1.SpringSecurity配置类
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
IUserService userService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/csgo/box/**", "/csgo/**", "/order/**").permitAll()
.and().csrf().disable()
.formLogin()
.loginProcessingUrl("/doLogin")
.permitAll()
//登录失败,返回json
.failureHandler(new AuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
response.setContentType("application/json;charset=utf-8");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
PrintWriter writer = response.getWriter();
CommonResult<String> result;
if (exception instanceof UsernameNotFoundException || exception instanceof BadCredentialsException) {
result = CommonResult.fail("用户名或密码错误");
} else if (exception instanceof DisabledException) {
result = CommonResult.fail("用户无权限");
} else {
result = CommonResult.fail("登录失败");
}
writer.write(new ObjectMapper().writeValueAsString(result));
writer.flush();
writer.close();
}
})
//登陆成功,返回json
.successHandler(new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
response.setContentType("application/json;charset=utf-8");
response.setStatus(HttpServletResponse.SC_OK);
PrintWriter writer = response.getWriter();
User user = (User) authentication.getPrincipal();
writer.write(new ObjectMapper().writeValueAsString(CommonResult.success("success", user)));
writer.flush();
writer.close();
}
})
.and()
.httpBasic()
//未登录时提示
.authenticationEntryPoint(new AuthenticationEntryPoint() {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType("application/json;charset=utf-8");
PrintWriter writer = response.getWriter();
CommonResult<Object> result = new CommonResult<>(401, "请登录");
writer.write(new ObjectMapper().writeValueAsString(result));
writer.flush();
writer.close();
}
})
.and()
//异常处理
.exceptionHandling()
//访问拒绝处理,返回json
.accessDeniedHandler(new AccessDeniedHandler() {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
response.setContentType("application/json;charset=utf-8");
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
PrintWriter writer = response.getWriter();
CommonResult<Object> result = new CommonResult<>(403, "访问被拒绝");
writer.write(new ObjectMapper().writeValueAsString(result));
writer.flush();
writer.close();
}
})
.and()
//注销
.logout()
.logoutUrl("/logout")
.logoutSuccessHandler(new LogoutSuccessHandler() {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
response.setContentType("application/json;charset=utf-8");
response.setStatus(HttpServletResponse.SC_OK);
PrintWriter writer = response.getWriter();
writer.write(new ObjectMapper().writeValueAsString(CommonResult.success("注销成功",null)));
writer.flush();
writer.close();
}
})
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
}
}
2.使用postman测试