security 最简陋配置，加了一些从security教程中拿的页面代码

codesverve · Apr 30, 2020 · 3b1ce81 · 3b1ce81
1 parent 867228e
commit 3b1ce81
Show file tree

Hide file tree

Showing 11 changed files with 173 additions and 1 deletion.
diff --git a/pom.xml b/pom.xml
@@ -148,6 +148,15 @@
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
     </dependencies>
 
     <profiles>

diff --git a/src/main/java/com/uetty/sample/springboot/SpringConfigure.java b/src/main/java/com/uetty/sample/springboot/SpringConfigure.java
@@ -8,9 +8,12 @@
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationListener;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.event.ContextClosedEvent;
 import org.springframework.context.event.ContextStoppedEvent;
+import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
@@ -33,4 +36,5 @@ public void onApplicationEvent(ApplicationEvent applicationEvent) {
         } /*else if (applicationEvent instanceof ContextRefreshedEvent) {
         }*/
     }
+
 }
diff --git a/src/main/java/com/uetty/sample/springboot/controller/BaseController.java b/src/main/java/com/uetty/sample/springboot/controller/BaseController.java
@@ -8,6 +8,7 @@
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.util.Locale;
 
 @SuppressWarnings("SameParameterValue")
@@ -25,6 +26,12 @@ protected Locale getLocale() {
         return httpServletRequest.getLocale();
     }
 
+    /**
+     * 获取session
+     */
+    protected HttpSession getSession() {
+        return httpServletRequest.getSession();
+    }
     /**
      * 错误情况下的响应结果，使用默认的错误code
      */

diff --git a/src/main/java/com/uetty/sample/springboot/controller/HelloController.java b/src/main/java/com/uetty/sample/springboot/controller/HelloController.java
@@ -9,8 +9,9 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+
 @RestController
-@RequestMapping("/${server.apiUrlPrefix}/")
+@RequestMapping("${server.apiUrlPrefix}/")
 public class HelloController extends BaseController {
 
     @Autowired
@@ -35,4 +36,5 @@ public BaseResponse<PagedResponseData<User>> getUsers() {
         PagedResponseData<User> pagedData = getPagedData(page);
         return successResult(pagedData);
     }
+
 }
diff --git a/src/main/java/com/uetty/sample/springboot/controller/PageController.java b/src/main/java/com/uetty/sample/springboot/controller/PageController.java
@@ -0,0 +1,18 @@
+package com.uetty.sample.springboot.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import javax.websocket.server.PathParam;
+
+/**
+ * 简陋的作为页面的controller
+ */
+@Controller
+public class PageController extends BaseController {
+
+    @RequestMapping("{pageName}")
+    public String getPage(@PathParam("pageName") String pageName) {
+        return pageName;
+    }
+}
diff --git a/src/main/java/com/uetty/sample/springboot/security/SecurityConfigure.java b/src/main/java/com/uetty/sample/springboot/security/SecurityConfigure.java
@@ -0,0 +1,60 @@
+package com.uetty.sample.springboot.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Configurable;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.csrf.CsrfTokenRepository;
+import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
+
+
+@EnableWebSecurity
+@AutoConfigureAfter(SecurityConfigure.SecurityBeanConfigure.class)
+public class SecurityConfigure extends WebSecurityConfigurerAdapter {
+
+    @Configurable
+    static class SecurityBeanConfigure {
+
+    }
+
+    @Value("${server.apiUrlPrefix}/login")
+    private String loginProcessingUrl;
+    @Value("${server.apiUrlPrefix}/**")
+    private String apiPath;
+    @Value("${server.apiUrlPrefix}/logout")
+    private String logoutPath;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable();
+        http
+                .authorizeRequests()
+                // api接口都需要登录
+                .antMatchers(apiPath).authenticated()
+                // 其余路径（页面）不需要认证
+                .anyRequest().permitAll()
+
+                .and()
+                .formLogin()
+                // 登录页面地址（也即判断请求未登录验证时，重定向到的页面）
+                .loginPage("/login")
+                // 登录接口路径
+                .loginProcessingUrl(loginProcessingUrl)
+                // 登录成功后重定向到的页面地址
+                .defaultSuccessUrl("/index")
+                // 登录失败时重定向到的页面
+                .failureUrl("/error")
+                // 登录接口传递用户名的参数名
+                .usernameParameter("username")
+                // 登录接口传递密码的参数名
+                .passwordParameter("password")
+                .and()
+                .logout()
+                .logoutUrl(logoutPath)
+                ;
+    }
+}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -8,6 +8,7 @@ spring:
         # 国际化文件
         basename: i18n/messages
 
+
 mybatis:
     # mybatis配置文件
     config-location: classpath:mybatis-config.xml

diff --git a/src/main/resources/static/css/main.css b/src/main/resources/static/css/main.css
@@ -0,0 +1,13 @@
+body {
+    font-family: sans;
+    font-size: 1em;
+}
+
+p.error {
+    font-weight: bold;
+    color: red;
+}
+
+div.logout {
+    float: right;
+}
diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org" xmlns:sec="https://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
+    <head>
+        <title>Hello Spring Security</title>
+        <meta charset="utf-8" />
+        <link rel="stylesheet" href="/css/main.css" th:href="@{/css/main.css}" />
+    </head>
+    <body>
+        <div th:fragment="logout" class="logout" sec:authorize="isAuthenticated()">
+            Logged in user: <span sec:authentication="name"></span> |
+            Roles: <span sec:authentication="principal.authorities"></span>
+            <div>
+                <form action="#" th:action="@{/api/logout}" method="post">
+                    <input type="submit" value="Logout" />
+                </form>
+            </div>
+        </div>
+        <h1>Hello Spring Security</h1>
+        <p>This is an unsecured page, but you can access the secured pages after authenticating.</p>
+        <ul>
+            <li>Go to the <a href="/user/index" th:href="@{/user/index}">secured pages</a></li>
+        </ul>
+    </body>
+</html>
diff --git a/src/main/resources/templates/login.html b/src/main/resources/templates/login.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org">
+    <head>
+        <title>Login page</title>
+        <meta charset="utf-8" />
+        <link rel="stylesheet" href="/css/main.css" th:href="@{/css/main.css}" />
+	</head>
+    <body>
+        <h1>Login page</h1>
+        <p>Example user: user / password</p>
+        <p th:if="${loginError}" class="error">Wrong user or password</p>
+        <form th:action="@{/api/login}" method="post">
+            <label for="username">Username</label>:
+            <input type="text" id="username" name="username" autofocus="autofocus" /> <br />
+            <label for="password">Password</label>:
+            <input type="password" id="password" name="password" /> <br />
+            <input type="submit" value="Log in" />
+        </form>
+        <p><a href="/index" th:href="@{/index}">Back to home page</a></p>
+    </body>
+</html>
diff --git a/src/main/resources/templates/user/index.html b/src/main/resources/templates/user/index.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org">
+    <head>
+        <title>Hello Spring Security</title>
+        <meta charset="utf-8" />
+        <link rel="stylesheet" href="/css/main.css" th:href="@{/css/main.css}" />
+    </head>
+    <body>
+        <div th:substituteby="index::logout"></div>
+        <h1>This is a secured page!</h1>
+        <p><a href="/index" th:href="@{/index}">Back to home page</a></p>
+    </body>
+</html>