.logout((Logout)->{
Logout.logoutSuccessHandler(new MyLogoutSuccessHandler());
});
http.exceptionHandling(exceptionHandling->{
exceptionHandling.authenticationEntryPoint(new MyAuthenticationEntryPoint());
});
http.csrf(csrf->csrf.disable());
http.cors(withDefaults());
return http.build();
}
// @Bean
// public UserDetailsService userDetailsService() {
//// 创建基于内存的用户信息管理器
//// InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
//// 创建基于数据库的用户信息管理器
// DBUserDetailsManager manager = new DBUserDetailsManager();
//// 创建UserDetails对象,并设置用户名、密码、角色权限等内容
//// 因为用户都在数据库创建保存和查询,所以这里我们使用数据库中的用户信息进行登录验证
//// manager.createUser(User.withDefaultPasswordEncoder().username("admin").password("admin").roles("USER").build());
//// 这里我们的manager对象用于管理我们创建的用户信息
// return manager;
// }
}
package com.alatus.secrurity.Handler;
import com.alibaba.fastjson.JSON;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
public class MyAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
Map<String, Object> result = new HashMap<>();
result.put("code", 100);
result.put("msg", "未登录");
result.put("data", authException.getLocalizedMessage());
String json = JSON.toJSONString(result);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().println(json);
}
}
package com.alatus.secrurity.app;
import com.alatus.secrurity.entity.User;
import com.alatus.secrurity.service.UserService;
import com.alibaba.fastjson.JSON;
import jakarta.annotation.Resource;
import org.springframework.web.bind.annotation.*;
import java.util.List;
@RestController
@RequestMapping("/user")
public class UserController {
@Resource
private UserService userService;
@GetMapping("/list")
public String userShow(){
List<User> list = userService.list();
System.out.println(list.size());
for (User user : list) {
System.out.println("User ID: " + user.getId());
System.out.println("Username: " + user.getUsername());
System.out.println("Password: " + user.getPassword());
System.out.println("Enabled: " + user.getEnable());
}
for (User user : list) {
System.out.println(JSON.toJSONString(user));
}
return JSON.toJSONString(list);
}
@PostMapping("/register")
public String register(@RequestBody User user){
userService.saveUserDetails(user);
return "注册成功";
}
}
package com.alatus.secrurity.web;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.security.core.context.SecurityContextHolder;
import java.util.Collection;
@Controller
public class IndexController {
@GetMapping("/")
public String index(Model model) {
SecurityContext context = SecurityContextHolder.getContext();
Authentication authentication = context.getAuthentication();
User principal = (User) authentication.getPrincipal();
Object credentials = authentication.getCredentials();
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
model.addAttribute("name", principal.getUsername());
return "index";
}
@GetMapping("/login")
public String login() {
return "login";
}
}
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>Hello World</title>
</head>
<body>
<h1 th:text="'Hello ' + ${name} + '!'"></h1>
要使用动态链接,不然会找不到
<br>
<a th:href="@{/logout}">Logout</a></a>
<a href="/logout">退出</a>
</body>
</html>