个人技术网站 <https://www.open-xcloud.com/> 欢迎关注

平常再做一些项目时,有些项目并不需要复杂的登录权限验证
只需要简单登录权限验证(保证安全可靠的前提下),找来找去只有spring-security最适合不过了,在spring-boot下配置简单 便捷 快速
能满足基本的登录权限控制需求。

第一步:引入spring-security maven依赖
<!-- 整合spring security --> <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId> </dependency>
第二步:编写spring-security配置类 WebSecurityConfig
package com.xcloud.currency.config; import
org.springframework.beans.factory.annotation.Autowired; import
org.springframework.context.annotation.Configuration; import
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.csrf.CsrfFilter; import
org.springframework.web.filter.CharacterEncodingFilter; /** * Xcloud-Api By
IDEA * Created by LaoWang on 2018/8/28. *
WebSecurityConfigurerAdapter:重写它的方法来设置一些web的安全 */ @Configuration
@EnableWebSecurity // 注解开启Spring Security的功能 public class WebSecurityConfig
extends WebSecurityConfigurerAdapter { @Autowired
MyAuthenctiationFailureHandler myAuthenctiationFailureHandler; @Autowired
MyAuthenctiationSuccessHandler myAuthenctiationSuccessHandler; @Override public
void configure(WebSecurity web) throws Exception { //解决静态资源被拦截的问题
web.ignoring().antMatchers("/css/**"); web.ignoring().antMatchers("/js/**");
web.ignoring().antMatchers("/images/**");
web.ignoring().antMatchers("/lib/**"); web.ignoring().antMatchers("/fonts/**");
web.ignoring().antMatchers("/lang/**");
web.ignoring().antMatchers("/login/**");
web.ignoring().antMatchers("/login.html"); //解决服务注册url被拦截的问题
web.ignoring().antMatchers("/swagger-resources/**");
web.ignoring().antMatchers("/v2/**"); web.ignoring().antMatchers("/**/*.json");
} @Override protected void configure(HttpSecurity http) throws Exception {
http.formLogin() .failureHandler(myAuthenctiationFailureHandler) // 自定义登录失败处理
.successHandler(myAuthenctiationSuccessHandler) // 自定义登录成功处理 .and()
.authorizeRequests() //定义哪些url需要保护,哪些url不需要保护 .anyRequest().authenticated()
.and() .sessionManagement().maximumSessions(1) .and() .and() .logout()
.logoutUrl("/logout") .and() .formLogin() .loginPage("/login.html")
//定义当需要用户登录时候,转到的登录页面 .loginProcessingUrl("/meureka/login") // 自定义的登录接口
.permitAll() .defaultSuccessUrl("/index.html").permitAll() .and() .logout()
.permitAll() // 自动登录 .and().rememberMe(); http.csrf().disable(); //解决中文乱码问题
CharacterEncodingFilter filter = new CharacterEncodingFilter();
filter.setEncoding("UTF-8"); filter.setForceEncoding(true);
http.addFilterBefore(filter,CsrfFilter.class); } @Autowired public void
configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication() .withUser("admin") .password("12345678")
.roles("USER"); //在内存中创建了一个用户,该用户的名称为user,密码为password,用户角色为USER } }
在这里我使用了spring-security自定义处理器 来处理登录失败和登陆成功的逻辑,方便前台ajax调用做相关处理业务

登录界面可以使用自己个性化的登录模板,
web.ignoring().antMatchers("/css/**");根据自己的项目进行配置 哪些不需要被拦截的url可以用这个来配置
配置登录账号密码  可以配置多个 auth.inMemoryAuthentication() .withUser("admin")
.password("12345678") .roles("USER");
自定义配置项(根据自己项目配置)



第三步:自定义登录失败处理器  MyAuthenctiationFailureHandler
package com.xcloud.currency.config; import com.alibaba.fastjson.JSONObject;
import com.fasterxml.jackson.databind.ObjectMapper; import
lombok.extern.slf4j.Slf4j; import
org.springframework.beans.factory.annotation.Autowired; import
org.springframework.security.core.AuthenticationException; import
org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component; import
javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import java.io.IOException;
@Slf4j @Component("myAuthenctiationFailureHandler") public class
MyAuthenctiationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Autowired private ObjectMapper objectMapper; @Override public void
onAuthenticationFailure(HttpServletRequest request, HttpServletResponse
response, AuthenticationException exception) throws IOException,
ServletException { log.info("登录失败"); JSONObject res = new JSONObject();
res.put("success",false); res.put("msg","登录失败,请检查账号密码是否正确");
response.setStatus(500);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().append(res.toString()); } }
第四步:自定义登录成功处理器  MyAuthenctiationSuccessHandler
package com.xcloud.currency.config; import com.alibaba.fastjson.JSONObject;
import com.fasterxml.jackson.databind.ObjectMapper; import
lombok.extern.slf4j.Slf4j; import
org.springframework.beans.factory.annotation.Autowired; import
org.springframework.security.core.Authentication; import
org.springframework.security.core.AuthenticationException; import
org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import
org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.stereotype.Component; import
javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import java.io.IOException;
@Slf4j @Component("MyAuthenctiationSuccessHandler") public class
MyAuthenctiationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
@Autowired private ObjectMapper objectMapper; @Override public void
onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse
response, Authentication authentication) throws IOException { log.info("登录成功");
JSONObject res = new JSONObject(); res.put("success",true);
res.put("msg","登录成功"); response.setStatus(200);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().append(res.toString()); } }
登录页面上调用(普通表单形式)



ajax调用
function login() { var username = $("#username").val(); var password =
$("#password").val(); if (username == "" || password == "") {
layer.msg('用户名或密码不能为空', {icon: 2}); return; } $.ajax({ type: "POST", url:
"meureka/login", data: { "username": username, "password": password }, success:
function (e) { layer.msg(e.msg, {icon: 1}); setTimeout(function () {
location.href = 'index.html'; }, 1500); }, error: function (e) {
console.log(e.responseText); layer.msg(JSON.parse(e.responseText).msg, {icon:
2}); } }); }