当前位置：首页 > article >正文

springboot3.4.5-springsecurity+session

article 2025/9/12 18:27:32

创建springboot项目，添加以下依赖：

Lombok
Spring Web
Spring Security
Spring Data JDBC
MyBatis Framework
MySQL Driver

添加fastjson2进行序列化和反序列化

        <dependency><groupId>com.alibaba.fastjson2</groupId><artifactId>fastjson2</artifactId><version>2.0.51</version></dependency>

创建一个用户实体类

@Data
public class SysUser {private Integer id;private String userName;private String password;private String email;
}

创建一个Mapper接口，用于查询用户数据

@Mapper
public interface SysUserMapper {@Select("select id,user_name,password,email from sys_user where user_name = #{text} or email = #{text}")SysUser findSysUserByNameOrEmail(String text);
}

自定义UserDetailsService，用于通过用户提交的信息，查询数据库的用户数据，并返回。

@Service
public class MyUserDetailsService implements UserDetailsService {@Resourceprivate SysUserMapper sysUserMapper;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {if(username==null){throw new UsernameNotFoundException("用户名不能为空");}SysUser sysUser = sysUserMapper.findSysUserByNameOrEmail(username);if(sysUser==null){throw new UsernameNotFoundException("用户名或密码错误");}return User.withUsername(sysUser.getUserName()).password(sysUser.getPassword()).build();}
}

创建一个过滤链，修改springsecurtiy的默认配置，使用自定义配置

@Configuration
public class SecurityConfig {@Resourceprivate MyUserDetailsService myUserDetailsService;@Beanpublic SecurityFilterChain filterChain(HttpSecurity http) throws Exception {HttpSecurity chain = http.csrf(AbstractHttpConfigurer::disable);chain.authorizeHttpRequests(auth->auth.anyRequest().authenticated());chain.formLogin(form->form.loginProcessingUrl("/api/auth/login").successHandler(new MySuccessHandler()).failureHandler(new MyFailureHandler()));chain.userDetailsService(myUserDetailsService);chain.logout(logout->logout.logoutUrl("/api/auth/logout"));return chain.build();}
}

认证成功，返回信息定制，

public class MySuccessHandler implements AuthenticationSuccessHandler {@Overridepublic void onAuthenticationSuccess(HttpServletRequest req, HttpServletResponse res, Authentication auth) throws IOException, ServletException {res.setContentType("application/json;charset=utf-8");res.getWriter().write(JSONObject.toJSONString(Result.success("登录成功")));}
}

认证失败，返回信息定制，

public class MyFailureHandler implements AuthenticationFailureHandler {@Overridepublic void onAuthenticationFailure(HttpServletRequest req, HttpServletResponse res, AuthenticationException exception) throws IOException, ServletException {res.setContentType("application/json;charset=utf-8");res.getWriter().write(JSONObject.toJSONString(Result.failure(401,exception.getMessage())));}
}

查看全文

http://www.lryc.cn/news/2383384.html