SpringBoot使用Spring Security实现登录注销功能

1.首先看下我的项目结构

我们逐个讲解

/** * 用户登录配置类 * @author Administrator * */public class AdminUserDateils implements UserDetails {private static final long serialVersionUID = -1546619839676530441L; private transient YCAdmin yCAdmin; public AdminUserDateils() {} public AdminUserDateils(YCAdmin yCAdmin) { if (yCAdmin != null) { this.yCAdmin = yCAdmin; } } public YCAdmin getyCAdmin() {return yCAdmin;}public void setyCAdmin(YCAdmin yCAdmin) {this.yCAdmin = yCAdmin;}@Overridepublic Collection<? extends GrantedAuthority> getAuthorities() { Collection<GrantedAuthority> authorities = new ArrayList<>(); SimpleGrantedAuthority authority = new SimpleGrantedAuthority('admin'); authorities.add(authority); return authorities;}//用户名密码@Overridepublic String getPassword() { return yCAdmin.getAdminPassword();}//账号@Overridepublic String getUsername() {return yCAdmin.getAdminAccount();}@Overridepublic boolean isAccountNonExpired() {return true;}@Overridepublic boolean isAccountNonLocked() {return true;}@Overridepublic boolean isCredentialsNonExpired() {return true;}@Overridepublic boolean isEnabled() {return true;}}

首先以上AdminUserDateils类是配置用户登录成功后，来存储用户登录的信息

/** * Spring-Security * @author Administrator * */@Servicepublic class AdminCustomerDetailsService implements UserDetailsService{@Autowiredprivate YCAdminMapper yCAdminMapper;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {YCAdmin ycAdmin= yCAdminMapper.selectYCAdminByAccount(username);if(ycAdmin==null) {throw new UsernameNotFoundException('未找到该用户！！');}//配置的AdminUserDateilsAdminUserDateils adminUserDateils = new AdminUserDateils(ycAdmin);return adminUserDateils;}}

以上AdminCustomerDetailsService是根据查找用户名的，需要实现UserDetailsService接口的loadUserByUsername的方法也就是会找用户名，这个根据mapper层，也就是数据库查找，返回只也就是刚才配置的AdminUserDateils类

public class YhPasswordEncoder implements PasswordEncoder{@Overridepublic String encode(CharSequence rawPassword) {return Des3.encrypt(rawPassword.toString());}@Overridepublic boolean matches(CharSequence rawPassword, String encodedPassword) {// TODO Auto-generated method stubreturn encode(rawPassword).equals(encodedPassword);}}

以上YhPasswordEncoder 需要继承是我们PasswordEncoder配置用户密码加密的，这里的加密可以按照自己业务需求来使用加密，按照这样换一种加密类型就可以了。

public class AdminSecurityConfiguration {@Configuration@Order(2)@EnableWebSecuritypublic static class ClientSecurityConfig extends WebSecurityConfigurerAdapter {@Autowiredprivate AdminCustomerDetailsService adminCustomerDetailsService;@Value('${yunhui.admin.urlContext:/houtai}')private String adminUrlContext;@Value('${yunhui.admin.noLoginUrls:}')private String noLoginUrls;@Overrideprotected void configure(HttpSecurity http) throws Exception {//循环获取用户不需要验证url（这里是记录在yml）List<String> clientNoLoginUrls = new ArrayList<String>();if (!noLoginUrls.isEmpty()) {for (String s : noLoginUrls.split(',')) {clientNoLoginUrls.add(adminUrlContext + s);}}http.//需要验证登录的urlantMatcher(adminUrlContext + '/**').authorizeRequests()//不需登录验证的url.antMatchers(clientNoLoginUrls.toArray(new String[0])).permitAll().anyRequest().authenticated().and()//开启表单验证.formLogin().//验证登录的urlloginProcessingUrl('/houtai/login')//登录的页面.loginPage('/houtai/login')//登录成功后跳转.defaultSuccessUrl('/houtai').permitAll().and()//注销登录的url.logout().logoutUrl('/houtai/loginout')//注销之后跳转的页面.logoutSuccessUrl('/houtai').and().rememberMe().and().csrf().disable();;}@Overridepublic void configure(AuthenticationManagerBuilder auth) throws Exception {//需要哪个service，和验证密码的方式，刚才我们都配置了auth.userDetailsService(adminCustomerDetailsService).passwordEncoder(new YhPasswordEncoder());}}

最后就是配置首先开启@Configuration@EnableWebSecurity的注解

一个是我们刚才配置的service其他两个两个变量是在配置文件配置的

最后配置我们表单验证就可以了input的name必须是username和password，除非重新配置了，action='/houtai/login'就是直接这样就可以实现登录了

如果有HttpSecurity配置的细节问题可以提问

补充可以自己配置登录成功和失败类

到此这篇关于SpringBoot使用Spring Security实现登录注销功能的文章就介绍到这了,更多相关Spring Security登录注销内容请搜索好吧啦网以前的文章或继续浏览下面的相关文章希望大家以后多多支持好吧啦网！