1 package com.zy.configuration;
2 import org.springframework.beans.factory.annotation.Autowired;
3 import org.springframework.context.annotation.Bean;
4 import org.springframework.context.annotation.Configuration;
5 import org.springframework.security.authentication.AuthenticationManager;
6 import org.springframework.security.authentication.AuthenticationProvider;
7 import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
8 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
9 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
10 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
11 import org.springframework.security.config.annotation.web.builders.WebSecurity;
12 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
13 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
14 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
15 import org.springframework.stereotype.Service;
16
17 /**
18 * @Author zhang
19 * @create 2017-07-14-15:51
20 * @desc ${DESCRIPTION}
21 **/
22 @Configuration
23 @EnableGlobalMethodSecurity(prePostEnabled = true)//开启security注解
24 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
25
26 @Autowired
27 private MyAuthenticationProvider authenticationProvider;
28
29 @Autowired
30 private MySecurityFilter mySecurityFilter;
31
32 @Override
33 public AuthenticationManager authenticationManagerBean() throws Exception {
34 return super.authenticationManagerBean();
35 }
36
37 @Override
38 protected void configure(HttpSecurity http) throws Exception {
39 //允许所有用户访问"/"和"/home"
40 http
41 .addFilterBefore(mySecurityFilter, FilterSecurityInterceptor.class)//在正确的位置添加我们自定义的过滤器
42 .csrf().disable()
43 .authorizeRequests()
44 .antMatchers("/", "/home","403").permitAll()//访问:/home 无需登录认证权限
45 //其他地址的访问均需验证权限
46 .anyRequest().authenticated()//其他所有资源都需要认证,登陆后访问
47 .and()
48 .formLogin()
49 //指定登录页是"/login"
50 .loginPage("/login")
51 .defaultSuccessUrl("/index")//登录成功后默认跳转到"/hello"
52 // .failureUrl("/403")
53 .permitAll()
54 //.successHandler(loginSuccessHandler())//code3
55 .and()
56 .logout()
57 .logoutSuccessUrl("/")//退出登录后的默认url是"/home"
58 .permitAll()
59 .and()
60 .rememberMe()//登录后记住用户,下次自动登录,数据库中必须存在名为persistent_logins的表
61 .tokenValiditySeconds(1209600); ;
62 }
63 @Override
64 protected void configure(AuthenticationManagerBuilder auth) throws Exception {
65 auth.authenticationProvider(authenticationProvider);
66 auth.userDetailsService(customUserDetailsService()).passwordEncoder(passwordEncoder());
67 }
68 @Override
69 public void configure(WebSecurity web) throws Exception {
70 web.ignoring().antMatchers("/resources/**");
71 //可以仿照上面一句忽略静态资源
72 }
73
74 // @Autowired
75 // public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
76 // auth.authenticationProvider(authenticationProvider);
77 // }
78
79 /**
80 * 设置用户密码的加密方式为MD5加密
81 * @return
82 */
83 @Bean
84 public Md5PasswordEncoder passwordEncoder() {
85 return new Md5PasswordEncoder();
86
87 }
88
89 /**
90 * 自定义UserDetailsService,从数据库中读取用户信息
91 * @return
92 */
93 @Bean
94 public CustomUserDetailsService customUserDetailsService(){
95 return new CustomUserDetailsService();
96 }
97 //
98 }
浙公网安备 33010602011771号