想關(guān)依賴，采用session加redis存儲用戶信息

<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-test</artifactId><scope>test</scope> </dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-jdbc</artifactId> </dependency> <dependency><groupId>com.ibeetl</groupId><artifactId>beetl-framework-starter</artifactId><version>1.1.56.RELEASE</version> </dependency> <!-- https://mvnrepository.com/artifact/javax.persistence/javax.persistence-api --> <dependency><groupId>javax.persistence</groupId><artifactId>javax.persistence-api</artifactId><version>2.2</version> </dependency> <dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-data-redis</artifactId></dependency> <!--session start--> <dependency><groupId>org.springframework.session</groupId><artifactId>spring-session-data-redis</artifactId><version>RELEASE</version> </dependency> <dependency><groupId>io.lettuce</groupId><artifactId>lettuce-core</artifactId><version>5.0.4.RELEASE</version> </dependency> <dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId><version>5.0.8.RELEASE</version> </dependency> <!--end--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-mail</artifactId> </dependency> <dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-quartz</artifactId> </dependency><dependency><groupId>com.squareup.okhttp3</groupId><artifactId>mockwebserver</artifactId><version>3.11.0</version> </dependency><dependency><!--自動生成getter,setter--><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><version>RELEASE</version> </dependency> <dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-jsr310</artifactId> </dependency> <dependency><groupId>org.apache.poi</groupId><artifactId>poi-ooxml</artifactId><version>RELEASE</version> </dependency> <dependency><groupId>org.apache.poi</groupId><artifactId>poi</artifactId><version>3.15</version> </dependency><dependency><groupId>cn.afterturn</groupId><artifactId>easypoi-base</artifactId><version>3.0.3</version> </dependency> <dependency><groupId>cn.afterturn</groupId><artifactId>easypoi-web</artifactId><version>3.0.3</version> </dependency> <dependency><groupId>cn.afterturn</groupId><artifactId>easypoi-annotation</artifactId><version>3.0.3</version> </dependency> <!--end-->

?

登錄處理類將用戶信息存入spring security（此類是通過username獲取用戶的合法用戶名，密碼，權(quán)限，并建立合法用戶，

spring security將自動與用戶輸入的進行匹配）

@Service @Transactional public class UserDetailsServiceIm implements UserDetailsService {private member memb,memRoles;@Autowiredprivate MemberEn mem;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {System.out.println("Running:\tUserDetails loadUserByUsername");memb=mem.getMember(username);if (memb == null){throw new UsernameNotFoundException("user not found");//拋出異常，會根據(jù)配置跳到登錄失敗頁面}memRoles=mem.getMemRole(memb.getId());//根據(jù)查詢的id查詢角色與urlsUser.UserBuilder builder;if(memb!=null){String[] roles=memRoles.getRoleName().split(",");builder=org.springframework.security.core.userdetails.User.withUsername(username);builder.password(new BCryptPasswordEncoder().encode(memb.getPasswd()));for (String role:roles) {System.out.println(role);}builder.roles(roles);}else {throw new UsernameNotFoundException("member not found");}return builder.build();}

webconfig類。

@Configuration @EnableWebSecurity public class WebSecConfig extends WebSecurityConfigurerAdapter {@Beanpublic UserDetailsService userDetailsService(){return new UserDetailsServiceIm();}@Beanpublic BCryptPasswordEncoder passwordEncoder(){//數(shù)據(jù)庫密碼密碼加密return new BCryptPasswordEncoder(){@Overridepublic String encode(CharSequence rawPassword) {// return MD5Utiles.encode(String.valueOf(rawPassword));return super.encode(rawPassword);}@Overridepublic boolean matches(CharSequence rawPassword, String encodedPassword) {// return encodedPassword.equals(MD5Utiles.encode(String.valueOf(rawPassword)));return super.matches(rawPassword, encodedPassword);}};}@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());}@AutowiredMemberEn memberEn;@Overrideprotected void configure(HttpSecurity http) throws Exception {Map<String,String[]> map=memberEn.getRoleUrl();if (map!=null) {Iterator<?> iterator = map.entrySet().iterator();while (iterator.hasNext()) {Map.Entry entry = (Map.Entry) iterator.next();String url = (String) entry.getKey();String[] roles = (String[]) entry.getValue();if (roles.length > 0) {http.authorizeRequests().antMatchers(url).hasAnyRole(roles).anyRequest().authenticated();}}}else {System.out.println("未查詢到用戶類型對應url的映射");}http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginPage("/login").defaultSuccessUrl("/mem/index.html").failureUrl("/login/error").permitAll().passwordParameter("password").usernameParameter("username").and().logout().logoutUrl("/test/api/exit").logoutSuccessUrl("/login").invalidateHttpSession(true).permitAll().and().csrf().disable();//關(guān)閉CSRF保護}@Override//web security忽略以下urlpublic void configure(WebSecurity web) throws Exception {super.configure(web);web.ignoring().antMatchers("/**/*.js","/**/*.css","/**/*.js","/**/*.jpg","/**/*.png","/**/*.jpeg","/test/*");}

編寫相應的接口處理登錄狀態(tài)跳轉(zhuǎn)（登錄表單的action屬性設成/login，不然無法攔截登錄信息，這是spring security默認的，也可以進行修改）

@RequestMapping("/login")//內(nèi)部用戶登錄攔截，spring security登錄控制默認攔截/login路徑，表單post為/login public ModelAndView login(){return new ModelAndView("/login.html"); }@RequestMapping(value = "/login/error") public @ResponseBody String doLoginError(){return "false"; }

控制層：攔截用戶請求，并根據(jù)用戶身份跳轉(zhuǎn)

@Controller @RequestMapping("/mem") public class MemEnContr {private ModelAndView modelAndView;@RequestMapping("/index.html")//根據(jù)角色跳轉(zhuǎn)，這里對應的是webconfig類中設置好的登錄成功url跳轉(zhuǎn)public ModelAndView doLogin(){switch (PermissionServer.getAuthe()){case "[ROLE_推薦單位]":modelAndView = new ModelAndView("redirect:/pro/hom/index.html");break;case "[ROLE_計劃科]":modelAndView = new ModelAndView("redirect:/pro/hom/index.html");break;case "[ROLE_admin]":modelAndView = new ModelAndView("redirect:/pro/hom/index.html");break;case "[ROLE_其他科室]":modelAndView = new ModelAndView("redirect:/pro/hom/index.html");break;case "[ROLE_受理中心]":modelAndView = new ModelAndView("redirect:/pro/hom/index.html");default:modelAndView = new ModelAndView("redirect:/login");//未登錄或權(quán)限不夠break;}return modelAndView;}

注意登錄表單post的action屬性要設置為與websecconfig類中一致才能被攔截，還需設置將驗證成功的跳轉(zhuǎn)url指向控制層相應的@RequestMapping

.and().formLogin().loginPage("/login").permitAll().defaultSuccessUr

用戶注銷登錄以及注銷后跳轉(zhuǎn)到登錄頁面：

.and().logout().logoutUrl("/mem/api/exit").logoutSuccessUrl("/login").permitAll().and().csrf().disable();//關(guān)閉CSRF保護

這里需要說明的是我們只需將頁面的注銷按鈕的src="./mem/api/exit"即可，不需要再控制層實現(xiàn)/mem/api/exit的相關(guān)方法，spring將自動完成注銷操作

總結(jié)

以上是生活随笔為你收集整理的spring security实现登录验证以及根据用户身份跳转不同页面的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。