代码拉取完成,页面将自动刷新
基于Spring Security的二次封装安全框架,配置简单易懂,使用方便,已集成90%的内容,只需实现少量内容即可使用Spring Security安全框架
1. Spring Security 5.0.8.RELEASE
2. spring framework 5.0.8.RELEASE
3. slf4j 1.7.25
下载源码,打包引入
package com.xbd.xbdframework.security.test.config;
import com.xbd.xbdframework.security.configure.AbstractWebSecurityConfigurer;
import com.xbd.xbdframework.security.configure.WebSecurityProperties;
import com.xbd.xbdframework.security.service.ResourcesLoaderService;
import com.xbd.xbdframework.security.service.UserLoaderService;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class SpringSecurityConfig extends AbstractWebSecurityConfigurer {
@Bean
@ConfigurationProperties(prefix = "xbd.security")
@Override
public WebSecurityProperties webSecurityProperties() {
return super.webSecurityProperties();
}
@Override
protected UserLoaderService userLoaderService() {
return new UserLoaderServiceImpl();
}
@Override
public ResourcesLoaderService resourcesLoaderService() {
return new ResourcesLoaderServiceImpl();
}
}
配置项 | 说明 | 默认值 |
loginProcessingUrl | spring security默认拦截路径 | 无,spring security默认为/login |
loginPage | 登录页 | /login,spring security默认为/login |
defaultSuccessUrl | 登录成功页 | 无 |
defaultFailureUrl | 默认登录失败页 | loginPage?type=LoginType.FAILURE |
captchaErrorUrl | 验证码错误页 | loginPage?type=LoginType.CAPTCHAERROR |
otherExceptionUrl | 其它异常页 | loginPage?type=LoginType.OTHEREXCEPTION |
defaultSsoLoginUrl | 默认单点登录页 | /sso/login |
配置项 | 说明 | 默认值 |
unAuthenticateUrls | 不授权即可访问的路径 | 无 |
webIgnoreUrls | spring security忽略资源路径 | "/config/**", "/css/**", "/fonts/**", "/img/**", "/js/**" |
配置项 | 说明 | 默认值 |
sessionInvalidUrl | 无效session跳转页 | loginPage?type=LoginType.SESSIONINVALID |
sessionExpiredUrl | session失效跳转页 | loginPage?type=LoginType.SESSIONEXPIRED |
maximumSessions | session最大值 | 1 |
maxSessionsPreventsLogin | session达到最大值之后是否阻值后续登录 | true |
后续扩展
配置项 | 说明 | 默认值 |
logoutUrl | 退出登录页 | 无,spring security默认为/logout |
logoutSuccessUrl | 退出登录成功页 | 无,spring security默认为/login?logout |
invalidateHttpSession | 是否将session置为无效 | true |
clearAuthentication | 是否清除授权信息 | true |
package com.xbd.xbdframework.security.test.service;
import com.xbd.xbdframework.security.service.UserLoaderService;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
public class UserLoaderServiceImpl implements UserLoaderService {
@Override
public UserDetails getUserByUsername(String s) {
return new User("账号", "密码", AuthorityUtils.createAuthorityList(new String[] {}));
}
@Override
public UserDetails getUserBySignature(String s) {
return new User("账号", "密码", AuthorityUtils.createAuthorityList(new String[] {}));
}
}
package com.xbd.xbdframework.security.test.service;
import com.xbd.xbdframework.security.service.ResourcesLoaderService;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
public class ResourcesLoaderServiceImpl implements ResourcesLoaderService {
@Override
public Map<String, Collection<String>> loadResources() {
return new HashMap<>();
}
}
package com.xbd.xbdframework.security.test.config;
import com.xbd.xbdframework.security.configure.AbstractWebSecurityConfigurer;
import com.xbd.xbdframework.security.configure.WebSecurityProperties;
import com.xbd.xbdframework.security.service.ResourcesLoaderService;
import com.xbd.xbdframework.security.service.UserLoaderService;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class SpringSecurityConfig extends AbstractWebSecurityConfigurer {
@Bean
@ConfigurationProperties(prefix = "xbd.security")
@Override
public WebSecurityProperties webSecurityProperties() {
return super.webSecurityProperties();
}
@Override
protected UserLoaderService userLoaderService() {
return new UserLoaderServiceImpl();
}
@Override
public ResourcesLoaderService resourcesLoaderService() {
return new ResourcesLoaderServiceImpl();
}
}
1. 密码加密方式默认为BCryptPasswordEncoder,如有需要,可覆盖
2. invalidateHttpSession属性为true时,/login?logout默认302到session失效页,为false时,可停留在/login?logout页
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
1. 开源生态
2. 协作、人、软件
3. 评估模型