内存添加零时用户 & 权限校验

3 years ago · 608708d239
4 changed files with 116 additions and 2 deletions
--- a/src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java
+++ b/src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java
@ -1,9 +1,14 @@
 package com.aiprose.scauth.conf;

+import com.aiprose.scauth.handler.AuthLimitHandler;
+import com.aiprose.scauth.handler.LoginSuccessHandler;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

 /**
 * @author nelson
@ -13,7 +18,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 * @since 1.0
 */
@Configuration
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
+@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true)
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(WebSecurity web) throws Exception {
 //        super.configure(web);
@ -21,6 +27,22 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

    @Override
    protected void configure(HttpSecurity http) throws Exception {
-//        super.configure(http);
+        super.configure(http);
+        http.formLogin().successHandler(new LoginSuccessHandler());
+
+        //权限不足
+        http.exceptionHandling().accessDeniedHandler(new AuthLimitHandler());
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
+                .withUser("nelson").password(new BCryptPasswordEncoder().encode("123456")).roles("admin")
+                .and()
+                .withUser("yasaka").password(new BCryptPasswordEncoder().encode("123456")).roles("user")
+                .and()
+                .withUser("one").password(new BCryptPasswordEncoder().encode("123456")).roles("gest")
+                .and()
+                .withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("root");
    }
 }
--- a/src/main/java/com/aiprose/scauth/controller/TestAuthController.java
+++ b/src/main/java/com/aiprose/scauth/controller/TestAuthController.java
@ -0,0 +1,36 @@
+package com.aiprose.scauth.controller;
+
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.annotation.security.RolesAllowed;
+
+/**
+ * @author nelson
+ * @desc TODO
+ * @company 北京中经网软件有限公司
+ * @date 2020/11/27 16:42
+ * @since 1.0
+ */
+@RestController
+public class TestAuthController {
+
+    @Secured("ROLE_root") //需要加前缀
+    @GetMapping("root")
+    public String root(){
+        return "root";
+    }
+    @PreAuthorize("hasAnyRole('root','admin')")
+    @GetMapping("admin")
+    public String gest(){
+        return "admin";
+    }
+
+    @RolesAllowed("user")
+    @GetMapping("user")
+    public String user(){
+        return "user";
+    }
+}
--- a/src/main/java/com/aiprose/scauth/handler/AuthLimitHandler.java
+++ b/src/main/java/com/aiprose/scauth/handler/AuthLimitHandler.java
@ -0,0 +1,29 @@
+package com.aiprose.scauth.handler;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author nelson
+ * @desc 权限不足
+ * @company 北京中经网软件有限公司
+ * @date 2020/11/27 16:50
+ * @since 1.0
+ */
+@Slf4j
+public class AuthLimitHandler implements AccessDeniedHandler {
+
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
+        log.error("你没有权限访问网址{}",request.getRequestURI());
+        response.sendError(403);
+    }
+}
--- a/src/main/java/com/aiprose/scauth/handler/LoginSuccessHandler.java
+++ b/src/main/java/com/aiprose/scauth/handler/LoginSuccessHandler.java
@ -0,0 +1,27 @@
+package com.aiprose.scauth.handler;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author nelson
+ * @desc TODO
+ * @company 北京中经网软件有限公司
+ * @date 2020/11/27 16:15
+ * @since 1.0
+ */
+public class LoginSuccessHandler implements AuthenticationSuccessHandler {
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+        System.out.println("login success");
+        System.out.println(authentication.getDetails());
+        System.out.println(authentication.getAuthorities());
+        System.out.println(authentication.getCredentials());
+        System.out.println(authentication.getPrincipal());
+    }
+}