Spring Security实现认证

1 重写WebSecurityConfigurerAdapter的configure:配置对http请求的拦截规则

 1 @Configuration
 2 @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 3 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 4 
 5 @Override
 6     protected void configure(HttpSecurity http) throws Exception {
 7 
 8         http
 9                 // CRSF禁用,因为不使用session
10                 .csrf().disable()
11                 // 过滤请求
12                 .authorizeRequests()
13                 // 数据库监控
14                 .antMatchers("/druid/**").permitAll()
15                 // swagger 文档
16                 .antMatchers("/swagger-ui.html").permitAll()
17                 .antMatchers("/swagger/**").permitAll()
18                 .antMatchers("/swagger-resources/**").permitAll()
19                 .antMatchers("/webjars/**").permitAll()
20                 .antMatchers("/*/api-docs").permitAll()
21                 // 文件
22                 .antMatchers("/avatar/**").permitAll()
23                 .antMatchers("/file/**").permitAll()
24                 // 放行OPTIONS请求
25                 .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
26                 // 允许匿名访问的urls - new String[0] 用来告诉toArray方法具体转化成什么类型
27                 // list.toArray(new String[0]);//转化成String数组
28                 // list.toArray(new int[0]);//转化成int数组
29                 .antMatchers(anonymousUrls.toArray(new String[0])).anonymous()
30                 // 除上面外的所有请求全部需要鉴权认证 - 需要认证后才能访问
31                 .anyRequest().authenticated()
32                 .and()
33                 // 防止iframe 造成跨域
34                 .headers().frameOptions().disable();
35         http.
36                 logout().
37                 // 自定义logout要走的url
38                 logoutUrl("/logout").
39                 // 自定义走logout功能时的处理逻辑
40                 logoutSuccessHandler(LogoutSuccessHandler);
41         // 使用自定义的filter,插到security的过滤链中
42         http.addFilterBefore(jwtTokenHandleFilter, UsernamePasswordAuthenticationFilter.class);
43     }

2 实现UserDetailsService

 1 @Service
 2 public class UserDetailsServiceImpl implements UserDetailsService {
 3     
 4     @Override
 5     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 6         UserLocalAuth userLocalAuth = userLocalAuthMapper.selectByUsername(username);
 7         if(userLocalAuth == null){
 8             log.info("用户:{} 不存在", username);
 9             throw new UsernameNotFoundException("用户:" + username + "不存在");
10         }
11         User user = userMapper.selectById(userLocalAuth.getUserId());
12         // 授权 - part1:把当前用户的权限存起来
13         List<Permission> permissionsList =  permissionMapper.findPermissionsByUserId(userLocalAuth.getUserId());
14         return new LoginUser(user, userLocalAuth, permissionsList);
15     }

3 实现 userdetail

 1 public class LoginDetail implements UserDetails { 

posted @ 2020-07-29 15:57  Caesar_the_great  阅读(225)  评论(0编辑  收藏  举报