Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
cxt104926
vhr
提交
c53f09b7
V
vhr
项目概览
cxt104926
/
vhr
与 Fork 源项目一致
Fork自
_江南一点雨 / vhr
通知
8
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
V
vhr
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
c53f09b7
编写于
5月 07, 2020
作者:
江
江南一点雨
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update SecurityConfig.java
上级
2c565e09
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
53 addition
and
71 deletion
+53
-71
vhr/vhrserver/vhr-web/src/main/java/org/javaboy/vhr/config/SecurityConfig.java
.../src/main/java/org/javaboy/vhr/config/SecurityConfig.java
+53
-71
未找到文件。
vhr/vhrserver/vhr-web/src/main/java/org/javaboy/vhr/config/SecurityConfig.java
浏览文件 @
c53f09b7
...
...
@@ -13,21 +13,11 @@ import org.springframework.security.config.annotation.authentication.builders.Au
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.config.annotation.web.builders.WebSecurity
;
import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.AuthenticationException
;
import
org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
;
import
org.springframework.security.crypto.password.PasswordEncoder
;
import
org.springframework.security.web.AuthenticationEntryPoint
;
import
org.springframework.security.web.access.intercept.FilterSecurityInterceptor
;
import
org.springframework.security.web.authentication.AuthenticationFailureHandler
;
import
org.springframework.security.web.authentication.AuthenticationSuccessHandler
;
import
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
;
import
org.springframework.security.web.authentication.logout.LogoutSuccessHandler
;
import
javax.servlet.ServletException
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
java.io.IOException
;
import
java.io.PrintWriter
;
/**
...
...
@@ -59,48 +49,44 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public
void
configure
(
WebSecurity
web
)
throws
Exception
{
web
.
ignoring
().
antMatchers
(
"/css/**"
,
"/js/**"
,
"/index.html"
,
"/img/**"
,
"/fonts/**"
,
"/favicon.ico"
,
"/verifyCode"
);
web
.
ignoring
().
antMatchers
(
"/css/**"
,
"/js/**"
,
"/index.html"
,
"/img/**"
,
"/fonts/**"
,
"/favicon.ico"
,
"/verifyCode"
);
}
@Bean
LoginFilter
loginFilter
()
throws
Exception
{
LoginFilter
loginFilter
=
new
LoginFilter
();
loginFilter
.
setAuthenticationSuccessHandler
(
new
AuthenticationSuccessHandler
()
{
@Override
public
void
onAuthenticationSuccess
(
HttpServletRequest
request
,
HttpServletResponse
response
,
Authentication
authentication
)
throws
IOException
,
ServletException
{
response
.
setContentType
(
"application/json;charset=utf-8"
);
PrintWriter
out
=
response
.
getWriter
();
Hr
hr
=
(
Hr
)
authentication
.
getPrincipal
();
hr
.
setPassword
(
null
);
RespBean
ok
=
RespBean
.
ok
(
"登录成功!"
,
hr
);
String
s
=
new
ObjectMapper
().
writeValueAsString
(
ok
);
out
.
write
(
s
);
out
.
flush
();
out
.
close
();
}
});
loginFilter
.
setAuthenticationFailureHandler
(
new
AuthenticationFailureHandler
()
{
@Override
public
void
onAuthenticationFailure
(
HttpServletRequest
request
,
HttpServletResponse
response
,
AuthenticationException
exception
)
throws
IOException
,
ServletException
{
response
.
setContentType
(
"application/json;charset=utf-8"
);
PrintWriter
out
=
response
.
getWriter
();
RespBean
respBean
=
RespBean
.
error
(
exception
.
getMessage
());
if
(
exception
instanceof
LockedException
)
{
respBean
.
setMsg
(
"账户被锁定,请联系管理员!"
);
}
else
if
(
exception
instanceof
CredentialsExpiredException
)
{
respBean
.
setMsg
(
"密码过期,请联系管理员!"
);
}
else
if
(
exception
instanceof
AccountExpiredException
)
{
respBean
.
setMsg
(
"账户过期,请联系管理员!"
);
}
else
if
(
exception
instanceof
DisabledException
)
{
respBean
.
setMsg
(
"账户被禁用,请联系管理员!"
);
}
else
if
(
exception
instanceof
BadCredentialsException
)
{
respBean
.
setMsg
(
"用户名或者密码输入错误,请重新输入!"
);
loginFilter
.
setAuthenticationSuccessHandler
((
request
,
response
,
authentication
)
->
{
response
.
setContentType
(
"application/json;charset=utf-8"
);
PrintWriter
out
=
response
.
getWriter
();
Hr
hr
=
(
Hr
)
authentication
.
getPrincipal
();
hr
.
setPassword
(
null
);
RespBean
ok
=
RespBean
.
ok
(
"登录成功!"
,
hr
);
String
s
=
new
ObjectMapper
().
writeValueAsString
(
ok
);
out
.
write
(
s
);
out
.
flush
();
out
.
close
();
}
out
.
write
(
new
ObjectMapper
().
writeValueAsString
(
respBean
));
out
.
flush
();
out
.
close
();
}
});
);
loginFilter
.
setAuthenticationFailureHandler
((
request
,
response
,
exception
)
->
{
response
.
setContentType
(
"application/json;charset=utf-8"
);
PrintWriter
out
=
response
.
getWriter
();
RespBean
respBean
=
RespBean
.
error
(
exception
.
getMessage
());
if
(
exception
instanceof
LockedException
)
{
respBean
.
setMsg
(
"账户被锁定,请联系管理员!"
);
}
else
if
(
exception
instanceof
CredentialsExpiredException
)
{
respBean
.
setMsg
(
"密码过期,请联系管理员!"
);
}
else
if
(
exception
instanceof
AccountExpiredException
)
{
respBean
.
setMsg
(
"账户过期,请联系管理员!"
);
}
else
if
(
exception
instanceof
DisabledException
)
{
respBean
.
setMsg
(
"账户被禁用,请联系管理员!"
);
}
else
if
(
exception
instanceof
BadCredentialsException
)
{
respBean
.
setMsg
(
"用户名或者密码输入错误,请重新输入!"
);
}
out
.
write
(
new
ObjectMapper
().
writeValueAsString
(
respBean
));
out
.
flush
();
out
.
close
();
}
);
loginFilter
.
setAuthenticationManager
(
authenticationManagerBean
());
loginFilter
.
setFilterProcessesUrl
(
"/doLogin"
);
return
loginFilter
;
...
...
@@ -119,35 +105,31 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
})
.
and
()
.
logout
()
.
logoutSuccessHandler
(
new
LogoutSuccessHandler
()
{
@Override
public
void
onLogoutSuccess
(
HttpServletRequest
req
,
HttpServletResponse
resp
,
Authentication
authentication
)
throws
IOException
,
ServletException
{
resp
.
setContentType
(
"application/json;charset=utf-8"
);
PrintWriter
out
=
resp
.
getWriter
();
out
.
write
(
new
ObjectMapper
().
writeValueAsString
(
RespBean
.
ok
(
"注销成功!"
)));
out
.
flush
();
out
.
close
();
}
})
.
logoutSuccessHandler
((
req
,
resp
,
authentication
)
->
{
resp
.
setContentType
(
"application/json;charset=utf-8"
);
PrintWriter
out
=
resp
.
getWriter
();
out
.
write
(
new
ObjectMapper
().
writeValueAsString
(
RespBean
.
ok
(
"注销成功!"
)));
out
.
flush
();
out
.
close
();
}
)
.
permitAll
()
.
and
()
.
csrf
().
disable
().
exceptionHandling
()
//没有认证时,在这里处理结果,不要重定向
.
authenticationEntryPoint
(
new
AuthenticationEntryPoint
()
{
@Override
public
void
commence
(
HttpServletRequest
req
,
HttpServletResponse
resp
,
AuthenticationException
authException
)
throws
IOException
,
ServletException
{
resp
.
setContentType
(
"application/json;charset=utf-8"
);
resp
.
setStatus
(
401
);
PrintWriter
out
=
resp
.
getWriter
();
RespBean
respBean
=
RespBean
.
error
(
"访问失败!"
);
if
(
authException
instanceof
InsufficientAuthenticationException
)
{
respBean
.
setMsg
(
"请求失败,请联系管理员!"
);
}
out
.
write
(
new
ObjectMapper
().
writeValueAsString
(
respBean
));
out
.
flush
();
out
.
close
();
}
});
.
authenticationEntryPoint
((
req
,
resp
,
authException
)
->
{
resp
.
setContentType
(
"application/json;charset=utf-8"
);
resp
.
setStatus
(
401
);
PrintWriter
out
=
resp
.
getWriter
();
RespBean
respBean
=
RespBean
.
error
(
"访问失败!"
);
if
(
authException
instanceof
InsufficientAuthenticationException
)
{
respBean
.
setMsg
(
"请求失败,请联系管理员!"
);
}
out
.
write
(
new
ObjectMapper
().
writeValueAsString
(
respBean
));
out
.
flush
();
out
.
close
();
}
);
http
.
addFilterAt
(
loginFilter
(),
UsernamePasswordAuthenticationFilter
.
class
);
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录