贴工程目录,其中bll目录下是service+dao层,common是一些公用的模块及功能类,web是controller层
用到了druid及Redis,工具及配置类目录(本文不介绍如何配置druid及Redis,但是我会把源文件放上)
web文件目录结构
接下来,说下大体的学习研究思路,在这块我是分了三部分来做验证的,这三部分只有securityconfig配置类有所区别
第一部分就是前后端不分离的security认证;
第二部是前后端分离,使用security+JWT认证;
第三部分是一个项目中既包含前段的web验证,也包含API的jwt认证;
一、第一部分的验证:
pom文件
1 <!-- security --> 2 <dependency> 3 <groupId>org.springframework.boot</groupId> 4 <artifactId>spring-boot-starter-security</artifactId> 5 </dependency> 6 <!-- jwt --> 7 <dependency> 8 <groupId>io.jsonwebtoken</groupId> 9 <artifactId>jjwt</artifactId> 10 <version>0.9.0</version> 11 </dependency>
配置类中会用到的常量参数
# JWT jwt.secret=secret ## 过期时间 毫秒 jwt.expiration=7200000 ## 请求头 jwt.token_header=Authorization ## token 前缀 jwt.token_prefix=Bearer
spring security configuration配置类
package com.ek.security.config;
import com.ek.security.EkUserDetailsService;
import com.ek.security.handler.EkAuthenticationEntryPoint;
import com.ek.security.handler.EkAuthenticationFailureHandler;
import com.ek.security.handler.EkAuthenticationSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.util.matcher.RequestMatcher;
import javax.servlet.http.HttpServletRequest;
/**
* @ClassName: EkWebSecurityConfig
* @Description: 前后端不分离的security安全认证
* @Author: edi_kai
* @Version: V2.0
**/
@Configuration
public class EkWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private EkUserDetailsService userDetailsService;
@Autowired
private EkAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private EkAuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private EkAuthenticationSuccessHandler authenticationSuccessHandler;
@Autowired
PasswordEncoder passwordEncoder;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 添加自定义认证
auth
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder)
;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// http.authorizeRequests().antMatchers("/**").permitAll();
http.csrf().disable() //此处必须设置csrf disable,原因还不知道,对CSRF不太了解,后续我会查一下资料,然后在补充说明
// .and()
.httpBasic().authenticationEntryPoint(authenticationEntryPoint) // 没有凭证的操作,该部分不需要,可以不添加
.and()
.authorizeRequests()
.antMatchers("/", "/index", "/toLogin", "/fail", "/druid/**").permitAll() //需要忽略的请求链接
.anyRequest().authenticated()
// .access("@rbacauthorityservice.hasPermission(request,authentication)") // RBAC 动态 url 认证
.and()
.formLogin().loginPage("/index") //指定自己的登录页面
.loginProcessingUrl("/toLogin") // 登录action
.usernameParameter("logName") // 登录用户名
.passwordParameter("password") //密码
.defaultSuccessUrl("/success", false) //设置登陆成功后跳转的页面
.failureHandler(authenticationFailureHandler) //登录失败拦截器,也可以配置到指定的失败页面,我没写
// .successHandler(authenticationSuccessHandler)
.and()
.logout()
;
}
}
接下来看下该配置类中用到的其他配置类
EkUserDetails用户认证实体类,自己添加get/set方法,基本的Java类,不需要添加任何注解
private String loginName; private String password; private String userName; private String userId; private Set<? extends GrantedAuthority> authorities; // 权限
EkUserDetailsService登录认证,我这边没有配置权限,只是为了验证spring-security
package com.ek.security;
import com.ek.bean.base.EkUser;
import com.ek.service.base.IEkUserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
/**
* @ClassName: EkUserDetailsService
* @Description: TODO
* @Author: edi_kai
* @Date: 2019-08-06
* @Version: V2.0
**/
@Component
public class EkUserDetailsService implements UserDetailsService {
private Logger log = LoggerFactory.getLogger(this.getClass());
@Autowired
private IEkUserService userService;
@Override
public UserDetails loadUserByUsername(String loginName) throws UsernameNotFoundException {
EkUserDetails userDetails = null;
EkUser dbUser = userService.selectByLogName(loginName);
if (null != dbUser){
userDetails = new EkUserDetails();
userDetails.setLoginName(dbUser.getLogName());
userDetails.setPassword(dbUser.getPassWord());
userDetails.setUserName(dbUser.getUserName());
}else {
log.error("{} is not exist.", loginName);
throw new UsernameNotFoundException(String.format("%s is not exist.", loginName));
}
return userDetails;
}
}
EkAuthenticationEntryPoint 未登录的配置类
package com.ek.security.handler;
import com.alibaba.fastjson.JSON;
import com.ek.msg.JsonMsg;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @ClassName: EkAuthenticationEntryPoint
* @Description: TODO
* @Author: edi_kai
* @Date: 2019-08-06
* @Version: V2.0
**/
@Component
public class EkAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
httpServletResponse.setHeader("Access-Control-Allow-Credentials","true");
// 设定类容为json的格式
httpServletResponse.setContentType("application/json;charset=UTF-8");
JsonMsg jsonMsg = new JsonMsg();
jsonMsg.setCode(402);
jsonMsg.setMsg("未登录");
httpServletResponse.getWriter().write(JSON.toJSONString(jsonMsg));
httpServletResponse.sendError(402,"未登录");
}
}
EkAuthenticationFailureHandler 认证失败配置类
@Component
public class EkAuthenticationFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
httpServletResponse.setHeader("Access-Control-Allow-Credentials","true");
// 设定类容为json的格式
httpServletResponse.setContentType("application/json;charset=UTF-8");
JsonMsg jsonMsg = new JsonMsg();
jsonMsg.setCode(400);
jsonMsg.setMsg("登录失败");
httpServletResponse.getWriter().write(JSON.toJSONString(jsonMsg));
}
}
EkAuthenticationSuccessHandler 认证成功配置类
@Component
public class EkAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
httpServletResponse.setHeader("Access-Control-Allow-Credentials","true");
// 设定类容为json的格式
httpServletResponse.setContentType("application/json;charset=UTF-8");
JsonMsg jsonMsg = new JsonMsg();
jsonMsg.setCode(200);
jsonMsg.setMsg("登录成功");
httpServletResponse.getWriter().write(JSON.toJSONString(jsonMsg));
}
}
EkPasswordEncoder 密码加密配置类
@Component
public class EkPasswordEncoder implements PasswordEncoder {
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder(14);
@Override
public String encode(CharSequence charSequence) {
System.out.println(charSequence);
System.out.println(passwordEncoder.encode(charSequence));
return passwordEncoder.encode(charSequence);
}
@Override
public boolean matches(CharSequence charSequence, String s) {
System.out.println(String.format("charSequence=%s, s=%s", charSequence, s));
System.out.println(String.format("passwordEncoder.matches=%s", passwordEncoder.matches(charSequence, s)));
return passwordEncoder.matches(charSequence, s);
}
}
到这里配置就算完成了,启动服务就可以看到效果了,没有登录的情况下访问permitAll()链接都会跳转到/index登录页,登录成功后再跳转。
二、JWT认证
我们只需要修改securityconfig配置类,并添加JWT配置即可其他不用修改
修改后的security配置类,我重新定义了个类,把注释去掉即可
package com.ek.security.config;
import com.ek.security.EkUserDetailsService;
import com.ek.security.handler.EkAuthenticationEntryPoint;
import com.ek.security.handler.EkAuthenticationFailureHandler;
import com.ek.security.handler.EkAuthenticationSuccessHandler;
import com.ek.security.jwt.EkJwtAuthorizationTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/**
* @ClassName: EkWebSecurityConfig
* @Description: 前后端分离,后端security安全认证
* @Author: edi_kai
* @Date: 2019-08-06
* @Version: V2.0
**/
//@Configuration
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
public class EkApiSecurityConfig extends WebSecurityConfigurerAdapter {
// @Autowired
// private EkUserDetailsService userDetailsService;
// @Autowired
// private EkAuthenticationEntryPoint authenticationEntryPoint;
// @Autowired
// private EkAuthenticationFailureHandler authenticationFailureHandler;
// @Autowired
// private EkAuthenticationSuccessHandler authenticationSuccessHandler;
// @Autowired
// PasswordEncoder passwordEncoder;
// @Autowired
// EkJwtAuthorizationTokenFilter jwtAuthorizationTokenFilter;
//
// @Override
// protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// // 添加自定义认证
// auth
// .userDetailsService(userDetailsService)
// .passwordEncoder(passwordEncoder)
// ;
// }
// @Override
// protected void configure(HttpSecurity http) throws Exception {
//// http.authorizeRequests().antMatchers("/**").permitAll();
// http.cors().and().csrf().disable()
//// .and()
// .httpBasic().authenticationEntryPoint(authenticationEntryPoint)
// .and()
// .authorizeRequests()
// .antMatchers("/", "/index", "/toLogin", "/fail", "/druid/**").permitAll()
// .anyRequest().authenticated()
// // .access("@rbacauthorityservice.hasPermission(request,authentication)") // RBAC 动态 url 认证
// .and()
// .formLogin()//指定自己的登录页面
// .failureHandler(authenticationFailureHandler)
// .successHandler(authenticationSuccessHandler)
// .and()
// .logout()
// .and()
// .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
// .and()
// .addFilterBefore(jwtAuthorizationTokenFilter, UsernamePasswordAuthenticationFilter.class)
// ;
// }
//
// @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
// @Override
// public AuthenticationManager authenticationManagerBean() throws Exception {
// return super.authenticationManagerBean();
// }
}
JWT配置类
package com.ek.security.jwt;
import com.ek.security.EkUserDetails;
import com.ek.util.redis.EkRedisUtil;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Clock;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.DefaultClock;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
/**
* @ClassName: EkJwtTokenUtil
* @Description: JWT工具类,配合Redis
* @Author: qin_hqing
* @Date: 2019-08-07
* @Version: V2.0
**/
@Component
public class EkJwtTokenUtil implements Serializable {
private Logger log = LoggerFactory.getLogger(this.getClass());
private static final long serialVersionUID = -3301605591108950415L;
// 权限缓存前缀
private static final String REDIS_PREFIX_AUTH = "auth:";
// 用户信息缓存前缀
private static final String REDIS_PREFIX_USER = "user-details:";
@Autowired
private EkRedisUtil redisUtil;
@Value("${jwt.secret}")
private String secret;
@Value("${jwt.expiration}")
private Long expiration;
@Value("${jwt.token_header}")
private String tokenHeader;
private Clock clock = DefaultClock.INSTANCE;
/**
* 生成token
* @param userDetails
* @return
*/
public String generateToken(UserDetails userDetails) {
EkUserDetails ekUserDetails = (EkUserDetails) userDetails;
Map<String, Object> claims = new HashMap<>();
String token = doGenerateToken(claims, ekUserDetails.getLoginName());
String key = String.format("%s%s", REDIS_PREFIX_AUTH, ekUserDetails.getLoginName());
redisUtil.set(key, token, expiration);
return token;
}
private String doGenerateToken(Map<String, Object> claims, String subject) {
final Date createdDate = clock.now();
final Date expirationDate = calculateExpirationDate(createdDate);
return Jwts.builder()
.setClaims(claims)
.setSubject(subject)
.setIssuedAt(createdDate)
.setExpiration(expirationDate)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
}
private Date calculateExpirationDate(Date createdDate) {
return new Date(createdDate.getTime() + expiration);
}
/**
* 校验token是否合法
* @param token
* @return
*/
public Boolean validateToken(String token) {
final String logName = getUsernameFromToken(token);
return StringUtils.isNotEmpty(token)
&& !isTokenExpired(token);
}
/**
* 校验token是否合法
* @param token
* @param userDetails
* @return
*/
public Boolean validateToken(String token, UserDetails userDetails) {
EkUserDetails user = (EkUserDetails) userDetails;
final String logName = getUsernameFromToken(token);
String key = String.format("%s%s", REDIS_PREFIX_AUTH, user.getLoginName());
if (redisUtil.containsKey(key)){
return StringUtils.isNotEmpty(token)
&& token.equals(redisUtil.get(key))
&& (logName.equals(user.getLoginName())
&& !isTokenExpired(token));
}
return false;
}
/**
* 根据token获取登录用户名
* @param token
* @return
*/
public String getUsernameFromToken(String token) {
return getClaimFromToken(token, Claims::getSubject);
}
public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
final Claims claims = getAllClaimsFromToken(token);
return claimsResolver.apply(claims);
}
private Claims getAllClaimsFromToken(String token) {
return Jwts.parser()
.setSigningKey(secret)
.parseClaimsJws(token)
.getBody();
}
private Boolean isTokenExpired(String token) {
final Date expiration = getExpirationDateFromToken(token);
return expiration.before(clock.now());
}
public Date getExpirationDateFromToken(String token) {
return getClaimFromToken(token, Claims::getExpiration);
}
/**
* 添加EkUserDetails缓存
* @param userDetails
*/
public void putUserDetails(UserDetails userDetails){
EkUserDetails user = (EkUserDetails) userDetails;
String key = String.format("%s%s", REDIS_PREFIX_USER, user.getLoginName());
redisUtil.set(key, user, expiration);
}
/**
* 根据token获取EkUserDetails
* @param token
* @return
*/
public UserDetails getUserDetails(String token){
String logName = getUsernameFromToken(token);
String key = String.format("%s%s", REDIS_PREFIX_USER, logName);
if (redisUtil.containsKey(key)){
return redisUtil.get(key, EkUserDetails.class);
}
return null;
}
}
package com.ek.security.jwt;
import com.ek.bean.base.EkUser;
import com.ek.security.EkUserDetails;
import com.ek.service.base.IEkUserService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @ClassName: EkJwtAuthorizationTokenFilter
* @Description: JWT拦截器,对token进行验证
* @Author: qin_hqing
* @Date: 2019-08-07
* @Version: V2.0
**/
@Component
public class EkJwtAuthorizationTokenFilter extends OncePerRequestFilter {
@Value("${jwt.token_header}")
private String EK_TOKEN_HEADER;
@Value("${jwt.token_prefix}")
private String EK_TOKEN_PREFIX;
@Autowired
private EkJwtTokenUtil jwtTokenUtil;
@Autowired
private IEkUserService userService;
@Override
protected void doFilterInternal(
HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
FilterChain filterChain) throws ServletException, IOException {
String authHeader = httpServletRequest.getHeader(this.EK_TOKEN_HEADER);
if (StringUtils.isNotEmpty(authHeader) && authHeader.startsWith(this.EK_TOKEN_PREFIX)){
final String authToken = StringUtils.substring(authHeader, this.EK_TOKEN_PREFIX.length());
String logName = StringUtils.isNoneEmpty(authToken) ? jwtTokenUtil.getUsernameFromToken(authToken) : null;
if (StringUtils.isNotEmpty(logName) && SecurityContextHolder.getContext().getAuthentication() == null){
EkUser user = userService.selectByLogName(logName);
EkUserDetails userDetails = new EkUserDetails();
userDetails.setPassword(user.getPassWord());
userDetails.setLoginName(user.getLogName());
userDetails.setUserName(user.getUserName());
userDetails.setUserId(StringUtils.join(user.getId()));
if (jwtTokenUtil.validateToken(authToken, userDetails)){
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
userDetails,
null,
userDetails.getAuthorities()
);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
}
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}
三、在二的基础上只修改securityconfig配置类即可
package com.ek.security.config;
import com.ek.security.EkUserDetailsService;
import com.ek.security.handler.EkAuthenticationEntryPoint;
import com.ek.security.handler.EkAuthenticationFailureHandler;
import com.ek.security.handler.EkAuthenticationSuccessHandler;
import com.ek.security.handler.EkPasswordEncoder;
import com.ek.security.jwt.EkJwtAuthorizationTokenFilter;
import com.ek.security.jwt.EkJwtTokenUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@EnableWebSecurity
public class EkMultiSecurityConfig {
@Autowired
private EkUserDetailsService userDetailsService;
@Autowired
private EkAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private EkAuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private EkAuthenticationSuccessHandler authenticationSuccessHandler;
@Autowired
private EkPasswordEncoder passwordEncoder;
@Configuration
@Order(1)
public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private EkJwtAuthorizationTokenFilter jwtAuthorizationTokenFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/**") //<= Security only available for /api/**
.authorizeRequests()
.antMatchers("/api/register").permitAll()
.antMatchers("/api/login").permitAll()
.antMatchers("/api/public").permitAll()
.antMatchers("/api/lost").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.failureHandler(authenticationFailureHandler)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilterBefore(jwtAuthorizationTokenFilter, UsernamePasswordAuthenticationFilter.class)
;
}
}
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 添加自定义认证
auth
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder)
;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// http.authorizeRequests().antMatchers("/**").permitAll();
http.csrf().disable()
// .and()
.httpBasic().authenticationEntryPoint(authenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers("/", "/index", "/toLogin", "/fail", "/druid/**").permitAll()
.antMatchers("/resources/**").permitAll()
.anyRequest().authenticated()
// .access("@rbacauthorityservice.hasPermission(request,authentication)") // RBAC 动态 url 认证
.and()
.formLogin().loginPage("/index") //指定自己的登录页面
.loginProcessingUrl("/toLogin")
.usernameParameter("logName")
.passwordParameter("password")
.defaultSuccessUrl("/success", false)
.failureHandler(authenticationFailureHandler)
// .successHandler(authenticationSuccessHandler)
.and()
.logout()
;
}
}
}
用到的其他类
@RestController
@RequestMapping("/users")
public class EkUserController {
private Logger log = LoggerFactory.getLogger(this.getClass());
@Autowired
private IEkUserService ekUserService;
@RequestMapping(value = "", method = RequestMethod.GET)
public JsonMsg getEkUserList(){
log.info("--------------------列表--------------------------------");
JsonMsg jsonMsg = new JsonMsg();
List<EkUser> list = ekUserService.selectUserList(new HashMap<>());
jsonMsg.setCode(200);
jsonMsg.setMsg("success");
jsonMsg.setData(list);
return jsonMsg;
}
}
@RestController
public class LoginController {
private Logger log = LoggerFactory.getLogger(this.getClass());
@Autowired
private IEkUserService ekUserService;
@RequestMapping(value = {"", "/index"})
public ModelAndView index(){
log.info("--------------------首页--------------------------------");
return new ModelAndView("index");
}
@RequestMapping(value = "/fail")
public ModelAndView fail(){
log.info("--------------------fail--------------------------------");
return new ModelAndView("fail");
}
@RequestMapping(value = "/toLogin", method = RequestMethod.POST)
public ModelAndView toLogin(){
log.info("--------------------toLogin--------------------------------");
return new ModelAndView("success");
}
@RequestMapping(value = "/success")
public ModelAndView success(){
log.info("--------------------success--------------------------------");
return new ModelAndView("success");
}
}
说明:
关于druid监控登录的问题,我把它放到了下面这个地方,网上查资料说是添加http.csrf().ignoringAntMatchers("/druid/*")就行,但是我添加后并没有成功。
.antMatchers("/", "/index", "/toLogin", "/fail", "/druid/**").permitAll()