登录成功后不响应成功的cookie
这导致我无法访问其它受限资源。
下面是securityConfig的配置
package com.loner.security.config;
import com.loner.security.SecurityComponents.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class securityConfig {
private final UserDetailsServiceImpl userDetailsServiceImpl;
@Autowired
public securityConfig(UserDetailsServiceImpl userDetailsServiceImpl) {
this.userDetailsServiceImpl = userDetailsServiceImpl;
}
// /**
// * 密码明文加密方式配置
// * @return
// */
// @Bean
// public PasswordEncoder passwordEncoder() {
// return new BCryptPasswordEncoder();
// }
/**
* 自定义登录过滤器的配置
*/
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration)
throws Exception {
return configuration.getAuthenticationManager();
}
//请求接收和校验并调用AuthenticationManager验证
@Bean
public LoginFilter loginFilter(AuthenticationManager authenticationManager) {
LoginFilter loginFilter = new LoginFilter();
loginFilter.setFilterProcessesUrl("/login");
// 可以自定义用户名和密码的 key
loginFilter.setUsernameParameter("username");
loginFilter.setPasswordParameter("password");
//调用AuthenticationManager处理用户名和密码的校验
loginFilter.setAuthenticationManager(authenticationManager);
//登录成功处理
loginFilter.setAuthenticationSuccessHandler(new MyAuthenticationSuccessHandler());
//登录失败处理
loginFilter.setAuthenticationFailureHandler(new MyAuthenticationFailureHandler());
return loginFilter;
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
// 关闭 csrf 防御
.csrf(AbstractHttpConfigurer::disable)
// // 基于 token,不需要 session
// .sessionManagement((sessionManagement) ->
// sessionManagement
// .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
//设置请求授权规则
.authorizeHttpRequests(authorizeHttpRequests ->
authorizeHttpRequests
// 设置所有的请求都需要认证
.anyRequest().authenticated())
//表单认证
.formLogin(login ->login.loginProcessingUrl("/login"))
// 指定我们的 loginFilter 添加到过滤器链的位置
.addFilterAt(loginFilter(http.getSharedObject(AuthenticationManager.class)),
UsernamePasswordAuthenticationFilter.class)
// 指定我们自定义的 Service 实现类
.userDetailsService(userDetailsServiceImpl)
.exceptionHandling(exceptionHandling ->
exceptionHandling
//未登录异常处理
.authenticationEntryPoint(new MyAuthenticationEnryPoint())
//权限不足异常处理
.accessDeniedHandler(new MyAccessDeniedHandler())
)
// 开启注销功能
.logout((logout) ->
logout.deleteCookies()
.invalidateHttpSession(false)
//添加注销的多实现
.logoutRequestMatcher(new OrRequestMatcher(
new AntPathRequestMatcher("/dologout",HttpMethod.DELETE.name()),
new AntPathRequestMatcher("/dologout",HttpMethod.GET.name())
))
//注销成功处理
.logoutSuccessHandler(new MyLogoutSuccessHandler()));
return http.build();
}
}
我是最近才学习springsecurity的,所有配置也不是很懂。而且我看的教程是老版的,配置的方法和我的也不一样,我人都学嘛了!