关于SpringSecurity配置403权限访问页面的完整代码

目录1、未配置之前2、开始配置2.1 新建一个unauth.html2.2 在继承WebSecurityConfigurerAdapter的配置类中设置2.3 继承UserDetailsService接口的实现类3、测试

1、未配置之前

2、开始配置

2.1 新建一个unauth.html

<!DOCTYPE html><html lang="en"><head>    <meta charset="UTF-8">    <title>Title</title></head><body><h1>没有访问的权限</h1></body></html>

2.2 在继承WebSecurityConfigurerAdapter的配置类中设置

关键代码:

//配置没有权限访问自定义跳转的页面  http.exceptionHandling()  .accessDeniedPage("/unauth.html");

配置类完整代码:

package com.atguigu.springsecuritydemo1.config;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;@Configurationpublic class SecurityConfigTest extends WebSecurityConfigurerAdapter {    @Autowired    private UserDetailsService userDetailsService;    @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        auth.userDetailsService(userDetailsService).passwordEncoder(password());    }    @Bean    PasswordEncoder password(){       return new BCryptPasswordEncoder();    }    @Override    protected void configure(HttpSecurity http) throws Exception {        //退出配置        http.logout().logoutUrl("/logout")                .logoutSuccessUrl("/test/hello")                .permitAll();        //配置没有权限访问自定义跳转的页面        http.exceptionHandling().accessDeniedPage("/unauth.html");        http.formLogin()             //自定义自己编写的登陆页面            .loginPage("/login.html")    //登录页面设置            .loginProcessingUrl("/user/login") //登录访问路径            .defaultSuccessUrl("/success.html").permitAll()    //登录成功之后,跳转路径            .and().authorizeRequests()               //设置哪些路径可以直接访问,不需要认证                .antMatchers("/","/test/hello","/user/login").permitAll()                //当前登录的用户,只有具有admins权限才可以访问这个路径               //1、hasAuthority方法               //.antMatchers("/test/index").hasAuthority("admins")               //2、hasAnyAuthority方法              // .antMatchers("/test/index").hasAnyAuthority("admins,manager")              //3、hasRole方法  ROLE_sale               .antMatchers("/test/index").hasRole("sale")                //4、hasAnyRole方法            .anyRequest().authenticated()            .and().csrf().disable();    //关闭csrf防护    }}

2.3 继承UserDetailsService接口的实现类

package com.atguigu.springsecuritydemo1.service;import com.atguigu.springsecuritydemo1.entity.Users;import com.atguigu.springsecuritydemo1.mapper.UsersMapper;import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.AuthorityUtils;import org.springframework.security.core.userdetails.User;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.stereotype.Service;import java.util.List;@Service("userDetailsService")public class MyUserDetailService implements UserDetailsService {    @Autowired    private UsersMapper usersMapper;    @Override    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {        //调用userMapper中的方法,根据用户名查询数据库        QueryWrapper<Users> wrapper=new QueryWrapper<>();//条件构造器        //where username=?        wrapper.eq("username",username);        Users users= usersMapper.selectOne(wrapper);        //判断        if(users==null){    //数据库没有用户名,认证失败            throw new UsernameNotFoundException("用户名不存在!");        }        List<GrantedAuthority> auths= AuthorityUtils.commaSeparatedStringToAuthorityList("admins,ROLE_sale");        //从查询数据库返回user对象,得到用户名和密码,返回        return new User(users.getUsername(),new BCryptPasswordEncoder().encode(users.getPassword()),auths);    }}

3、测试

现在我故意将原先的sale改为sale1制造错误

启动项目并访问http://localhost:8111/test/index

输入lucy 123

成功实现

以上就是SpringSecurity配置403权限访问页面的详细内容,更多关于SpringSecurity权限访问页面的资料请关注其它相关文章!

勇气执着的背负起那厚重的行囊,奔向远方。

关于SpringSecurity配置403权限访问页面的完整代码

相关文章:

你感兴趣的文章:

标签云: