1、未配置之前
2、开始配置
2.1 新建一个unauth.html
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>title</title>
</head>
<body>
<h1>没有访问的权限</h1>
</body>
</html>
2.2 在继承websecurityconfigureradapter的配置类中设置
关键代码:
//配置没有权限访问自定义跳转的页面 http.exceptionhandling() .accessdeniedpage("/unauth.html");
配置类完整代码:
package com.atguigu.springsecuritydemo1.config;
import org.springframework.beans.factory.annotation.autowired;
import org.springframework.context.annotation.bean;
import org.springframework.context.annotation.configuration;
import org.springframework.security.config.annotation.authentication.builders.authenticationmanagerbuilder;
import org.springframework.security.config.annotation.web.builders.httpsecurity;
import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter;
import org.springframework.security.core.userdetails.userdetailsservice;
import org.springframework.security.crypto.bcrypt.bcryptpasswordencoder;
import org.springframework.security.crypto.password.passwordencoder;
@configuration
public class securityconfigtest extends websecurityconfigureradapter {
@autowired
private userdetailsservice userdetailsservice;
@override
protected void configure(authenticationmanagerbuilder auth) throws exception {
auth.userdetailsservice(userdetailsservice).passwordencoder(password());
}
@bean
passwordencoder password(){
return new bcryptpasswordencoder();
}
@override
protected void configure(httpsecurity http) throws exception {
//退出配置
http.logout().logouturl("/logout")
.logoutsuccessurl("/test/hello")
.permitall();
//配置没有权限访问自定义跳转的页面
http.exceptionhandling().accessdeniedpage("/unauth.html");
http.formlogin() //自定义自己编写的登陆页面
.loginpage("/login.html") //登录页面设置
.loginprocessingurl("/user/login") //登录访问路径
.defaultsuccessurl("/success.html").permitall() //登录成功之后,跳转路径
.and().authorizerequests()
//设置哪些路径可以直接访问,不需要认证
.antmatchers("/","/test/hello","/user/login").permitall()
//当前登录的用户,只有具有admins权限才可以访问这个路径
//1、hasauthority方法
//.antmatchers("/test/index").hasauthority("admins")
//2、hasanyauthority方法
// .antmatchers("/test/index").hasanyauthority("admins,manager")
//3、hasrole方法 role_sale
.antmatchers("/test/index").hasrole("sale")
//4、hasanyrole方法
.anyrequest().authenticated()
.and().csrf().disable(); //关闭csrf防护
}
}
2.3 继承userdetailsservice接口的实现类
package com.atguigu.springsecuritydemo1.service;
import com.atguigu.springsecuritydemo1.entity.users;
import com.atguigu.springsecuritydemo1.mapper.usersmapper;
import com.baomidou.mybatisplus.core.conditions.query.querywrapper;
import org.springframework.beans.factory.annotation.autowired;
import org.springframework.security.core.grantedauthority;
import org.springframework.security.core.authority.authorityutils;
import org.springframework.security.core.userdetails.user;
import org.springframework.security.core.userdetails.userdetails;
import org.springframework.security.core.userdetails.userdetailsservice;
import org.springframework.security.core.userdetails.usernamenotfoundexception;
import org.springframework.security.crypto.bcrypt.bcryptpasswordencoder;
import org.springframework.stereotype.service;
import java.util.list;
@service("userdetailsservice")
public class myuserdetailservice implements userdetailsservice {
@autowired
private usersmapper usersmapper;
@override
public userdetails loaduserbyusername(string username) throws usernamenotfoundexception {
//调用usermapper中的方法,根据用户名查询数据库
querywrapper<users> wrapper=new querywrapper<>();//条件构造器
//where username=?
wrapper.eq("username",username);
users users= usersmapper.selectone(wrapper);
//判断
if(users==null){ //数据库没有用户名,认证失败
throw new usernamenotfoundexception("用户名不存在!");
}
list<grantedauthority> auths= authorityutils.commaseparatedstringtoauthoritylist("admins,role_sale");
//从查询数据库返回user对象,得到用户名和密码,返回
return new user(users.getusername(),new bcryptpasswordencoder().encode(users.getpassword()),auths);
}
}
3、测试
现在我故意将原先的sale改为sale1制造错误
启动项目并访问
输入lucy 123
成功实现
以上就是springsecurity配置403权限访问页面的详细内容,更多关于springsecurity权限访问页面的资料请关注其它相关文章!
