2、自定义登录界面(thymeleaf)
1、html文件,放在resources/templates下为前面权限校验做筹备,权限校验看五、的security配置类
1) login.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>Document</title></head>
<body>
<form action="/login" method="post">
用户名 <input type="text" name="username"><br>明码 <input type= "password" name="password"><input type="submit" value="提交"></form>
</body>
</html>
2)失败页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8"><title>Title</title></head>
<body>
失败的页面
返回登录
</body>
</html>
3)胜利页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8"><title>Title</title></head>
<body>
<div>
<h3>首页</h3><a href="/Vip1">领有vip1 能力看的</a><br><a href="/Vip2">领有vip2 能力看的</a><br><a href="/role">领有abc 能力看的</a></div>
</body>
</html>
4)Vip1.html页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8"><title>Title</title></head>
<body>
这是 vip1 角色能力看见的信息
</body>
</html>
2、controller文件
@Controller
@RequestMapping()
public class UserController {
// 登录页,跳转到/templates/login.html页面@RequestMapping("/login")public String login() { return "login";}// 首页,跳转到/templates/index.html页面@RequestMapping("/home")public String index() { return "home";}@RequestMapping("/toFail")public String toFail(){ return "fail";}}
3、 security配置
/**
- SpringSecurity的配置
- Created by macro on 2018/4/26.
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//申请权限配置@Overrideprotected void configure(HttpSecurity http) throws Exception { http.formLogin().loginPage("/login") // 放行userController中的login办法/login是对应办法名哦 .loginProcessingUrl("/login") // 必须和表单提交 action 的名字 一样的,提交 username 和password // 设置登陆胜利调用的接口,在springmvc中返回的值是string的话会先去找对应字符串名称的html,如果找不到就会抛出异样 .successForwardUrl("/home") //重定向 .successHandler(new AuthenticationSuccessHandler() {@Overridepublic void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { httpServletResponse.sendRedirect("https://www.baidu.com");}})
//失败跳转 .failureForwardUrl("/toFail"); http.authorizeRequests() .antMatchers("/login").permitAll()// 放行userController中的login办法/login是对应办法名哦 .anyRequest().authenticated(); http.csrf().disable(); //禁止csrf(跨域申请) @Configurationpublic class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Overrideprotected void configure(HttpSecurity http) throws Exception { http.formLogin()// .usernameParameter("username123")
// .passwordParameter("password123")
.loginPage("/myLoginController") // 肯定要和 Controller 中 返回 myLogin页面 统一, .loginProcessingUrl("/login")// 必须和表单提交 action 的名字 一样的,提交 username 和password .successForwardUrl("/toSuccess");// 这个是 登录胜利后返回的界面// .successHandler(new AuthenticationSuccessHandler() {
// @Override
// public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
// httpServletResponse.sendRedirect("https://www.baidu.com");
// }
// }).failureHandler(new ForwardAuthenticationFailureHandler("/toFail"));
http.authorizeRequests() .antMatchers("/myLoginController").permitAll()// 放行myLoginController .antMatchers("/Vip1").hasAuthority("vip1")//数据看中存储的格局是vip1 .antMatchers("/Vip2").hasAuthority("vip2")//数据看中存储的格局是vip2 .antMatchers("/**/*.png").permitAll() .antMatchers("/toRole").hasRole("abc") //数据看中存储的格局是Role_abc .anyRequest().authenticated(); http.csrf().disable();}/* 能够不要哦,因为没有波及到动态资源的调用,如用swagger接口文档这种能够在这里开启
@Overridepublic void configure(WebSecurity web) throws Exception { // 设置拦挡疏忽文件夹,能够对动态资源放行 web.ignoring().antMatchers("/css/**", "/js/**");}*/}