2、自定义登录界面(thymeleaf)
1、html文件,放在resources/templates下为前面权限校验做筹备,权限校验看五、的security配置类
1) login.html
<!DOCTYPE html>
<html lang=”en”>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title></head>
<body>
<form action=”/login” method=”post”>
用户名 <input type="text" name="username"><br>
明码 <input type= "password" name="password">
<input type="submit" value="提交"></form>
</body>
</html>
2)失败页面
<!DOCTYPE html>
<html lang=”en”>
<head>
<meta charset="UTF-8">
<title>Title</title></head>
<body>
失败的页面
返回登录
</body>
</html>
3)胜利页面
<!DOCTYPE html>
<html lang=”en”>
<head>
<meta charset="UTF-8">
<title>Title</title></head>
<body>
<div>
<h3>首页</h3>
<a href="/Vip1">领有vip1 能力看的</a><br>
<a href="/Vip2">领有vip2 能力看的</a><br>
<a href="/role">领有abc 能力看的</a></div>
</body>
</html>
4)Vip1.html页面
<!DOCTYPE html>
<html lang=”en”>
<head>
<meta charset="UTF-8">
<title>Title</title></head>
<body>
这是 vip1 角色能力看见的信息
</body>
</html>
2、controller文件
@Controller
@RequestMapping()
public class UserController {
// 登录页,跳转到/templates/login.html页面
@RequestMapping("/login")
public String login() {
return "login";
}
// 首页,跳转到/templates/index.html页面
@RequestMapping("/home")
public String index() {
return "home";
}
@RequestMapping("/toFail")
public String toFail(){
return "fail";
}}
3、 security配置
/**
- SpringSecurity的配置
- Created by macro on 2018/4/26.
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//申请权限配置
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().loginPage("/login") // 放行userController中的login办法/login是对应办法名哦
.loginProcessingUrl("/login") // 必须和表单提交 action 的名字 一样的,提交 username 和password
// 设置登陆胜利调用的接口,在springmvc中返回的值是string的话会先去找对应字符串名称的html,如果找不到就会抛出异样
.successForwardUrl("/home")
//重定向
.successHandler(new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
httpServletResponse.sendRedirect("https://www.baidu.com");
}})
//失败跳转
.failureForwardUrl("/toFail");
http.authorizeRequests()
.antMatchers("/login").permitAll()// 放行userController中的login办法/login是对应办法名哦
.anyRequest().authenticated();
http.csrf().disable(); //禁止csrf(跨域申请)
@Configurationpublic class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()// .usernameParameter(“username123”)
// .passwordParameter(“password123”)
.loginPage("/myLoginController") // 肯定要和 Controller 中 返回 myLogin页面 统一,
.loginProcessingUrl("/login")// 必须和表单提交 action 的名字 一样的,提交 username 和password
.successForwardUrl("/toSuccess");// 这个是 登录胜利后返回的界面// .successHandler(new AuthenticationSuccessHandler() {
// @Override
// public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
// httpServletResponse.sendRedirect(“https://www.baidu.com”);
// }
// }).failureHandler(new ForwardAuthenticationFailureHandler(“/toFail”));
http.authorizeRequests()
.antMatchers("/myLoginController").permitAll()// 放行myLoginController
.antMatchers("/Vip1").hasAuthority("vip1")//数据看中存储的格局是vip1
.antMatchers("/Vip2").hasAuthority("vip2")//数据看中存储的格局是vip2
.antMatchers("/**/*.png").permitAll()
.antMatchers("/toRole").hasRole("abc") //数据看中存储的格局是Role_abc
.anyRequest().authenticated();
http.csrf().disable();
}
/* 能够不要哦,因为没有波及到动态资源的调用,如用swagger接口文档这种能够在这里开启
@Override
public void configure(WebSecurity web) throws Exception {
// 设置拦挡疏忽文件夹,能够对动态资源放行
web.ignoring().antMatchers("/css/**", "/js/**");
}*/}
发表回复