springsecurity

package com.atguigu.security.config;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;

@EnableGlobalMethodSecurity(prePostEnabled = true) //开启细粒度全局方法级别权限控制功能
@Configuration //声明当前类是一个配置类。相当与XML配置文件作用。
@EnableWebSecurity  //声明式配置，启用SpringSecurity安全机制。
public class AppWebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	DataSource dataSource;
	
	@Autowired
	UserDetailsService userDetailsService;//用户详情查询服务组件的接口

	//@Autowired
	//PasswordEncoder passwordEncoder;
	
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		//默认认证
		//super.configure(auth);
		
		//实验四：自定义认证用户信息 - 基于内存认证方式		
//		auth.inMemoryAuthentication()
//			.withUser("zhangsan").password("123456").roles("学徒","大师")
//			.and()
//			.withUser("lisi").password("123123").authorities("罗汉拳","武当长拳");
		
		//采用数据库认证方式
		//auth.userDetailsService(userDetailsService);  //默认密码校验，按照明文进行校验。
		//auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
		auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
	}
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		//super.configure(http); //默认权限规则。所有请求都受限制
		
		//实验一：授权首页和静态资源
//		http.authorizeRequests()
//				.antMatchers("/layui/**","/index.jsp").permitAll()
//				.anyRequest().authenticated();
			
		
		//实验6，授权访问
		http.authorizeRequests()
		.antMatchers("/layui/**","/index.jsp").permitAll()
		//.antMatchers("/level1/**").hasRole("学徒")  //相当于调用hasAuthority("ROLE_学徒")
		//.antMatchers("/level2/**").hasRole("大师")
		//.antMatchers("/level3/**").hasRole("宗师")
		//.antMatchers("/level3/**").hasAuthority("葵花宝典")
		.anyRequest().authenticated();
		
		
		//实验二：默认及自定义登录页
		//http.formLogin();  //默认登录页。很丑
		
		//http.formLogin().loginPage("/index.jsp"); //自定义登录页
		http.formLogin().loginPage("/index.jsp")
					.loginProcessingUrl("/index.jsp")
					.usernameParameter("loginacct")
					.passwordParameter("userpswd")
					.defaultSuccessUrl("/main.html");
		
		
		//http.logout(); //默认注销请求   请求路径："/logout"
		http.logout().logoutUrl("/logout").logoutSuccessUrl("/index.jsp");
		
		//http.csrf().disable(); //禁用CSRF
		
		http.exceptionHandling().accessDeniedPage("/unauth.html");
		
		//开启记住我功能。
		//http.rememberMe();  //基于Cookie的方式实现记住我功能
		JdbcTokenRepositoryImpl ptr = new JdbcTokenRepositoryImpl();
		ptr.setDataSource(dataSource);
		http.rememberMe().tokenRepository(ptr);
		
	}

	
	//MD5+盐+随机数
	//$2a$10$.gt2E3i5WHU6XrDQ/tbJ2uhLtutfCpNMX1I.CH8LSiKjgSc41o1hy
	//$2a$10$6e8Tv0Z/kp.xDMJirgm1jepkllup0z7Fet8XVGMV/ZqXUfTCN2XR.
	//$2a$10$sJrXoUlOp3es.IAFH6YPGuQVwD74iot79T4rc8AhkW7THJFEPr226
	public static void main(String[] args) {
		BCryptPasswordEncoder bcpe = new BCryptPasswordEncoder();
		String encode = bcpe.encode("123456");
		System.out.println(encode);
	}
	

}