diff --git a/src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java b/src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java index 5c50d4c..cd433d2 100644 --- a/src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java +++ b/src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java @@ -1,9 +1,14 @@ package com.aiprose.scauth.conf; +import com.aiprose.scauth.handler.AuthLimitHandler; +import com.aiprose.scauth.handler.LoginSuccessHandler; import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; /** * @author nelson @@ -13,7 +18,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur * @since 1.0 */ @Configuration -public class WebSecurityConfig extends WebSecurityConfigurerAdapter{ +@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true) +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure(WebSecurity web) throws Exception { // super.configure(web); @@ -21,6 +27,22 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter{ @Override protected void configure(HttpSecurity http) throws Exception { -// super.configure(http); + super.configure(http); + http.formLogin().successHandler(new LoginSuccessHandler()); + + //权限不足 + http.exceptionHandling().accessDeniedHandler(new AuthLimitHandler()); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()) + .withUser("nelson").password(new BCryptPasswordEncoder().encode("123456")).roles("admin") + .and() + .withUser("yasaka").password(new BCryptPasswordEncoder().encode("123456")).roles("user") + .and() + .withUser("one").password(new BCryptPasswordEncoder().encode("123456")).roles("gest") + .and() + .withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("root"); } } diff --git a/src/main/java/com/aiprose/scauth/controller/TestAuthController.java b/src/main/java/com/aiprose/scauth/controller/TestAuthController.java new file mode 100644 index 0000000..121d49e --- /dev/null +++ b/src/main/java/com/aiprose/scauth/controller/TestAuthController.java @@ -0,0 +1,36 @@ +package com.aiprose.scauth.controller; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +import javax.annotation.security.RolesAllowed; + +/** + * @author nelson + * @desc TODO + * @company 北京中经网软件有限公司 + * @date 2020/11/27 16:42 + * @since 1.0 + */ +@RestController +public class TestAuthController { + + @Secured("ROLE_root") //需要加前缀 + @GetMapping("root") + public String root(){ + return "root"; + } + @PreAuthorize("hasAnyRole('root','admin')") + @GetMapping("admin") + public String gest(){ + return "admin"; + } + + @RolesAllowed("user") + @GetMapping("user") + public String user(){ + return "user"; + } +} diff --git a/src/main/java/com/aiprose/scauth/handler/AuthLimitHandler.java b/src/main/java/com/aiprose/scauth/handler/AuthLimitHandler.java new file mode 100644 index 0000000..8b8f9f9 --- /dev/null +++ b/src/main/java/com/aiprose/scauth/handler/AuthLimitHandler.java @@ -0,0 +1,29 @@ +package com.aiprose.scauth.handler; + +import lombok.extern.slf4j.Slf4j; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.access.AccessDeniedHandler; +import org.springframework.security.web.authentication.AuthenticationFailureHandler; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * @author nelson + * @desc 权限不足 + * @company 北京中经网软件有限公司 + * @date 2020/11/27 16:50 + * @since 1.0 + */ +@Slf4j +public class AuthLimitHandler implements AccessDeniedHandler { + + @Override + public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { + log.error("你没有权限访问网址{}",request.getRequestURI()); + response.sendError(403); + } +} diff --git a/src/main/java/com/aiprose/scauth/handler/LoginSuccessHandler.java b/src/main/java/com/aiprose/scauth/handler/LoginSuccessHandler.java new file mode 100644 index 0000000..ffde943 --- /dev/null +++ b/src/main/java/com/aiprose/scauth/handler/LoginSuccessHandler.java @@ -0,0 +1,27 @@ +package com.aiprose.scauth.handler; + +import org.springframework.security.core.Authentication; +import org.springframework.security.web.authentication.AuthenticationSuccessHandler; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * @author nelson + * @desc TODO + * @company 北京中经网软件有限公司 + * @date 2020/11/27 16:15 + * @since 1.0 + */ +public class LoginSuccessHandler implements AuthenticationSuccessHandler { + @Override + public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { + System.out.println("login success"); + System.out.println(authentication.getDetails()); + System.out.println(authentication.getAuthorities()); + System.out.println(authentication.getCredentials()); + System.out.println(authentication.getPrincipal()); + } +}