1

2017-10-14 09:59:56 +08:00 · 2017-10-14 09:59:56 +08:00 · 35cf0df44e
parent 0ed9de7ec4
commit 35cf0df44e
6 changed files with 115 additions and 30 deletions
--- a/src/main/java/com/boot/security/server/config/SecurityConfig.java
+++ b/src/main/java/com/boot/security/server/config/SecurityConfig.java
@ -1,13 +1,17 @@
 package com.boot.security.server.config;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 import com.boot.security.server.service.UserDetailsServiceImpl;
@EnableGlobalMethodSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
@ -17,6 +21,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	private AuthenticationFailureHandler authenticationFailureHandler;
 	@Autowired
 	private LogoutSuccessHandler logoutSuccessHandler;
 	@Autowired
 	private UserDetailsServiceImpl userDetailsServiceImpl;
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
@ -25,7 +31,23 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 						"/webjars/**")
 				.permitAll().anyRequest().authenticated().and().formLogin().loginProcessingUrl("/login")
 				.successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler).and()
-				.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
+				.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler).and().csrf().disable();
 	}
 	@Override
 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 		auth.userDetailsService(userDetailsServiceImpl).passwordEncoder(new PasswordEncoder() {
 			@Override
 			public boolean matches(CharSequence rawPassword, String encodedPassword) {
 				return rawPassword.equals(encodedPassword);
 			}
 			@Override
 			public String encode(CharSequence rawPassword) {
 				return rawPassword.toString();
 			}
 		});
 	}
 }
--- a/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java
+++ b/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java
@ -1,6 +1,7 @@
 package com.boot.security.server.config;
 import java.io.IOException;
 import java.util.stream.Collectors;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@ -8,12 +9,23 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.LockedException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 import com.alibaba.fastjson.JSONObject;
 import com.boot.security.server.dto.ResponseInfo;
 import lombok.extern.slf4j.Slf4j;
@Slf4j
@Configuration
 public class SecurityHandlerConfig {
@ -29,7 +41,13 @@ public class SecurityHandlerConfig {
 			@Override
 			public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 					Authentication authentication) throws IOException, ServletException {
 				log.info(request.getRequestURI());
 				User user = (User) authentication.getPrincipal();
 				log.info("{}", user.getAuthorities().stream().map(a -> a.getAuthority()).collect(Collectors.toSet()));
 				ResponseInfo info = ResponseInfo.builder().code(HttpStatus.OK.value() + "").message("登录成功").build();
 				writeResponse(response, HttpStatus.OK.value(), JSONObject.toJSONString(info));
 			}
 		};
 	}
@ -46,7 +64,16 @@ public class SecurityHandlerConfig {
 			@Override
 			public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 					AuthenticationException exception) throws IOException, ServletException {
 				ResponseInfo info = ResponseInfo.builder().code(HttpStatus.UNAUTHORIZED.value() + "").build();
 				if (exception instanceof AuthenticationCredentialsNotFoundException) {
 					info.setMessage("用户名存在");
 				} else if (exception instanceof LockedException) {
 					info.setMessage("用户被锁定");
 				} else if (exception instanceof BadCredentialsException) {
 					info.setMessage("密码错误");
 				}
 				writeResponse(response, HttpStatus.UNAUTHORIZED.value(), JSONObject.toJSONString(info));
 			}
 		};
@ -69,4 +96,16 @@ public class SecurityHandlerConfig {
 		};
 	}
 	public static void writeResponse(HttpServletResponse response, int status, String json) {
 		try {
 			response.setHeader("Access-Control-Allow-Origin", "*");
 			response.setHeader("Access-Control-Allow-Methods", "*");
 			response.setContentType("application/json;charset=UTF-8");
 			response.setStatus(status);
 			response.getWriter().write(json);
 		} catch (IOException e) {
 			e.printStackTrace();
 		}
 	}
 }
--- a/src/main/java/com/boot/security/server/controller/LoginController.java
+++ b/src/main/java/com/boot/security/server/controller/LoginController.java
@ -1,15 +1,12 @@
 package com.boot.security.server.controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.boot.security.server.dto.LoginInfo;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
 /**
 * 登陆相关接口
@ -17,22 +14,16 @@ import io.swagger.annotations.ApiOperation;
 * @author 小威老师
 *
 */
-@Api(tags = "登陆、退出")
+@Slf4j
@Api(tags = "退出")
@RestController
@RequestMapping
 public class LoginController {
 	@ApiOperation(value = "登陆")
 	@PostMapping("/login")
 	public void login(@RequestBody LoginInfo info) {
 		System.out.println(info.getUsername());
 		System.out.println(info.getPassword());
 	}
 	@ApiOperation(value = "退出")
 	@GetMapping(value = "/logout", params = "token")
 	public void logout(String token) {
-		System.out.println(token);
+		log.info(token);
 	}
 }
--- a/src/main/java/com/boot/security/server/dto/LoginInfo.java
+++ b/src/main/java/com/boot/security/server/dto/LoginInfo.java
@ -1,16 +0,0 @@
 package com.boot.security.server.dto;
 import java.io.Serializable;
 import lombok.Getter;
 import lombok.Setter;
@Getter
@Setter
 public class LoginInfo implements Serializable {
 	private static final long serialVersionUID = 4680419308278241260L;
 	private String username;
 	private String password;
 }
--- a/src/main/java/com/boot/security/server/dto/ResponseInfo.java
+++ b/src/main/java/com/boot/security/server/dto/ResponseInfo.java
@ -0,0 +1,18 @@
 package com.boot.security.server.dto;
 import java.io.Serializable;
 import lombok.Builder;
 import lombok.Getter;
 import lombok.Setter;
@Getter
@Setter
@Builder
 public class ResponseInfo implements Serializable {
 	private static final long serialVersionUID = -4417715614021482064L;
 	private String code;
 	private String message;
 }
--- a/src/main/java/com/boot/security/server/service/UserDetailsServiceImpl.java
+++ b/src/main/java/com/boot/security/server/service/UserDetailsServiceImpl.java
@ -0,0 +1,31 @@
 package com.boot.security.server.service;
 import java.util.HashSet;
 import java.util.Set;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 import lombok.extern.slf4j.Slf4j;
@Slf4j
@Service
 public class UserDetailsServiceImpl implements UserDetailsService {
 	@Override
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 		log.info(username);
 		Set<GrantedAuthority> authorities = new HashSet<>();
 		GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("rrr");
 		authorities.add(grantedAuthority);
 		User user = new User(username, "222", authorities);
 		return user;
 	}
 }