内存添加零时用户 & 权限校验

4 years ago · 608708d239
4 changed files with 116 additions and 2 deletions
--- a/src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java
+++ b/src/main/java/com/aiprose/scauth/conf/WebSecurityConfig.java
@ -1,9 +1,14 @@
 package com.aiprose.scauth.conf;
 import com.aiprose.scauth.handler.AuthLimitHandler;
 import com.aiprose.scauth.handler.LoginSuccessHandler;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 /**
 * @author nelson
@ -13,7 +18,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 * @since 1.0
 */
@Configuration
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
+@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(WebSecurity web) throws Exception {
 //        super.configure(web);
@ -21,6 +27,22 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
    @Override
    protected void configure(HttpSecurity http) throws Exception {
-//        super.configure(http);
+        super.configure(http);
        http.formLogin().successHandler(new LoginSuccessHandler());
        //权限不足
        http.exceptionHandling().accessDeniedHandler(new AuthLimitHandler());
    }
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("nelson").password(new BCryptPasswordEncoder().encode("123456")).roles("admin")
                .and()
                .withUser("yasaka").password(new BCryptPasswordEncoder().encode("123456")).roles("user")
                .and()
                .withUser("one").password(new BCryptPasswordEncoder().encode("123456")).roles("gest")
                .and()
                .withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("root");
    }
 }
--- a/src/main/java/com/aiprose/scauth/controller/TestAuthController.java
+++ b/src/main/java/com/aiprose/scauth/controller/TestAuthController.java
@ -0,0 +1,36 @@
 package com.aiprose.scauth.controller;
 import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import javax.annotation.security.RolesAllowed;
 /**
 * @author nelson
 * @desc TODO
 * @company 北京中经网软件有限公司
 * @date 2020/11/27 16:42
 * @since 1.0
 */
@RestController
 public class TestAuthController {
    @Secured("ROLE_root") //需要加前缀
    @GetMapping("root")
    public String root(){
        return "root";
    }
    @PreAuthorize("hasAnyRole('root','admin')")
    @GetMapping("admin")
    public String gest(){
        return "admin";
    }
    @RolesAllowed("user")
    @GetMapping("user")
    public String user(){
        return "user";
    }
 }
--- a/src/main/java/com/aiprose/scauth/handler/AuthLimitHandler.java
+++ b/src/main/java/com/aiprose/scauth/handler/AuthLimitHandler.java
@ -0,0 +1,29 @@
 package com.aiprose.scauth.handler;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 /**
 * @author nelson
 * @desc 权限不足
 * @company 北京中经网软件有限公司
 * @date 2020/11/27 16:50
 * @since 1.0
 */
@Slf4j
 public class AuthLimitHandler implements AccessDeniedHandler {
    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        log.error("你没有权限访问网址{}",request.getRequestURI());
        response.sendError(403);
    }
 }
--- a/src/main/java/com/aiprose/scauth/handler/LoginSuccessHandler.java
+++ b/src/main/java/com/aiprose/scauth/handler/LoginSuccessHandler.java
@ -0,0 +1,27 @@
 package com.aiprose.scauth.handler;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 /**
 * @author nelson
 * @desc TODO
 * @company 北京中经网软件有限公司
 * @date 2020/11/27 16:15
 * @since 1.0
 */
 public class LoginSuccessHandler implements AuthenticationSuccessHandler {
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        System.out.println("login success");
        System.out.println(authentication.getDetails());
        System.out.println(authentication.getAuthorities());
        System.out.println(authentication.getCredentials());
        System.out.println(authentication.getPrincipal());
    }
 }