SpringBoot用户登录

 

package com.example.service;

import com.example.pojo.User;

public interface UserService {

    User getUserByUsername(String username);

}

 

 

package com.example.service.impl;

import com.example.mapper.UserMapper;
import com.example.pojo.User;
import com.example.service.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

import javax.annotation.Resource;

@Service
public class UserServiceImpl implements UserService {
    private Logger logger = LoggerFactory.getLogger(this.getClass());

    @Resource
    UserMapper userMapper;
    @Override
    public User getUserByUsername(String username) {
        return userMapper.loadUserByUsername(username);
    }
}

 

 

package com.example.vo;

import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;

import java.io.Serializable;

@ApiModel("自定义响应实体类")
public class ResponseResult<T> implements Serializable {
    @ApiModelProperty("响应码")
    private Integer code;
    @ApiModelProperty("响应消息")
    private String message;
    @ApiModelProperty("响应数据")
    private T data;

    public ResponseResult() {
        super();
    }
    public ResponseResult(Integer code) {
        this.code = code;
    }

    public ResponseResult(Integer code, String message) {
        this.code = code;
        this.message = message;
    }

    public ResponseResult(Integer code, T data) {
        this.code = code;
        this.data = data;
    }

    public ResponseResult(String message, T data) {
        this.message = message;
        this.data = data;
    }

    public ResponseResult(Integer code, String message, T data) {
        this.code = code;
        this.message = message;
        this.data = data;
    }

    public Integer getCode() {
        return code;
    }

    public void setCode(Integer code) {
        this.code = code;
    }

    public String getMessage() {
        return message;
    }

    public void setMessage(String message) {
        this.message = message;
    }

    public T getData() {
        return data;
    }

    public void setData(T data) {
        this.data = data;
    }

    @Override
    public String toString() {
        return "ResponseResult{" +
                "code=" + code +
                ", message='" + message + '\'' +
                ", data=" + data +
                '}';
    }
}

 

 

package com.example.controller;

import com.example.pojo.User;
import com.example.service.UserService;
import com.example.vo.ResponseResult;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;

@Api(tags="登录控制器")
@Controller
public class LoginController {
    private Logger logger = LoggerFactory.getLogger(this.getClass());

    @Resource
//    @Autowired
    private UserService userService;

    @RequestMapping(value = "/loginPage")
    public String loginPage(Authentication auth) {
            System.out.println("--------/login------------");
            return "/loginPage";
    }

//    @RequestMapping(value = "/login")
//    public String login() {
//            System.out.println("--------/login-----books-------");
////            return "/index";
//            return "/books";
//    }

    /**
     * 登录成功处理
     * @return 返回用户登录信息,包括权限角色
     */
    @ApiOperation("登录成功处理,返回用户登录信息,包括权限角色")
    @RequestMapping("/login/success")
//    @ResponseBody
//    public ResponseResult<User> loginSuccess()  {
    public String loginSuccess(Model model)  {
        String username = SecurityContextHolder.getContext().getAuthentication().getName();
        logger.info("=====/login/success===loginSuccess========"+username);
        User user = userService.getUserByUsername(username);
        model.addAttribute("h1_text", "this is a index page!");
        model.addAttribute("username", username);
        model.addAttribute("user", user);
//        return new ResponseResult<>("success",user);System.out.println("--------/login-----books-------");
            return "/index";
    }

    /**
     * 登录异常处理
     * @return 返回错误码给前端显示
     */
    @RequestMapping("/login/error")
    @ApiOperation("登录异常处理")
    @ResponseBody
    public ResponseResult<String> loginFail() {
        return new ResponseResult<>(602,"用户名或密码不正确");
    }

    /**
     * 登录过期处理
     * @return
     */
    @ApiOperation("登录过期处理")
    @RequestMapping("/login/invalid")
    @ResponseBody
    public String invalid() {
        return "session信息已过期,请重新登录";
    }


    /**
     * 判断该用户是否登录
     * @return 返回true/false
     */
    @GetMapping("/login/isLogin")
    @ResponseBody
    @ApiOperation("判断用户是否登录,返回true/false")
    public ResponseResult<Boolean> login(){
        try {
            String username = SecurityContextHolder.getContext().getAuthentication().getName();
            logger.info("判断用户是否登录,用户名:"+username);
            if (username == null || "anonymousUser".equals(username)){
                return  new ResponseResult<>("success",false);
            }else {
                return  new ResponseResult<>("success",true);
            }
        }catch (NullPointerException e){
            return  new ResponseResult<>(514,"用户信息已过期",false);
        }
    }

    @RequestMapping("/")
    public String root() {
        return "/index";
    }

//    public User getUser() { //为了session从获取用户信息,可以配置如下
//        User user = new User();
//        SecurityContext ctx = SecurityContextHolder.getContext();
//        Authentication auth = ctx.getAuthentication();
//        if (auth.getPrincipal() instanceof UserDetails) user = (User) auth.getPrincipal();
//        return user;
//    }

    public HttpServletRequest getRequest() {
        return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
    }

}

 

 

package com.example.security;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Component
public class DemoLoginSuccessHandler implements AuthenticationSuccessHandler {
    private static final Logger logger = LoggerFactory.getLogger(DemoLoginSuccessHandler.class);
    @Override
    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        logger.info("登录成功");
        logger.info("登录信息:"+authentication.getDetails().toString());
        //取出登录IP地址
        String username = authentication.getName();
        logger.info("登录用户名:"+username);
        httpServletResponse.sendRedirect("login/success");
    }

}

 

 

package com.example.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
@Component
public class DemoLoginFailureHandler implements AuthenticationFailureHandler {

    private static final Logger logger = LoggerFactory.getLogger(DemoLoginFailureHandler.class);

    private ObjectMapper objectMapper = new ObjectMapper();

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {


        String username = request.getParameter("username");
        response.setContentType("application/json;charset=UTF-8");
        String message = null;
        if(exception instanceof UsernameNotFoundException){
            message = "用户名["+username+"]不存在!";
        }else if (exception instanceof BadCredentialsException) {
            message = "用户名或密码错误!";
        }else if(exception instanceof SessionAuthenticationException){
            message = "该账户已经登录!无法再次登录!";
        }else{
            if(exception.getMessage()!=null){
                message = exception.getMessage();
            }else {

                message = "登录失败!";
            }
        }
        HashMap<String, String> map = new HashMap<>(16);
        map.put("message",message);
        map.put("code","40000");
        response.getWriter().write(objectMapper.writeValueAsString(map));

        logger.info("用户["+username+"]登录失败,原因:"+message);

    }
}

 

 

package com.example.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

@Component
public class DemoLogoutSuccessHandler implements LogoutSuccessHandler {
    private static final Logger logger = LoggerFactory.getLogger(DemoLogoutSuccessHandler.class);
    private ObjectMapper objectMapper = new ObjectMapper();
    @Override
    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        if(authentication==null){
            logger.warn("用户未登录!");
            return;
        }
        String username = ((User) authentication.getPrincipal()).getUsername();
        logger.info("["+username+"]退出登录");
        this.removeSession(httpServletRequest);
        // 重定向到登录页
        Map<String,Object> map =  new HashMap<>(16);
        map.put("code",200);
        map.put("data","success");
        // Map -> Json
        String json = objectMapper.writeValueAsString(map);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("application/json; charset=utf-8");
        httpServletResponse.getWriter().write(json);
    }

    /**
     * 移除登录用户的session
     * @param request
     */
    private void removeSession(HttpServletRequest request) {
        HttpSession session = request.getSession();
        // 手动让系统中的session失效 。
        session.invalidate();
    }

}

 

 

package com.example.security;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

import javax.annotation.Resource;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Configuration
@EnableWebSecurity
public class DemoSecurityConfig extends WebSecurityConfigurerAdapter {
    private static final Logger logger = LoggerFactory.getLogger(DemoSecurityConfig.class);

    @Autowired
    DemoUserDetailsService demoUserDetailsService;

    @Resource
    private DemoLoginSuccessHandler demoLoginSuccessHandler;
    @Resource
    private DemoLoginFailureHandler demoLoginFailureHandler;
    @Resource
    private DemoLogoutSuccessHandler demoLogoutSuccessHandler;

    @Bean
    public PasswordEncoder passwordEncoder(){
//        return NoOpPasswordEncoder.getInstance();
        return new BCryptPasswordEncoder();
    }

    @Bean
    DemoFilterInvocationSecurityMetadataSource dfisms() {
        return new DemoFilterInvocationSecurityMetadataSource();
    }
    @Bean
    DemoAccessDecisionManager dadm() {
        return new DemoAccessDecisionManager();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.userDetailsService(userService);
        auth.userDetailsService(demoUserDetailsService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        logger.info("==============configure==================================");
//        super.configure(http);
        http.csrf().disable();
        http.authorizeRequests() //对请求进行授权
//                .antMatchers("/loginPage.html").permitAll()
//                .antMatchers("/**").permitAll()
//                .antMatchers("/admin/**").hasRole("admin")
//                .antMatchers("/db/**").hasRole("dba")
//                .antMatchers("/user/**").hasRole("user")
                .anyRequest() //任何请求
                .authenticated()//都要进行身份认证
                .and()
            .formLogin()//表单登录
                .loginPage("/loginPage")//登录页面
//                .loginPage("/loginPage.html")
                .loginProcessingUrl("/login")
                //设置登录成功
                .successHandler(demoLoginSuccessHandler)
                .failureHandler(demoLoginFailureHandler)
                .permitAll()//和登录相关的接口都不需要认证即可访问
                .and()
            .logout()
                .logoutUrl("/logout")
                .logoutSuccessHandler(demoLogoutSuccessHandler)
                .deleteCookies("JSESSIONID");

//        http.authorizeRequests()
//                .withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
//                    @Override
//                    public <O extends FilterSecurityInterceptor> O postProcess(O object) {
//                        object.setSecurityMetadataSource(dfisms());
//                        object.setAccessDecisionManager(dadm());
//                        return object;
//                    }
//                })
//                .anyRequest() //任何请求
//                .authenticated()//都要进行身份认证
//                .and()
//            .formLogin()//表单登录
//                .loginPage("/loginPage")//登录页面
////                .loginPage("/loginPage.html")
//                .loginProcessingUrl("/login")
//                //设置登录成功
//                .successHandler(demoLoginSuccessHandler)
//                .permitAll();//和登录相关的接口都不需要认证即可访问

//        http.authorizeRequests().
//                antMatchers("/static/**").permitAll().anyRequest().authenticated().
//                and().formLogin().loginPage("/login").permitAll().successHandler(loginSuccessHandler()).
//                and().logout().permitAll().invalidateHttpSession(true).
//                deleteCookies("JSESSIONID").logoutSuccessHandler(logoutSuccessHandler()).
//                and().sessionManagement().maximumSessions(10).expiredUrl("/login");

    }

    //======================================================================

    /**
     * 配置忽略的静态文件,不加的话,登录之前页面的css,js不能正常使用,得登录之后才能正常.
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        // 忽略URL
//        web.ignoring().antMatchers("/**/*.js", "/lang/*.json", "/**/*.css", "/**/*.js", "/**/*.map", "/**/*.html",
//                "/**/*.png");
        // 设置拦截忽略文件夹,可以对静态资源放行
        web.ignoring()
                .antMatchers("/swagger-ui.html")
                .antMatchers("/v2/**")
                .antMatchers("/swagger-resources/**")
                .antMatchers("/loginPage.html")
                .antMatchers("/static/css/**", "/static/js/**","/static/fonts/**","/static/img/**","/img/**", "/js/**","/fonts/**","/css/**","/static/**");
    }

    @Bean
    public LogoutSuccessHandler logoutSuccessHandler() { //登出处理
        return new LogoutSuccessHandler() {
            @Override
            public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {

            }
//            @Override
//            public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
//                try {
//                    SecurityUser user = (SecurityUser) authentication.getPrincipal();
////                    logger.info("USER : " + user.getUsername() + " LOGOUT SUCCESS !  ");
//                } catch (Exception e) {
////                    logger.info("LOGOUT EXCEPTION , e : " + e.getMessage());
//                }
//                httpServletResponse.sendRedirect("/login");
//            }
        };
    }

    @Bean
    public SavedRequestAwareAuthenticationSuccessHandler loginSuccessHandler() { //登入处理
        return new SavedRequestAwareAuthenticationSuccessHandler() {
            @Override
            public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
                User userDetails = (User) authentication.getPrincipal();
                logger.info("USER : " + userDetails.getUsername() + " LOGIN SUCCESS !  ");
                super.onAuthenticationSuccess(request, response, authentication);
            }
        };
    }

//    @Bean
//    UserDetailsService demoUserDetailsService() {
//        return new DemoUserDetailsService();
//    }

    @Bean
    public UserDetailsService userDetailsService() {    //用户登录实现

//        return new DemoUserDetailsService();
        return new UserDetailsService() {
            //            @Override
//            public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
//                return null;
//            }
//            @Autowired
//            private UserRepository userRepository;
            @Resource
            private PasswordEncoder passwordEncoder;

            @Override
            public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
                logger.info("=-======loadUserByUsername======-=-========d================"+username);
//                User user = userRepository.findByUsername(s);
//                if (user == null) throw new UsernameNotFoundException("Username " + s + " not found");
//                return new SecurityUser(user);
                return new User(username,passwordEncoder.encode("123456"),
                        true,true,true,true,
                        AuthorityUtils.commaSeparatedStringToAuthorityList("admin"));
            }
        };
    }

//    @Autowired
//    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
//        auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
//        auth.eraseCredentials(false);
//    }
}

 

posted @ 2021-04-05 18:03  残星  阅读(264)  评论(0编辑  收藏  举报