package com.ljh.config; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpStatus; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import javax.servlet.http.HttpServletResponse; import java.util.HashMap; /** * @author lijiahao * @date 2022/2/7 12:49 */ @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .mvcMatchers("/code11","/doLogin") .permitAll() .anyRequest().authenticated() .and() .formLogin() .and() .exceptionHandling() .authenticationEntryPoint((httpServletRequest, httpServletResponse, e) -> { httpServletResponse.setContentType("application/json;charset=utf-8"); httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); httpServletResponse.getWriter().println("必须认证后才能访问"); }) .and() .logout() .and() .csrf() .disable(); } @Override @Bean public UserDetailsService userDetailsService(){ InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager(); inMemoryUserDetailsManager.createUser(User.withUsername("root").password("{noop}123").roles("admin").build()); return inMemoryUserDetailsManager; } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService()); } @Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Bean public KpatchaFilter kpatchaFilter() throws Exception { KpatchaFilter kpatchaFilter = new KpatchaFilter(); kpatchaFilter.setFilterProcessesUrl("/doLogin"); kpatchaFilter.setUsernameParameter("username"); kpatchaFilter.setPasswordParameter("pwd"); kpatchaFilter.setAuthenticationManager(authenticationManagerBean()); kpatchaFilter.setAuthenticationSuccessHandler((req,response,authentication)->{ HashMap<String, Object> result = new HashMap<>(); result.put("msg","登陆成功"); result.put("用户信息",authentication.getPrincipal()); response.setContentType("application/json;charset=UTF-8"); response.setStatus(HttpStatus.OK.value()); String s = new ObjectMapper().writeValueAsString(result); response.getWriter().println(s); }); kpatchaFilter.setAuthenticationFailureHandler((req,response,exception)->{ HashMap<String, Object> result = new HashMap<>(); result.put("msg","登陆失败"); result.put("失败原因",exception.getMessage()); response.setContentType("application/json;charset=UTF-8"); response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); String s = new ObjectMapper().writeValueAsString(result); response.getWriter().println(s); }); return kpatchaFilter; } }