springboot前后端分离实现spring security

程序员文章站 2022-03-15 11:42:29

...

1、引入spring security依赖

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

2、定义与前端交互返回的数据类

@Data
@NoArgsConstructor
@AllArgsConstructor
@ToString
public class ResultResponse implements java.io.Serializable {
    private int code;
    private String message;
    private Object data;
}

3、自定义security安全拦截状态以JSON格式返回前端

这是我的目录结构
springboot前后端分离实现spring security
登录成功

@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler {
    @Autowired
    RedisUtil redisUtil;
    @Override
    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        String token = redisUtil.get("token");
        ResultResponse resultResponse = new ResultResponse(Constans.STATUS_OK,Constans.MESSAGE_OK,new Token(token));
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.getWriter().write(JSON.toJSONString(resultResponse));
    }
}

登录失败

@Component
public class LoginFailHandler implements AuthenticationFailureHandler {
    @Override
    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
        ResultResponse resultResponse = new ResultResponse(Constans.STATUS_FAIL,Constans.MESSAGE_FAIL+"登录失败",null);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.getWriter().write(JSON.toJSONString(resultResponse));
    }
}

无权访问

@Component
public class NoRightAccessHandler implements AccessDeniedHandler {
    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
        ResultResponse resultResponse = new ResultResponse(Constans.STATUS_FAIL,Constans.MESSAGE_FAIL+"您无权访问",null);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.getWriter().write(JSON.toJSONString(resultResponse));
    }
}

未登录

@Component
public class NotLoginEntryPoint implements AuthenticationEntryPoint {
    @Override
    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
        ResultResponse resultResponse = new ResultResponse(Constans.STATUS_FAIL,Constans.MESSAGE_FAIL+"无访问权限，请先登录",null);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.getWriter().write(JSON.toJSONString(resultResponse));
    }
}

注销成功

@Component
public class ReqLogoutSuccessHandler implements LogoutSuccessHandler {
    @Override
    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        ResultResponse resultResponse = new ResultResponse(Constans.STATUS_FAIL,Constans.MESSAGE_FAIL+"注销成功",null);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.getWriter().write(JSON.toJSONString(resultResponse));
    }
}

3、配置登录拦截全局配置类securityConfig

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    //注入未登录返回状态类
    @Autowired
    NotLoginEntryPoint notLoginEntryPoint;
    //注入登录成功返回状态类
    @Autowired
    LoginSuccessHandler loginSuccessHandler;
    //注入登录失败返回状态类
    @Autowired
    LoginFailHandler loginFailHandler;
    //注入退出返回状态类
    @Autowired
    ReqLogoutSuccessHandler reqLogoutSuccessHandler;
    //注入无权访问返回状态类
    @Autowired
    NoRightAccessHandler noRightAccessHandler;
    //密码编码器，使用BCrypt加密算法加密
    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    //安全拦截机制
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()  //屏蔽csrf控制，csrf为跨站请求伪造
                .httpBasic().authenticationEntryPoint(notLoginEntryPoint)
                .and()
                .authorizeRequests()
                .antMatchers("/**/**").anonymous() //允许不需要授权就可以访问
                .anyRequest()
                .authenticated()// 其他 url 需要身份认证
                .and()
                .formLogin()  //开启登录
                .loginProcessingUrl("/user/login")//登录处理地址
                .usernameParameter("userId")//定义登录时，用户名的参数名，默认为 username
                .passwordParameter("password")//定义登录时，密码的参数名，默认为 password
                .successHandler(loginSuccessHandler) // 登录成功
                .failureHandler(loginFailHandler) // 登录失败
                .and()
                .logout()
                .logoutSuccessHandler(reqLogoutSuccessHandler)  //注销成功
                .permitAll()
                .and()
                .cors();//允许跨域，如果springboot/springmvc已有跨域配置，自动采用springboot/springmvc跨域配置
        http.exceptionHandling().accessDeniedHandler(noRightAccessHandler); // 无权访问 JSON 格式的数据

    }
}

相关标签： security 安全经验分享程序人生

上一篇： 6-2 折半查找的实现（10 分）

下一篇： scratch文件怎么转换为可执行文件? 把scratch转为exe的技巧

springboot前后端分离实现spring security

1、引入spring security依赖

2、定义与前端交互返回的数据类

3、自定义security安全拦截状态以JSON格式返回前端

3、配置登录拦截全局配置类securityConfig

SpringBoot+Vue.js实现前后端分离的文件上传功能

vue+springboot前后端分离实现单点登录跨域问题解决方法

基于Spring Security前后端分离的权限控制系统问题

SpringBoot集成Spring security JWT实现接口权限认证

SSM:Spring+SpringMVC+MyBatis（实现前后端分离）

Spring Boot + Vue前后端分离（三）实现登录功能

搭建spring-boot+vue前后端分离框架并实现登录功能

Spring Boot 实现前后端分离

spring boot环境下实现restful+前后端分离的网页开发

ajax + vue + springboot + Restful实现前后端分离项目