工作解决方案:
最后,在您的帮助下,我找到了一个可行的解决方案。谢谢你 如果有人对java配置的spring安全感兴趣,请关注所有需要的文件:
登录JSP:
<div ><form method="POST" action="<c:url value='/login/process-login'/>"> <div > <span ></span> <img src="<c:url value='/img/itensis_logo.gif'/>" /> </div> <h2 >${msg_heading}</h2> <c:if test="${error == true}"> <div > <button type="button" >×</button> <p>${msg_error}</p> </div> </c:if> <input type="text" name="security_username" id="security_username" placeholder="${msg_username}" required autofocus> <input type="password" name="security_password" id="security_password" placeholder="${msg_password}" required> <label > <input type="checkbox" name="remember_me_checkbox"> ${msg_rememberMe} </label> <button type="submit"> <i ></i> <span>${msg_login}</span> </button></form>SecurityConfig.java
@Configuration@EnableWebSecurity@EnableGlobalMethodSecurity(securedEnabled=true, prePostEnabled=true)public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailService; @Autowired private DataSource dataSource; @Override public void configure(WebSecurity web) throws Exception { web .ignoring() .antMatchers("/js/**","/css/**","/img/**","/webjars/**","/pages/**"); } @Override public void configure(AuthenticationManagerBuilder auth) throws Exception { ShaPasswordEnprer shaPasswordEnprer = new ShaPasswordEnprer(256); auth .jdbcAuthentication() .dataSource(dataSource) .usersByUsernameQuery(getUserQuery()) .authoritiesByUsernameQuery(getAuthoritiesQuery()) .passwordEnprer(shaPasswordEnprer); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Override public void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().hasAuthority("BASIC_PERMISSION") .and() .formLogin() .loginPage("/login/login") .defaultSuccessUrl("/login/success-login", true) .failureUrl("/login/error-login") .loginProcessingUrl("/login/process-login") .usernameParameter("security_username") .passwordParameter("security_password") .permitAll() .and() .logout() .logoutSuccessUrl("/login/login") .logoutUrl("/login/logout") .permitAll() .and() .rememberMe() .key("your_key") .rememberMeServices(rememberMeServices()) .and() .csrf() .disable(); } @Bean public RememberMeServices rememberMeServices() { // Key must be equal to rememberMe().key() TokenbasedRememberMeServices rememberMeServices = new TokenbasedRememberMeServices("your_key", userDetailService); rememberMeServices.setcookieName("remember_me_cookie"); rememberMeServices.setParameter("remember_me_checkbox"); rememberMeServices.setTokenValiditySeconds(2678400); // 1month return rememberMeServices; } @Bean public UserDetailsService userDetailService() { return new SecurityUserDetailService(); } private String getUserQuery() { return "SELECt username as username, password as password, active as enabled " + "FROM employee " + "WHERe username = ?"; } private String getAuthoritiesQuery() { return "SELECt DISTINCT employee.username as username, permission.name as authority " + "FROM employee, employee_role, role, role_permission, permission " + "WHERe employee.id = employee_role.employee_id " + "AND role.id = employee_role.role_id " + "AND role.id = role_permission.role_id " + "AND permission.id = role_permission.permission_id " + "AND employee.username = ? " + "AND employee.active = 1"; }}LoginController.java
@Controller@RequestMapping("/login")public class LoginController { @RequestMapping(value={"/login"}, method=RequestMethod.GET) public ModelAndView showLoginPage() { return new ModelAndView("loginForm"); } @RequestMapping(value="/success-login", method=RequestMethod.GET) public String successLogin() { return "forward:/dashboard/dashboard"; } @RequestMapping(value="/error-login", method=RequestMethod.GET) public ModelAndView invalidLogin() { ModelAndView modelAndView = new ModelAndView("loginForm"); modelAndView.addObject("error", true); return modelAndView; } @RequestMapping(value="/logout", method=RequestMethod.POST) public ModelAndView logout() { return new ModelAndView("dashboardForm"); } }更新1:SecurityUserDetailService
@Service@Transactionalpublic class SecurityUserDetailService implements UserDetailsService { @Autowired private EmployeeService employeeService; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { try { Employee loggedInEmployee = employeeService.findEmployeeByUsername(username); List<GrantedAuthority> authorities = getAuthorities(loggedInEmployee); boolean enabled = true; boolean accountNonExpired = true; boolean credentialsNonExpired = true; boolean accountNonLocked = true; return new User( loggedInEmployee.getUsername(), loggedInEmployee.getPassword().toLowerCase(), enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); } catch (Exception e) { throw new RuntimeException(e); } } private static List<GrantedAuthority> getAuthorities(Employee employee) { List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); for (Role role : employee.getRoles()) { for (Permission permission : role.getPermissions()) { authorities.add(new SimpleGrantedAuthority(permission.getName())); } } return authorities; }}欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)