diff --git a/src/main/java/com/boot/security/server/config/SecurityConfig.java b/src/main/java/com/boot/security/server/config/SecurityConfig.java index c44a6b6..36d8b79 100644 --- a/src/main/java/com/boot/security/server/config/SecurityConfig.java +++ b/src/main/java/com/boot/security/server/config/SecurityConfig.java @@ -1,13 +1,17 @@ package com.boot.security.server.config; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; +import com.boot.security.server.service.UserDetailsServiceImpl; + @EnableGlobalMethodSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @@ -17,6 +21,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { private AuthenticationFailureHandler authenticationFailureHandler; @Autowired private LogoutSuccessHandler logoutSuccessHandler; + @Autowired + private UserDetailsServiceImpl userDetailsServiceImpl; @Override protected void configure(HttpSecurity http) throws Exception { @@ -25,7 +31,23 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { "/webjars/**") .permitAll().anyRequest().authenticated().and().formLogin().loginProcessingUrl("/login") .successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler).and() - .logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler); + .logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler).and().csrf().disable(); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(userDetailsServiceImpl).passwordEncoder(new PasswordEncoder() { + + @Override + public boolean matches(CharSequence rawPassword, String encodedPassword) { + return rawPassword.equals(encodedPassword); + } + + @Override + public String encode(CharSequence rawPassword) { + return rawPassword.toString(); + } + }); } } diff --git a/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java b/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java index dde3a6e..dc8f927 100644 --- a/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java +++ b/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java @@ -1,6 +1,7 @@ package com.boot.security.server.config; import java.io.IOException; +import java.util.stream.Collectors; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -8,12 +9,23 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpStatus; +import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.LockedException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.userdetails.User; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; +import com.alibaba.fastjson.JSONObject; +import com.boot.security.server.dto.ResponseInfo; + +import lombok.extern.slf4j.Slf4j; + +@Slf4j @Configuration public class SecurityHandlerConfig { @@ -29,7 +41,13 @@ public class SecurityHandlerConfig { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { + log.info(request.getRequestURI()); + User user = (User) authentication.getPrincipal(); + log.info("{}", user.getAuthorities().stream().map(a -> a.getAuthority()).collect(Collectors.toSet())); + ResponseInfo info = ResponseInfo.builder().code(HttpStatus.OK.value() + "").message("登录成功").build(); + + writeResponse(response, HttpStatus.OK.value(), JSONObject.toJSONString(info)); } }; } @@ -46,7 +64,16 @@ public class SecurityHandlerConfig { @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { + ResponseInfo info = ResponseInfo.builder().code(HttpStatus.UNAUTHORIZED.value() + "").build(); + if (exception instanceof AuthenticationCredentialsNotFoundException) { + info.setMessage("用户名存在"); + } else if (exception instanceof LockedException) { + info.setMessage("用户被锁定"); + } else if (exception instanceof BadCredentialsException) { + info.setMessage("密码错误"); + } + writeResponse(response, HttpStatus.UNAUTHORIZED.value(), JSONObject.toJSONString(info)); } }; @@ -69,4 +96,16 @@ public class SecurityHandlerConfig { }; } + + public static void writeResponse(HttpServletResponse response, int status, String json) { + try { + response.setHeader("Access-Control-Allow-Origin", "*"); + response.setHeader("Access-Control-Allow-Methods", "*"); + response.setContentType("application/json;charset=UTF-8"); + response.setStatus(status); + response.getWriter().write(json); + } catch (IOException e) { + e.printStackTrace(); + } + } } diff --git a/src/main/java/com/boot/security/server/controller/LoginController.java b/src/main/java/com/boot/security/server/controller/LoginController.java index 0e25b54..b9eb415 100644 --- a/src/main/java/com/boot/security/server/controller/LoginController.java +++ b/src/main/java/com/boot/security/server/controller/LoginController.java @@ -1,15 +1,12 @@ package com.boot.security.server.controller; import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import com.boot.security.server.dto.LoginInfo; - import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import lombok.extern.slf4j.Slf4j; /** * 登陆相关接口 @@ -17,22 +14,16 @@ import io.swagger.annotations.ApiOperation; * @author 小威老师 * */ -@Api(tags = "登陆、退出") +@Slf4j +@Api(tags = "退出") @RestController @RequestMapping public class LoginController { - @ApiOperation(value = "登陆") - @PostMapping("/login") - public void login(@RequestBody LoginInfo info) { - System.out.println(info.getUsername()); - System.out.println(info.getPassword()); - } - @ApiOperation(value = "退出") @GetMapping(value = "/logout", params = "token") public void logout(String token) { - System.out.println(token); + log.info(token); } } diff --git a/src/main/java/com/boot/security/server/dto/LoginInfo.java b/src/main/java/com/boot/security/server/dto/LoginInfo.java deleted file mode 100644 index 7c5596c..0000000 --- a/src/main/java/com/boot/security/server/dto/LoginInfo.java +++ /dev/null @@ -1,16 +0,0 @@ -package com.boot.security.server.dto; - -import java.io.Serializable; - -import lombok.Getter; -import lombok.Setter; - -@Getter -@Setter -public class LoginInfo implements Serializable { - - private static final long serialVersionUID = 4680419308278241260L; - - private String username; - private String password; -} diff --git a/src/main/java/com/boot/security/server/dto/ResponseInfo.java b/src/main/java/com/boot/security/server/dto/ResponseInfo.java new file mode 100644 index 0000000..8e34603 --- /dev/null +++ b/src/main/java/com/boot/security/server/dto/ResponseInfo.java @@ -0,0 +1,18 @@ +package com.boot.security.server.dto; + +import java.io.Serializable; + +import lombok.Builder; +import lombok.Getter; +import lombok.Setter; + +@Getter +@Setter +@Builder +public class ResponseInfo implements Serializable { + + private static final long serialVersionUID = -4417715614021482064L; + + private String code; + private String message; +} diff --git a/src/main/java/com/boot/security/server/service/UserDetailsServiceImpl.java b/src/main/java/com/boot/security/server/service/UserDetailsServiceImpl.java new file mode 100644 index 0000000..8301743 --- /dev/null +++ b/src/main/java/com/boot/security/server/service/UserDetailsServiceImpl.java @@ -0,0 +1,31 @@ +package com.boot.security.server.service; + +import java.util.HashSet; +import java.util.Set; + +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.stereotype.Service; + +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Service +public class UserDetailsServiceImpl implements UserDetailsService { + + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + log.info(username); + Set authorities = new HashSet<>(); + GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("rrr"); + authorities.add(grantedAuthority); + + User user = new User(username, "222", authorities); + return user; + } + +}