lizhen's commit

add the security   to validate the user

Author: skyli-cn-coder

pom.xml

@@ -61,6 +61,11 @@
 			<artifactId>spring-boot-starter-thymeleaf</artifactId>
 		</dependency>
 
+		<dependency>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+		
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>

src/main/java/com/springboot/demo/config/WebSecurityConfig.java

@@ -0,0 +1,72 @@
+package com.springboot.demo.config;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+
+import com.springboot.demo.pojo.primary.FirstUser;
+import com.springboot.demo.service.impl.UserService;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+	
+	@Autowired
+	UserService userService;
+	// 这里设置允许那些路径下的页面需要设置安全验证
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		//如果直接输入登陆网址时，当登陆成功后，默认成功的跳转地址为“/”,现在发现的问题是这个不能将登陆成功后的数据渲染给模板
+		http
+		        .authorizeRequests().antMatchers("/","/registry").permitAll().anyRequest().authenticated().and()
+		        .formLogin().loginPage("/login").successHandler(new AuthenticationSuccessHandler(){
+					@Override
+					public void onAuthenticationSuccess(HttpServletRequest req, HttpServletResponse res,
+							Authentication auth) throws IOException, ServletException {
+						HttpSession session = req.getSession();
+						List<FirstUser> userList = userService.findUserByName(auth.getName());
+						for(FirstUser user :userList){
+							//这里将userList中的数据加入到session中,这里加入的只有列表最后一个user
+							session.setAttribute("user", user);
+						}
+						res.sendRedirect("/success");
+					}
+		        })
+		        .failureHandler(new AuthenticationFailureHandler(){
+
+					@Override
+					public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+							AuthenticationException exception) throws IOException, ServletException {
+						// 这里目前登陆失败的的验证我还没有写
+						
+					}
+		        }).permitAll().and()
+		        .logout().permitAll();
+	}
+	
+	@Autowired
+	protected void configGloable(AuthenticationManagerBuilder auth)throws Exception{
+		
+		//这里下面我不知道设置的这个用户名和密码好像是固定好的了，理论上应该使用从数据库中查询出来的用户名和密码
+		//之前设置的一直有问题，加了默认成功页面时，可以跳转！但是每次从系启动应用时，第一次都会出现没有访问权限问题
+		//这里设置的前提是讲login页面中的username属性的标签的name改为username，这里我猜是这里的user验证时，取出的是前面名字为username的标签
+		auth.inMemoryAuthentication().withUser("李阵").password("lizhen").roles("USER");
+		
+		//auth.userDetailsService(this.loginService);
+	}
+}

src/main/java/com/springboot/demo/controller/LoginController.java

@@ -7,8 +7,6 @@
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.ResponseBody;
-
 import com.springboot.demo.pojo.primary.FirstUser;
 import com.springboot.demo.service.IUserService;
 import com.springboot.demo.service.impl.LoginService;
@@ -23,28 +21,36 @@ public class LoginController {
 	@Autowired
 	IUserService userService;
 
-	
- @RequestMapping("/login")
+	//现在这个数据是经过security模块传过来的
+ @RequestMapping("/login" )
  public String login(){
 	 return"login";
  }
 
+ @RequestMapping("/success")
+ public String success(HttpSession session,Model model){
+	 FirstUser user = (FirstUser) session.getAttribute("user");
+	 model.addAttribute("user", user);
+	 return "success";
+ }
+ 
  @RequestMapping("/registry")
  public String registry(){
 	 return "user/registry";
  }
 
 
  @RequestMapping(value="/registry", method={RequestMethod.POST})
- public String  registry(Model model,String name, String password, String address, int age){
-	 FirstUser user = new FirstUser(null,name,password,address,age);
+ public String  registry(Model model,String username, String password, String address, int age){
+	 FirstUser user = new FirstUser(null,username,password,address,age);
 	 userService.saveUser(user);
 	 //用户注册后，跳转到登陆成功的界面,这里用户插入后，没有在查询用户操作
 	 model.addAttribute("user", user);
 	 return "success";
  }
 
 
+ //使用了权限认证后，好像所有的登陆都不会转发到这里来了
 	@RequestMapping(value = "/login", method = { RequestMethod.POST })
 	public String login(Model model, HttpSession session, String name, String password) {
 		// 这里调用业务层查看是否有用户

src/main/java/com/springboot/demo/controller/UserController.java

@@ -48,9 +48,9 @@ public String update(Model model,Long id){
 		return "user/update";
 	}
 	@RequestMapping(value="/update",method={RequestMethod.POST})
-	public String update(Model model,Long id,String name, String address, int age){
+	public String update(Model model,Long id,String username, String address, int age){
 		FirstUser user = userService.findUserById(id);
-		user.setName(name);
+		user.setName(username);
 		user.setAddress(address);
 		user.setAge(age);
 		//执行跟新操作

src/main/java/com/springboot/demo/pojo/primary/FirstUser.java

@@ -1,8 +1,5 @@
 package com.springboot.demo.pojo.primary;
 
-import java.util.Arrays;
-import java.util.Collection;
-
 import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
 import javax.persistence.Id;

src/main/resources/templates/index.html

@@ -2,9 +2,19 @@
 <html xmlns:th="http://www.thymeleaf.org">
 <head>
 <title>欢迎界面</title>
+<style type="text/css">
+#index{
+text-align:center;
+}
+
+#message{
+text-align:center;
+}
+
+</style>
 </head>
 <body>
-<h1>欢迎来到用户管理</h1>
-<p>点击<a th:href="@{/login}">这里</a>进入我的信息</p>
+<h1 id="index">欢迎来到用户管理</h1>
+<p id="message">点击<a th:href="@{/success}">这里</a>进入个人信息</p>
 </body>
 </html>

src/main/resources/templates/login.html

@@ -22,7 +22,7 @@
 		<table id="table" style='margin:0px auto'>
 			<tr>
 				<td>用户名:</td>
-				<td><input type="text" name="name" /></td>
+				<td><input type="text" name="username" /></td>
 			</tr>
 			<tr>
 				<td>密 码:</td>

src/main/resources/templates/success.html

@@ -17,17 +17,16 @@
 </style>
 
 <script type="text/javascript">
-
-function findAllUser(){
-	location.href = "/findAllUser";
-}
+	function findAllUser() {
+		location.href = "/findAllUser";
+	}
 </script>
 </head>
 <body>
-    
 	<p th:text="'欢迎'+ ${user.name} +'管理员'" th:if="${user.name eq '李阵'}"></p>
 	<p th:text="'欢迎' + ${user.name}" th:unless="${user.name eq '李阵'}"></p>
-	<input type="button" value="所有用户" onclick="findAllUser()" th:if="${user.name eq '李阵'}" />
+	<input type="button" value="所有用户" onclick="findAllUser()"
+		th:if="${user.name eq '李阵'}" />
 	<p id="info">您的个人信息</p>
 	<div>
 		<table id="table">

src/main/resources/templates/user/registry.html

@@ -40,7 +40,7 @@
 		<table id="table"  style='margin:0px auto'>
 			<tr>
 				<td>用户名：</td>
-				<td><input type="text" name="name" id="userName"
+				<td><input type="text" name="username" id="userName"
 					onchange="validate()"/></td>
 				<td id="star">*</td>
 			</tr>

src/main/resources/templates/user/update.html

@@ -10,7 +10,7 @@
 		<table id="table">
 			<tr>
 				<td>姓名：</td>
-				<td><input type="text" name="name" th:value="${user.name}" /></td>
+				<td><input type="text" name="username" th:value="${user.name}" /></td>
 			</tr>
 			<tr>
 				<td>地址：</td>