SpringBoot使用Spring Security实现登录注销功能

1.首先看下我的项目结构

我们逐个讲解

/**
* 用户登录配置类
* @author Administrator
*
*/
public class AdminUserDateils implements UserDetails {

private static final long serialVersionUID = -1546619839676530441L;

private transient YCAdmin yCAdmin;

public AdminUserDateils() {
}

public AdminUserDateils(YCAdmin yCAdmin) {
 if (yCAdmin != null) {
  this.yCAdmin = yCAdmin;
 }
}

public YCAdmin getyCAdmin() {
return yCAdmin;
}

public void setyCAdmin(YCAdmin yCAdmin) {
this.yCAdmin = yCAdmin;
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
Collection<GrantedAuthority> authorities = new ArrayList<>();
 SimpleGrantedAuthority authority = new SimpleGrantedAuthority("admin");
 authorities.add(authority);
 return authorities;
}
//用户名密码
@Override
public String getPassword() {

return yCAdmin.getAdminPassword();
}
//账号
@Override
public String getUsername() {

return yCAdmin.getAdminAccount();
}

@Override
public boolean isAccountNonExpired() {

return true;
}

@Override
public boolean isAccountNonLocked() {

return true;
}

@Override
public boolean isCredentialsNonExpired() {

return true;
}

@Override
public boolean isEnabled() {

return true;
}

}

首先以上AdminUserDateils类是配置用户登录成功后，来存储用户登录的信息

/**
* Spring-Security
* @author Administrator
*
*/
@Service
public class AdminCustomerDetailsService implements UserDetailsService{

@Autowired
private YCAdminMapper yCAdminMapper;

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
YCAdmin ycAdmin= yCAdminMapper.selectYCAdminByAccount(username);
if(ycAdmin==null) {

throw new UsernameNotFoundException("未找到该用户！！");
}
//配置的AdminUserDateils
AdminUserDateils adminUserDateils = new AdminUserDateils(ycAdmin);
return adminUserDateils;
}
}

以上AdminCustomerDetailsService是根据查找用户名的，需要实现UserDetailsService接口的loadUserByUsername的方法也就是会找用户名，这个根据mapper层，也就是数据库查找，返回只也就是刚才配置的AdminUserDateils类

public class YhPasswordEncoder implements PasswordEncoder{

@Override
public String encode(CharSequence rawPassword) {
return Des3.encrypt(rawPassword.toString());
}

@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
// TODO Auto-generated method stub
return encode(rawPassword).equals(encodedPassword);
}

}

以上YhPasswordEncoder 需要继承是我们PasswordEncoder配置用户密码加密的，这里的加密可以按照自己业务需求来使用加密，按照这样换一种加密类型就可以了。

public class AdminSecurityConfiguration {

@Configuration
@Order(2)
@EnableWebSecurity
public static class ClientSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AdminCustomerDetailsService adminCustomerDetailsService;

@Value("${yunhui.admin.urlContext:/houtai}")
private String adminUrlContext;

@Value("${yunhui.admin.noLoginUrls:}")
private String noLoginUrls;

@Override
protected void configure(HttpSecurity http) throws Exception {

//循环获取用户不需要验证url（这里是记录在yml）
List<String> clientNoLoginUrls = new ArrayList<String>();
if (!noLoginUrls.isEmpty()) {
for (String s : noLoginUrls.split(",")) {
clientNoLoginUrls.add(adminUrlContext + s);
}
}
http.
//需要验证登录的url
antMatcher(adminUrlContext + "/**").authorizeRequests()
//不需登录验证的url
.antMatchers(clientNoLoginUrls.toArray(new String[0])).permitAll()
.anyRequest().authenticated().and()
//开启表单验证
.formLogin().
//验证登录的url
loginProcessingUrl("/houtai/login")
//登录的页面
.loginPage("/houtai/login")
//登录成功后跳转
.defaultSuccessUrl("/houtai").permitAll().and()
//注销登录的url
.logout().logoutUrl("/houtai/loginout")
//注销之后跳转的页面
.logoutSuccessUrl("/houtai")
.and().rememberMe().and().csrf().disable();;

}

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
//需要哪个service，和验证密码的方式，刚才我们都配置了
auth.userDetailsService(adminCustomerDetailsService).passwordEncoder(new YhPasswordEncoder());
}
}

最后就是配置首先开启
@Configuration
@EnableWebSecurity
的注解

一个是我们刚才配置的service
其他两个两个变量是在配置文件配置的

最后配置我们表单验证就可以了input的name必须是username和password，除非重新配置了，
action="/houtai/login"就是直接这样就可以实现登录了

如果有HttpSecurity配置的细节问题可以提问

补充可以自己配置登录成功和失败类

来源：https://blog.csdn.net/hunwgh/article/details/108725367