Pārlūkot izejas kodu

内存添加零时用户 & 权限校验

master
燕鹏 pirms 4 gadiem
vecāks
revīzija
608708d239
  1. 26
      src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java
  2. 36
      src/main/java/com/aiprose/scauth/controller/TestAuthController.java
  3. 29
      src/main/java/com/aiprose/scauth/handler/AuthLimitHandler.java
  4. 27
      src/main/java/com/aiprose/scauth/handler/LoginSuccessHandler.java

26
src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java

@ -1,9 +1,14 @@
package com.aiprose.scauth.conf;
import com.aiprose.scauth.handler.AuthLimitHandler;
import com.aiprose.scauth.handler.LoginSuccessHandler;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
/**
* @author nelson
@ -13,7 +18,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
* @since 1.0
*/
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
// super.configure(web);
@ -21,6 +27,22 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
// super.configure(http);
super.configure(http);
http.formLogin().successHandler(new LoginSuccessHandler());
//权限不足
http.exceptionHandling().accessDeniedHandler(new AuthLimitHandler());
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("nelson").password(new BCryptPasswordEncoder().encode("123456")).roles("admin")
.and()
.withUser("yasaka").password(new BCryptPasswordEncoder().encode("123456")).roles("user")
.and()
.withUser("one").password(new BCryptPasswordEncoder().encode("123456")).roles("gest")
.and()
.withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("root");
}
}

36
src/main/java/com/aiprose/scauth/controller/TestAuthController.java

@ -0,0 +1,36 @@
package com.aiprose.scauth.controller;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.security.RolesAllowed;
/**
* @author nelson
* @desc TODO
* @company 北京中经网软件有限公司
* @date 2020/11/27 16:42
* @since 1.0
*/
@RestController
public class TestAuthController {
@Secured("ROLE_root") //需要加前缀
@GetMapping("root")
public String root(){
return "root";
}
@PreAuthorize("hasAnyRole('root','admin')")
@GetMapping("admin")
public String gest(){
return "admin";
}
@RolesAllowed("user")
@GetMapping("user")
public String user(){
return "user";
}
}

29
src/main/java/com/aiprose/scauth/handler/AuthLimitHandler.java

@ -0,0 +1,29 @@
package com.aiprose.scauth.handler;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @author nelson
* @desc 权限不足
* @company 北京中经网软件有限公司
* @date 2020/11/27 16:50
* @since 1.0
*/
@Slf4j
public class AuthLimitHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
log.error("你没有权限访问网址{}",request.getRequestURI());
response.sendError(403);
}
}

27
src/main/java/com/aiprose/scauth/handler/LoginSuccessHandler.java

@ -0,0 +1,27 @@
package com.aiprose.scauth.handler;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @author nelson
* @desc TODO
* @company 北京中经网软件有限公司
* @date 2020/11/27 16:15
* @since 1.0
*/
public class LoginSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
System.out.println("login success");
System.out.println(authentication.getDetails());
System.out.println(authentication.getAuthorities());
System.out.println(authentication.getCredentials());
System.out.println(authentication.getPrincipal());
}
}
Notiek ielāde…
Atcelt
Saglabāt