SpringSecurity 使用过后的感受

SpringSecurity 一款权限框架，第一次配置真的是搞毛了。

首先导包

        
            org.springframework.boot
            spring-boot-starter-security
        

 /*@Override
    public void configure(HttpSecurity http) throws Exception {
        // 请求进行拦截 验证 accessToken
        http
                .authorizeRequests()
// .antMatchers("/api-user/web/**").hasAnyAuthority("SuperAdmin", "SysAdmin")
                ///任何请求,登录后可以访问
                .anyRequest()
                .authenticated()
                //允许所有用户访问与基于表单的登出
                .and()
                .logout()//设置登出
                .permitAll()
                //允许所有用户访问与基于表单的登录
                .and()
                .formLogin()//设置表单登录
                .usernameParameter("username").passwordParameter("password")//设置验证的字段
                .loginPage("http://localhost:63343/tm_web/login.html")//设置登录页面
                .loginProcessingUrl("/api-user/public/storeUser/managerUserLogin")//设置请求登录接口
                .successHandler(myAuthenctiationSuccessHandler) // 自定义登录成功处理
                .failureHandler(myAuthenctiationFailureHandler) // 自定义登录失败处理
                //解决跨域
                .and()
                .cors()
                // 关闭csrf防护
                .and()
                .csrf()
                .disable();
    }*/

//登录失败
@Component("myAuthenctiationFailureHandler")
public class MyAuthenctiationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private ObjectMapper objectMapper;

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
                                        AuthenticationException exception) throws IOException, ServletException {

        logger.info("登录失败");

        response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
        response.setContentType("application/json;charset=UTF-8");
       // response.getWriter().write(objectMapper.writeValueAsString(new BaseResponse(exception.getMessage())));
        JSONObject jsonObject = new JSONObject();
        jsonObject.put("state", "200");
        jsonObject.put("message", "登录失败");
        jsonObject.put("objectMapper", objectMapper.writeValueAsString(new BaseResponse(exception.getMessage())));
        response.getWriter().write(jsonObject.toJSONString());
        ServletOutputStream out = response.getOutputStream();
        out.flush();
        out.close();
    }
}

//登陆成功
@Component("myAuthenctiationSuccessHandler")
public class MyAuthenctiationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {


    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    private JwtTokenUtil jwtTokenUtil;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                        Authentication authentication) throws IOException, ServletException {

        System.out.println("登录成功");
        UserDetails userDetails = (UserDetails) authentication.getPrincipal();
        SecurityContextHolder.getContext().setAuthentication(authentication);
        String token = jwtTokenUtil.generateToken(userDetails);
        response.setContentType("application/json;charset=UTF-8");
        //  response.getWriter().write(objectMapper.writeValueAsString(authentication));
        JSONObject jsonObject = new JSONObject();
        jsonObject.put("state", "200");
        jsonObject.put("message", "登录成功");
        jsonObject.put("token", token);
        jsonObject.put("objectMapper", objectMapper.writeValueAsString(authentication));
        response.getWriter().write(jsonObject.toJSONString());
        ServletOutputStream out = response.getOutputStream();
        out.flush();
        out.close();
    }
}