項目環境:JDK8+maven3.0+MySQLhtml
項目結構:前端
pom.xml:java
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.liby</groupId> <artifactId>springsecurity</artifactId> <version>1.0-SNAPSHOT</version> <packaging>war</packaging> <name>springsecurity Maven Webapp</name> <!-- FIXME change it to the project's website --> <url>http://www.example.com</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <maven.compiler.source>1.7</maven.compiler.source> <maven.compiler.target>1.7</maven.compiler.target> <springframework.version>4.2.5.RELEASE</springframework.version> <springsecurity.version>4.0.4.RELEASE</springsecurity.version> <mysql.connector.version>5.1.31</mysql.connector.version> <mybatis.version>3.2.6</mybatis.version> <!-- log4j日誌文件管理包版本 --> <slf4j.version>1.7.7</slf4j.version> <log4j.version>1.2.17</log4j.version> </properties> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <scope>test</scope> </dependency> <!-- Spring --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-orm</artifactId> <version>${springframework.version}</version> </dependency> <!-- Spring Security --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${springsecurity.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${springsecurity.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>${springsecurity.version}</version> </dependency> <!-- MySQL --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>${mysql.connector.version}</version> </dependency> <!-- Servlet+JSP+JSTL --> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>javax.servlet.jsp-api</artifactId> <version>2.3.1</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <!-- mybatis核心包 --> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis</artifactId> <version>${mybatis.version}</version> </dependency> <dependency> <groupId>org.mybatis.generator</groupId> <artifactId>mybatis-generator-core</artifactId> <version>1.3.2</version> </dependency> <!-- mybatis/spring包 --> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis-spring</artifactId> <version>1.2.2</version> </dependency> <!-- log start --> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>${log4j.version}</version> </dependency> <!-- 格式化對象,方便輸出日誌 --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>${slf4j.version}</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>${slf4j.version}</version> </dependency> <!-- log end --> <!-- 加載數據源 --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.0.18</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.31</version> </dependency> </dependencies> <build> <!--解決Intellij構建項目時,target/classes目錄下不存在mapper.xml文件--> <resources> <resource> <directory>${basedir}/src/main/java</directory> <includes> <include>**/*.xml</include> </includes> </resource> </resources> <finalName>springsecurity</finalName> <pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) --> <plugins> <plugin> <groupId>org.mybatis.generator</groupId> <artifactId>mybatis-generator-maven-plugin</artifactId> <version>1.3.2</version> <configuration> <configurationFile>src/main/resources/mybatis-generator-config.xml</configurationFile> <verbose>true</verbose> <overwrite>true</overwrite> </configuration> <executions> <execution> <id>Generate MyBatis Artifacts</id> <goals> <goal>generate</goal> </goals> </execution> </executions> </plugin> <plugin> <artifactId>maven-clean-plugin</artifactId> <version>3.0.0</version> </plugin> <!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging --> <plugin> <artifactId>maven-resources-plugin</artifactId> <version>3.0.2</version> </plugin> <plugin> <artifactId>maven-compiler-plugin</artifactId> <version>3.7.0</version> </plugin> <plugin> <artifactId>maven-surefire-plugin</artifactId> <version>2.20.1</version> </plugin> <plugin> <artifactId>maven-war-plugin</artifactId> <version>3.2.0</version> </plugin> <plugin> <artifactId>maven-install-plugin</artifactId> <version>2.5.2</version> </plugin> <plugin> <artifactId>maven-deploy-plugin</artifactId> <version>2.8.2</version> </plugin> </plugins> </pluginManagement> </build> </project>
web.xml: mysql
<web-app> <display-name>Archetype Created Web Application</display-name> <!-- Spring監聽器 --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- 防止Spring內存溢出監聽器 --> <listener> <listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class> </listener> <!-- Spring MVC servlet --> <servlet> <servlet-name>SpringMVC</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:springmvc.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>SpringMVC</servlet-name> <!-- 此處能夠能夠配置成*.do,對應struts的後綴習慣 --> <url-pattern>/</url-pattern> </servlet-mapping> <!-- Spring的配置文件 --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-*.xml</param-value> </context-param> <!--springSecurity --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 編碼過濾器 --> <filter> <filter-name>encodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--歡迎頁面--> <welcome-file-list> <welcome-file>/index.html</welcome-file> <welcome-file>/index.jsp</welcome-file> </welcome-file-list> </web-app>
db.properties:git
driver=com.mysql.jdbc.Driver url=jdbc:mysql://localhost:3306/springsecurity?useUnicode=true&characterEncoding=UTF-8&allowMultiQueries=true name=root password=Yy30240103
log4j.properties:github
### 設置### log4j.rootLogger = debug,stdout,D,E ### 輸出信息到控制擡 ### log4j.appender.stdout = org.apache.log4j.ConsoleAppender log4j.appender.stdout.Target = System.out log4j.appender.stdout.layout = org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern = [%-5p] %d{yyyy-MM-dd HH:mm:ss,SSS} method:%l%n%m%n ### 輸出DEBUG 級別以上的日誌到文件F://logs/debug.log ### log4j.appender.D = org.apache.log4j.FileAppender log4j.appender.D.File = E:/logs/debug.log log4j.appender.D.Append = true log4j.appender.D.Threshold = DEBUG log4j.appender.D.layout = org.apache.log4j.PatternLayout log4j.appender.D.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} [ %t:%r ] - [ %p ] %m%n ### 輸出ERROR 級別以上的日誌到文件F://logs/error.log ### log4j.appender.E = org.apache.log4j.FileAppender log4j.appender.E.File = E://logs/error.log log4j.appender.E.Append = true log4j.appender.E.Threshold = ERROR log4j.appender.E.layout = org.apache.log4j.PatternLayout log4j.appender.E.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} [ %t:%r ] - [ %p ] %m%n
spring-dao.xml:web
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd"> <!-- 加載配置文件 --> <context:property-placeholder location="classpath:db.properties" ignore-unresolvable="true" /> <!-- 數據庫鏈接池 --> <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="getConnection" destroy-method="close"> <property name="driverClassName" value="${driver}" /> <property name="url" value="${url}" /> <property name="username" value="${name}" /> <property name="password" value="${password}" /> <!-- 初始化鏈接大小 --> <property name="initialSize" value="2" /> <!-- 鏈接池最大使用鏈接數量 --> <property name="maxActive" value="100" /> <!-- 鏈接池最小空閒 --> <property name="minIdle" value="2" /> <!-- 獲取鏈接最大等待時間 --> <!-- <property name="maxWait" value="60000" /> --> </bean> <!-- mapper配置 --> <!-- 讓spring管理sqlsessionfactory 使用mybatis和spring整合包中的 --> <!-- mybatis核心bean --> <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean"> <!-- 數據庫鏈接池 --> <property name="dataSource" ref="dataSource" /> <!-- 加載mybatis的全局配置文件 --> <property name="configLocation" value="classpath:SqlMapConfig.xml" /> <property name="mapperLocations" value="classpath:com/liby/springmvc/mapper/**/*.xml"/> </bean> <!-- 配置Mapper掃描器 --> <!-- 自動掃描DAO接口 --> <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer"> <property name="basePackage" value="com.liby.springmvc.dao"/> <property name="sqlSessionFactoryBeanName" value="sqlSessionFactory" /> </bean> <!-- (事務管理)transaction manager, use JtaTransactionManager for global tx --> <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager"> <property name="dataSource" ref="dataSource" /> </bean> </beans>
spring-mvc.xml:spring
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd"> <!-- 激活spring的註解. --> <context:annotation-config /> <!-- @Controller註解掃描 --> <context:component-scan base-package="com.liby.springmvc"></context:component-scan> <!-- 配置視圖解析器 做用:在controller中指定頁面路徑的時候就不用寫頁面的完整路徑名稱了,能夠直接寫頁面去掉擴展名的名稱 --> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <!-- 真正的頁面路徑 = 前綴 + 去掉後綴名的頁面名稱 + 後綴 --> <!-- 前綴 --> <property name="prefix" value="/view/"></property> <!-- 後綴 --> <property name="suffix" value=".jsp"></property> </bean> </beans>
SqlMapConfig.xml:mybatis配置文件,不可缺乏。sql
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd"> <configuration> </configuration>
重點來啦!!!數據庫
Spring Security配置
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <!--suppress ALL --> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <context:component-scan base-package="com.liby.springmvc"></context:component-scan> <http pattern="/login" security="none"/> <http auto-config="true"> <!--intercept-url有攔截順序,若是下面兩個被反轉了./**會一直 被匹配,/security/admin**就永遠也不會執行。--> <!--知足該條件的請求須要有ADMIN角色--> <intercept-url pattern="/security/admin**" access="hasRole('ROLE_ADMIN')"/> <!--pattern="/**" 對全部路徑進行角色認證--> <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/> <!--自定義登陸頁面是經過login-page屬性來指定的。提到login-page咱們不得不提另外幾個屬性。 一、username-parameter:表示登陸時用戶名使用的是哪一個參數,默認是「j_username」。 二、password-parameter:表示登陸時密碼使用的是哪一個參數,默認是「j_password」。 三、login-processing-url:表示登陸時提交的地址,默認是「/j-spring-security-check」。這個只是Spring Security用來標記登陸頁面使用的提交地址,真正關於登陸這個請求是不須要用戶本身處理的。 四、authentication-success-handler-ref:使用了authentication-success-handler-ref以後認證成功後的處理就由指定的AuthenticationSuccessHandler來處理,default-target-url則失效 五、authentication-failure-url:經過authentication-failure-url指定登陸失敗後的頁面 六、authentication-failure-handler-ref:對應一個用於處理認證失敗的AuthenticationFailureHandler實現類。指定了該屬性,Spring Security在認證失敗後會調用指定AuthenticationFailureHandler的onAuthenticationFailure方法對認證失敗進行處理,此時authentication-failure-url屬性將再也不發生做用。 --> <form-login login-page="/login" login-processing-url="/checkLogin" default-target-url="/hello" authentication-success-handler-ref="authenticationSuccessHandlerImpl" username-parameter="username" password-parameter="password" authentication-failure-url="/error" /> <!--要實現退出登陸的功能咱們須要在http元素下定義logout元素,這樣Spring Security將自動爲咱們添加用於處理退出登陸的過濾器LogoutFilter到FilterChain。 當咱們指定了http元素的auto-config屬性爲true時logout定義是會自動配置的,此時咱們默認退出登陸的URL爲「/logout」, 能夠經過logout元素的logout-url屬性來改變退出登陸的默認地址。 一、logout-url:改變退出登陸的默認地址,這裏須要注意的一點是,spring security 3.x默認的註銷攔截url爲/j_spring_security_logout,而4.x則默認使用/logout 二、invalidate-session:表示是否要在退出登陸後讓當前session失效,默認爲true。 三、delete-cookies:指定退出登陸後須要刪除的cookie名稱,多個cookie之間以逗號分隔。 四、logout-success-url:指定成功退出登陸後要重定向的URL。須要注意的是對應的URL應當是不須要登陸就能夠訪問的。 五、success-handler-ref:指定用來處理成功退出登陸的LogoutSuccessHandler的引用。 --> <logout invalidate-session="true" logout-success-url="/login" /> <!--Spring Security 4默認啓用了CSRF保護功能(false),該功能在Spring Security 3時就已經存在默認是不啓用,該功能防止跨站請求僞造攻擊; 在提交請求時,該請求被CsrfFilter攔截,驗證_csrf的token是否有效。 --> <csrf disabled="true"/> </http> <!--<authentication-manager>--> <!--<authentication-provider>--> <!--<user-service>--> <!--<user name="yebing" password="123456" authorities="ROLE_USER"/>--> <!--<user name="admin" password="admin" authorities="ROLE_USER,ROLE_ADMIN"/>--> <!--</user-service>--> <!--</authentication-provider>--> <!--</authentication-manager>--> <!-- 配置認證管理器 --> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetailServiceImpl"> <!--<password-encoder hash="md5">--> <!--<salt-source user-property="lamb" />--> <!--</password-encoder>--> <password-encoder ref="messageDigestPasswordEncoderImpl"></password-encoder> </authentication-provider> </authentication-manager> <beans:bean id="messageDigestPasswordEncoderImpl" class="com.liby.springmvc.config.springsecurity.MessageDigestPasswordEncoderImpl"> <beans:constructor-arg value="md5"></beans:constructor-arg> </beans:bean> </beans:beans>
Java代碼:
MD5加密工具類:Md5Util.java
package com.li.springmvc.util; import org.springframework.stereotype.Component; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; /** * 功能:獲取Md5加密後的密文 * @Author Created by yebing * @Date 2018/8/11 22:07 * @Version 1.0.0 */ @Component public class Md5Util { private static final String SALT = "lamb"; public String encode(String password){ password = password + SALT; StringBuffer stringBuffer = new StringBuffer(); MessageDigest digest = null; try { digest = MessageDigest.getInstance("md5"); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } byte[] strByte = password.getBytes(); byte[] result = digest.digest(strByte); System.out.println(); for (byte aByte : result) { String s=Integer.toHexString(0xff & aByte); if(s.length()==1){ stringBuffer.append(s); }else{ stringBuffer.append(s); } } return stringBuffer.toString(); } public static void main(String[] args){ Md5Util md5Util = new Md5Util(); System.out.println(md5Util.encode("123456")); } }
AuthenticationSuccessHandlerImpl.java:
用做Spring Security認證成功後的處理,可用做頁面跳轉等邏輯業務處理。
package com.li.springmvc.config.springsecurity; import org.springframework.context.annotation.Bean; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.stereotype.Component; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * 功能:Spring Security成功登錄後頁面處理器, * 結合Spring-security.xml文件下authentication-success-handler-ref="authenticationSuccessHandlerImpl"使用 * * @Author Created by yebing * @Date 2018/8/12 21:15 * @Version 1.0.0 */ @Component("authenticationSuccessHandlerImpl") public class AuthenticationSuccessHandlerImpl implements AuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { System.out.println("Setting session!"); httpServletResponse.sendRedirect("/hello"); } }
UserDetailsServiceImpl.java:
用於登陸時,獲取前端發送過來的帳號,調用dao動態獲取數據庫用戶信息,例如帳號權限以及密碼,並將帳號信息寫入Spring Security中。
package com.li.springmvc.config.springsecurity; import com.li.springmvc.dao.UserDao; import com.li.springmvc.domain.UserBean; import com.li.springmvc.util.Md5Util; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; import java.util.ArrayList; import java.util.List; /** * 功能:動態獲取用戶帳號密碼認證 * @Author Created by yebing * @Date 2018/8/12 22:05 * @Version 1.0.0 */ @Component("userDetailServiceImpl") public class UserDetailsServiceImpl implements UserDetailsService { @Autowired private UserDao userDao; @Autowired private Md5Util md5Util; private static Logger logger = Logger.getLogger(UserDetailsServiceImpl.class); @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { UserBean userBean = userDao.getUser(username); if (null == userBean) { throw new UsernameNotFoundException("用戶" + username + "不存在"); } //GrantedAuthority是security提供的權限類, List<GrantedAuthority> auths = new ArrayList<GrantedAuthority>(); //獲取角色,放到list裏面 getRoles(userBean,auths); logger.info("數據庫密碼:"+userBean.getPassword()); //返回包括權限角色的User給security return new User(username, userBean.getPassword(), true, true, true, true, auths); } public void getRoles(UserBean userBean,List<GrantedAuthority> list){ for (String role:userBean.getRoles().split(",")) { //權限若是前綴是ROLE_,security就會認爲這是個角色信息,而不是權限,例如ROLE_MENBER就是MENBER角色,CAN_SEND就是CAN_SEND權限 System.out.println("角色是:"+role); list.add(new SimpleGrantedAuthority("ROLE_"+role)); } }
MessageDigestPasswordEncoderImpl.java:
密碼認證處理器,繼承MessageDigestPasswordEncoder類,重寫密碼認證方法。
package com.li.springmvc.config.springsecurity; import com.li.springmvc.util.Md5Util; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder; import org.springframework.stereotype.Component; /** * 功能:密碼認證處理器,繼承MessageDigestPasswordEncoder類,重寫密碼認證方法。 * <password-encoder ref="messageDigestPasswordEncoderImpl"></password-encoder>搭配使用 * @Author: yebing * @Date: 2018-8-13 12:32 * @Version 1.0.0 */ public class MessageDigestPasswordEncoderImpl extends MessageDigestPasswordEncoder { @Autowired private Md5Util md5Util; private static Logger logger = Logger.getLogger(MessageDigestPasswordEncoderImpl.class); public MessageDigestPasswordEncoderImpl(String algorithm) throws IllegalArgumentException{ super(algorithm); } public MessageDigestPasswordEncoderImpl(String algorithm, boolean encodeHashAsBase64) throws IllegalArgumentException { super(algorithm, encodeHashAsBase64); } /** * @param encPass 數據庫密碼 * @param rawPass 前端傳送過來的密碼 * @param salt 加鹽,這裏忽略,暫時不引用 * @return */ @Override public boolean isPasswordValid(String encPass, String rawPass, Object salt) { String pass1 = "" + encPass; String pass2 = md5Util.encode(rawPass); boolean bool=false; if(pass1.equals(pass2)){ bool=true; } return bool; } }
最後來一個Spring Security註銷登陸:
@RequestMapping(value = "/logout") public String logoutPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse){ Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if(authentication!=null){ new SecurityContextLogoutHandler().logout(httpServletRequest,httpServletResponse,authentication); } logger.info("註銷登陸成功!"); return "login"; }
就這麼簡單粗暴的註銷實例。
項目github地址:完整的項目,不懂的能夠看代碼註釋,我以爲我寫的仍是比較清楚的