代码INIT

2022-05-01 14:12:28 +08:00
parent 9d8f3ceab2
commit 3fdb3799ff
1438 changed files with 122941 additions and 0 deletions
--- a/src/main/java/com/quinn/config/SecurityConfig.java
+++ b/src/main/java/com/quinn/config/SecurityConfig.java
@@ -0,0 +1,62 @@
+package com.quinn.config;
+
+import com.quinn.service.impl.UserServiceImpl;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    UserServiceImpl userService;
+
+    //请求授权验证
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+
+        // .denyAll();    //拒绝访问
+        // .authenticated();    //需认证通过
+        // .permitAll();    //无条件允许访问
+        // 访问权限
+        http.authorizeRequests()
+                .antMatchers("/","/index").permitAll()
+                .antMatchers("/register","/login","/toLogin").permitAll()
+                .antMatchers("/*").authenticated();
+
+        // 登录配置
+        http.formLogin()
+                .usernameParameter("username")
+                .passwordParameter("password")
+                .loginPage("/toLogin")
+                .loginProcessingUrl("/login") // 登陆表单提交请求
+                .defaultSuccessUrl("/index"); // 设置默认登录成功后跳转的页面
+
+        // 注销配置
+        http.headers().contentTypeOptions().disable();
+        http.headers().frameOptions().disable(); // 图片跨域
+        http.csrf().disable();//关闭csrf功能:跨站请求伪造,默认只能通过post方式提交logout请求
+        http.logout().logoutSuccessUrl("/");
+
+        // 记住我配置
+        http.rememberMe().rememberMeParameter("remember");
+    }
+
+    // 用户授权验证
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
+    }
+
+    // 密码加密方式
+    @Bean
+    public PasswordEncoder passwordEncoder(){
+        return new BCryptPasswordEncoder();
+    }
+
+}