基于 AOP 思想 在执行 Controller 之前切入,查询存入的 list 角色/资源是否有权限
FrameSet 排版 安全框架默认不支持 设置开关
http.csrf().disable().headers().frameOptions().sameOrigin();
远程注入有延迟 导致第一次验证不成功
Refrence 和 Service 都可以加 timeout 超时时间
SecurityConfig
炳汉的独白
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Resource
private UserDetailsService userDetailsService;
@Resource
private AuthenticationFailureHandler authenticationFailureHandler;
@Resource
private AuthenticationEntryPoint authenticationEntryPoint;
@Resource
private AccessDeniedHandler accessDeniedHandler;
//加密对象
@Bean
public BCryptPasswordEncoder getEncoder(){
return new BCryptPasswordEncoder();
}
//重写的config
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(getEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().headers().frameOptions().sameOrigin();
//跨站请求伪造
http.csrf().disable()//关闭跨站请求伪造
//指定登录页面是谁、指定登录成功之后跳转的页面是谁
.formLogin()//使用表单登录实现认证
.loginPage("/index.html")//登录页面是哪个
.loginProcessingUrl("/login")//登录连接是哪个
.defaultSuccessUrl("/pages/main.html")//登录成功跳转页面
.permitAll()
.failureHandler(authenticationFailureHandler)//登录失败如何处理
.and()//添加其他配置
.authorizeRequests()//请求需要认证
//哪些资源不需要登录可以直接访问
.antMatchers("/index.html","/login").permitAll()//代表哪些页面或者url不需要登录可以直接访问
.antMatchers("/js/**","/css/**","/img/**","/plugins/**","/template/**","/loginstyle/**","/zTree_v3-master/**","/favicon.ico").permitAll()//代表静态资源不需要登录可以直接访问
.anyRequest()//代表当前项目任何请求都要到此处
.authenticated();//代表需要认证
//发生异常时如何处理
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).accessDeniedHandler(accessDeniedHandler);
//登出 -- 退出登录的配置
http.logout().logoutUrl("/logout").logoutSuccessUrl("/index.html");
}
}
UserDetailsServiceImpl
@Component
public class UserDetailsServiceImpl implements UserDetailsService {
@Reference(timeout = 30000)
private TUserService tUserService;
@Reference(timeout = 30000)
private TRoleService tRoleService;
@Reference(timeout = 30000)
private TPermissionService tPermissionService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
TUser user = tUserService.findUserByUsername(username);
if(user == null){
throw new UsernameNotFoundException("用户名或者密码有误");
}
List<GrantedAuthority>list = new ArrayList<>();
Integer userId = user.getId();
List<TRole> roleList = tRoleService.findRoleByUserID(userId);
for(TRole tRole : roleList){
String keyword = tRole.getKeyword();
list.add(new SimpleGrantedAuthority(keyword));
}
List<TPermission>permissionList = tPermissionService.findPermissionByUserID(userId);
for(TPermission tPermission : permissionList){
String keyword = tPermission.getKeyword();
list.add(new SimpleGrantedAuthority(keyword));
}
return new User(username,user.getPassword(),list);
}
}
角色和权限验证
@Secured({"ROLE_user",......}) 验证角色
@PreAuthorize("hasAuthority('权限字符串)") 验证权限
退出
<a href="/logout">退出</a>
通过之前配之类的配置给定 url 即可
//登出 -- 退出登录的配置
http.logout().logoutUrl("/logout").logoutSuccessUrl("/index.html");
用户名
页面设置异步函数
findUsername(){
axios.get('../user/findUsername').then((res) => {
if(res.data.flag){
this.username = res.data.obj;
}
});
}
Controller
框架保存着用户名 拿出 即可
//获取登录用户名
@GetMapping("findUsername")
public Result findUsername(){
try{
String username = SecurityContextHolder.getContext().getAuthentication().getName();
return new Result(true,"获取用户名成功",username);
}catch (Exception e){
e.printStackTrace();
return new Result(false,"获取用户名失败",null);
}
}
cd /etc/syscongig/network-scripts/
ls
vi ifcfg-ens33
# 设置 ONBOOT为 yes 是动态 ip
ONBOOT=yes
# 静态 ip 修改如下
BOOTPROTO=static
# 追加
IPADDR=192.168.159.21
NETMASK=255.255.255.0
GATEWAY=192.168.159.2
DNS1=8.8.8.8
打开 编辑 虚拟网络编辑器
查看 NAT模式 子网地址 为 ip网段 NAT 设置查看网关
reboot 重启虚拟机(或者重启网卡systemctl restart network.service)