快捷導(dǎo)航

關(guān)于SpringSecurity配置403權(quán)限訪(fǎng)問(wèn)頁(yè)面的完整代碼

更新時(shí)間：2021年06月19日 14:47:34 作者：別團(tuán)等shy哥發(fā)育

本文給大家分享SpringSecurity配置403權(quán)限訪(fǎng)問(wèn)頁(yè)面的完整代碼，配置之前和配置之后的詳細(xì)介紹，代碼簡(jiǎn)單易懂，對(duì)大家的學(xué)習(xí)或工作具有一定的參考借鑒價(jià)值，需要的朋友參考下吧

1、未配置之前

在這里插入圖片描述

2、開(kāi)始配置

2.1 新建一個(gè)unauth.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<h1>沒(méi)有訪(fǎng)問(wèn)的權(quán)限</h1>
</body>
</html>

2.2 在繼承WebSecurityConfigurerAdapter的配置類(lèi)中設(shè)置

關(guān)鍵代碼：

//配置沒(méi)有權(quán)限訪(fǎng)問(wèn)自定義跳轉(zhuǎn)的頁(yè)面
  http.exceptionHandling()
  .accessDeniedPage("/unauth.html");

配置類(lèi)完整代碼：

package com.atguigu.springsecuritydemo1.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class SecurityConfigTest extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(password());
    }

    @Bean
    PasswordEncoder password(){
       return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //退出配置
        http.logout().logoutUrl("/logout")
                .logoutSuccessUrl("/test/hello")
                .permitAll();

        //配置沒(méi)有權(quán)限訪(fǎng)問(wèn)自定義跳轉(zhuǎn)的頁(yè)面
        http.exceptionHandling().accessDeniedPage("/unauth.html");
        http.formLogin()             //自定義自己編寫(xiě)的登陸頁(yè)面
            .loginPage("/login.html")    //登錄頁(yè)面設(shè)置
            .loginProcessingUrl("/user/login") //登錄訪(fǎng)問(wèn)路徑
            .defaultSuccessUrl("/success.html").permitAll()    //登錄成功之后，跳轉(zhuǎn)路徑
            .and().authorizeRequests()
               //設(shè)置哪些路徑可以直接訪(fǎng)問(wèn)，不需要認(rèn)證
                .antMatchers("/","/test/hello","/user/login").permitAll()
                //當(dāng)前登錄的用戶(hù)，只有具有admins權(quán)限才可以訪(fǎng)問(wèn)這個(gè)路徑
               //1、hasAuthority方法
               //.antMatchers("/test/index").hasAuthority("admins")
               //2、hasAnyAuthority方法
              // .antMatchers("/test/index").hasAnyAuthority("admins,manager")
              //3、hasRole方法  ROLE_sale
               .antMatchers("/test/index").hasRole("sale")
                //4、hasAnyRole方法

            .anyRequest().authenticated()
            .and().csrf().disable();    //關(guān)閉csrf防護(hù)
    }
}

2.3 繼承UserDetailsService接口的實(shí)現(xiàn)類(lèi)

package com.atguigu.springsecuritydemo1.service;

import com.atguigu.springsecuritydemo1.entity.Users;
import com.atguigu.springsecuritydemo1.mapper.UsersMapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;

import java.util.List;

@Service("userDetailsService")
public class MyUserDetailService implements UserDetailsService {

    @Autowired
    private UsersMapper usersMapper;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        //調(diào)用userMapper中的方法，根據(jù)用戶(hù)名查詢(xún)數(shù)據(jù)庫(kù)
        QueryWrapper<Users> wrapper=new QueryWrapper<>();//條件構(gòu)造器
        //where username=?
        wrapper.eq("username",username);
        Users users= usersMapper.selectOne(wrapper);
        //判斷
        if(users==null){    //數(shù)據(jù)庫(kù)沒(méi)有用戶(hù)名，認(rèn)證失敗
            throw new UsernameNotFoundException("用戶(hù)名不存在！");
        }

        List<GrantedAuthority> auths= AuthorityUtils.commaSeparatedStringToAuthorityList("admins,ROLE_sale");
        //從查詢(xún)數(shù)據(jù)庫(kù)返回user對(duì)象，得到用戶(hù)名和密碼，返回
        return new User(users.getUsername(),new BCryptPasswordEncoder().encode(users.getPassword()),auths);
    }

}

3、測(cè)試

現(xiàn)在我故意將原先的sale改為sale1制造錯(cuò)誤

在這里插入圖片描述

啟動(dòng)項(xiàng)目并訪(fǎng)問(wèn)http://localhost:8111/test/index

在這里插入圖片描述

輸入lucy 123

在這里插入圖片描述

成功實(shí)現(xiàn)

以上就是SpringSecurity配置403權(quán)限訪(fǎng)問(wèn)頁(yè)面的詳細(xì)內(nèi)容，更多關(guān)于SpringSecurity權(quán)限訪(fǎng)問(wèn)頁(yè)面的資料請(qǐng)關(guān)注腳本之家其它相關(guān)文章！

您可能感興趣的文章: