環境搭建 · Java后端框架Ⅲ

**1. pom中引入spring-boot-starter-security依賴** ```xml <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-devtools</artifactId> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>1.18.24</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.80</version> </dependency> </dependencies> ``` **2. 實現UserDetailsService接口定義認證邏輯** ```java @Service public class LoginServiceImpl implements UserDetailsService { @Autowired private AccountService accountService; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //根據username查詢數據庫 Account account = accountService.findByUsername(username); if (account == null) { throw new UsernameNotFoundException("用戶名不存在！"); } //用戶權限 List<GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList("admin"); return new User(username, account.getPassword(), authorities); } } ``` **3. 實現接口AuthenticationEntryPoint以屏蔽Spring Security重定向登錄頁面** 在非前后端分離的情況下，如果沒有登錄，則會自動重定向到登錄頁面。這里是前后端分離，需要返回的是 json 字符串，所以需要實現接口 AuthenticationEntryPoint 以屏蔽 Spring Security 重定向登錄頁面。 ```java @Component public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException ex) throws IOException, ServletException { Map<String, Object> map = new HashMap<>(16); map.put("code", 1000); map.put("message", "未登錄!"); response.setContentType("text/json;charset=utf-8"); response.getWriter().write(JSON.toJSONString(map)); } } ``` **4. 繼承Spring Security核心配置類：WebSecurityConfigurerAdapter** ```java @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private CustomAuthenticationEntryPoint authenticationEntryPoint; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { //注冊UserDetailsService接口 auth.userDetailsService(userDetailsService()); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/account/show") .hasAuthority("admin") .and() .exceptionHandling() //注冊AuthenticationEntryPoint .authenticationEntryPoint(authenticationEntryPoint); //允許跨域請求 http.cors(); //關閉csrf http.csrf().disable(); } /** * 注入UserDetailsService接口實現類 */ @Override @Bean public UserDetailsService userDetailsService() { return new LoginServiceImpl(); } /** * 注入BCryptPasswordEncoder密碼處理器 * @return */ @Bean public BCryptPasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } } ``` **5. SpringBoot配置允許跨域請求** ```java @Configuration public class CustomWebMvcConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("*") .allowedMethods("*") .allowedHeaders("*") .allowCredentials(true); } } ``` **6. 創建一個controller層方便演示** ```java @RestController @RequestMapping("/account") public class AccountController { @RequestMapping("/show") public String show() { return "Account!"; } } ``` **7. postman演示結果** 未登錄訪問 http://localhost:8080/account/show ，可見成功返回我們自定義的 json 數據。 ```json { "code": 1000, "message": "未登錄!" } ```