From f75835cee4935a1dc3d14f325378c8223b02a1b5 Mon Sep 17 00:00:00 2001 From: zhh Date: Mon, 6 Aug 2018 15:11:16 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=9A=E5=91=98=E7=99=BB=E5=BD=95=E6=B3=A8?= =?UTF-8?q?=E5=86=8C=E5=AE=8C=E5=96=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../component/GoAccessDeniedHandler.java | 21 +++++++++ .../component/GoAuthenticationEntryPoint.java | 21 +++++++++ .../GoAuthenticationFailureHandler.java | 21 +++++++++ .../GoAuthenticationSuccessHandler.java | 21 +++++++++ .../component/GoLogoutSuccessHandler.java | 21 +++++++++ .../mall/portal/config/SecurityConfig.java | 27 +++++++++++- .../controller/UmsMemberController.java | 19 ++------ .../mall/portal/service/UmsMemberService.java | 11 ++--- .../service/impl/UmsMemberServiceImpl.java | 43 +++++++++---------- 9 files changed, 161 insertions(+), 44 deletions(-) create mode 100644 mall-portal/src/main/java/com/macro/mall/portal/component/GoAccessDeniedHandler.java create mode 100644 mall-portal/src/main/java/com/macro/mall/portal/component/GoAuthenticationEntryPoint.java create mode 100644 mall-portal/src/main/java/com/macro/mall/portal/component/GoAuthenticationFailureHandler.java create mode 100644 mall-portal/src/main/java/com/macro/mall/portal/component/GoAuthenticationSuccessHandler.java create mode 100644 mall-portal/src/main/java/com/macro/mall/portal/component/GoLogoutSuccessHandler.java diff --git a/mall-portal/src/main/java/com/macro/mall/portal/component/GoAccessDeniedHandler.java b/mall-portal/src/main/java/com/macro/mall/portal/component/GoAccessDeniedHandler.java new file mode 100644 index 0000000..49d6924 --- /dev/null +++ b/mall-portal/src/main/java/com/macro/mall/portal/component/GoAccessDeniedHandler.java @@ -0,0 +1,21 @@ +package com.macro.mall.portal.component; + +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.web.access.AccessDeniedHandler; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * Created by macro on 2018/8/6. + */ +public class GoAccessDeniedHandler implements AccessDeniedHandler{ + @Override + public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { + response.setHeader("Content-Type", "application/json;charset=utf-8"); + response.getWriter().print("{\"code\":401,\"message\":\""+"未认证:"+accessDeniedException.getMessage()+"\"}"); + response.getWriter().flush(); + } +} diff --git a/mall-portal/src/main/java/com/macro/mall/portal/component/GoAuthenticationEntryPoint.java b/mall-portal/src/main/java/com/macro/mall/portal/component/GoAuthenticationEntryPoint.java new file mode 100644 index 0000000..92c603c --- /dev/null +++ b/mall-portal/src/main/java/com/macro/mall/portal/component/GoAuthenticationEntryPoint.java @@ -0,0 +1,21 @@ +package com.macro.mall.portal.component; + +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.AuthenticationEntryPoint; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * Created by macro on 2018/8/6. + */ +public class GoAuthenticationEntryPoint implements AuthenticationEntryPoint { + @Override + public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { + response.setHeader("Content-Type", "application/json;charset=utf-8"); + response.getWriter().print("{\"code\":403,\"message\":\""+"未授权:"+authException.getMessage()+"\"}"); + response.getWriter().flush(); + } +} diff --git a/mall-portal/src/main/java/com/macro/mall/portal/component/GoAuthenticationFailureHandler.java b/mall-portal/src/main/java/com/macro/mall/portal/component/GoAuthenticationFailureHandler.java new file mode 100644 index 0000000..d312932 --- /dev/null +++ b/mall-portal/src/main/java/com/macro/mall/portal/component/GoAuthenticationFailureHandler.java @@ -0,0 +1,21 @@ +package com.macro.mall.portal.component; + +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.authentication.AuthenticationFailureHandler; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * Created by macro on 2018/8/6. + */ +public class GoAuthenticationFailureHandler implements AuthenticationFailureHandler { + @Override + public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { + response.setHeader("Content-Type", "application/json;charset=utf-8"); + response.getWriter().print("{\"code\":500,\"message\":\""+"登录失败:"+exception.getMessage()+"\"}"); + response.getWriter().flush(); + } +} diff --git a/mall-portal/src/main/java/com/macro/mall/portal/component/GoAuthenticationSuccessHandler.java b/mall-portal/src/main/java/com/macro/mall/portal/component/GoAuthenticationSuccessHandler.java new file mode 100644 index 0000000..727a109 --- /dev/null +++ b/mall-portal/src/main/java/com/macro/mall/portal/component/GoAuthenticationSuccessHandler.java @@ -0,0 +1,21 @@ +package com.macro.mall.portal.component; + +import org.springframework.security.core.Authentication; +import org.springframework.security.web.authentication.AuthenticationSuccessHandler; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * Created by macro on 2018/8/6. + */ +public class GoAuthenticationSuccessHandler implements AuthenticationSuccessHandler { + @Override + public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { + response.setHeader("Content-Type", "application/json;charset=utf-8"); + response.getWriter().print("{\"code\":200,\"message\":\"登录成功\"}"); + response.getWriter().flush(); + } +} diff --git a/mall-portal/src/main/java/com/macro/mall/portal/component/GoLogoutSuccessHandler.java b/mall-portal/src/main/java/com/macro/mall/portal/component/GoLogoutSuccessHandler.java new file mode 100644 index 0000000..0c9cde4 --- /dev/null +++ b/mall-portal/src/main/java/com/macro/mall/portal/component/GoLogoutSuccessHandler.java @@ -0,0 +1,21 @@ +package com.macro.mall.portal.component; + +import org.springframework.security.core.Authentication; +import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * Created by macro on 2018/8/6. + */ +public class GoLogoutSuccessHandler implements LogoutSuccessHandler { + @Override + public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { + response.setHeader("Content-Type", "application/json;charset=utf-8"); + response.getWriter().print("{\"code\":200,\"message\":\"已注销\"}"); + response.getWriter().flush(); + } +} diff --git a/mall-portal/src/main/java/com/macro/mall/portal/config/SecurityConfig.java b/mall-portal/src/main/java/com/macro/mall/portal/config/SecurityConfig.java index 77a0026..891e92c 100644 --- a/mall-portal/src/main/java/com/macro/mall/portal/config/SecurityConfig.java +++ b/mall-portal/src/main/java/com/macro/mall/portal/config/SecurityConfig.java @@ -1,6 +1,7 @@ package com.macro.mall.portal.config; import com.macro.mall.model.UmsMember; +import com.macro.mall.portal.component.*; import com.macro.mall.portal.domain.MemberDetails; import com.macro.mall.portal.service.UmsMemberService; import org.springframework.beans.factory.annotation.Autowired; @@ -47,7 +48,31 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .anyRequest()// 除上面外的所有请求全部需要鉴权认证 .authenticated() .and() - .csrf().disable(); + .exceptionHandling() + .accessDeniedHandler(new GoAccessDeniedHandler()) + .authenticationEntryPoint(new GoAuthenticationEntryPoint()) + .and() + .formLogin() + .loginPage("/sso/login") + .successHandler(new GoAuthenticationSuccessHandler()) + .failureHandler(new GoAuthenticationFailureHandler()) + .and() + .logout() + .logoutUrl("/sso/logout") + .logoutSuccessHandler(new GoLogoutSuccessHandler()) + .invalidateHttpSession(true) + .deleteCookies("JSESSIONID") +// .and() +// .requiresChannel() +// .antMatchers("/sso/*").requiresSecure() +// .anyRequest().requiresInsecure() +// .and() +// .rememberMe() +// .tokenValiditySeconds(1800) +// .key("token_key") + .and() + .csrf() + .disable();//开启basic认证登录后可以调用需要认证的接口 } @Override diff --git a/mall-portal/src/main/java/com/macro/mall/portal/controller/UmsMemberController.java b/mall-portal/src/main/java/com/macro/mall/portal/controller/UmsMemberController.java index 66e4938..b88889c 100644 --- a/mall-portal/src/main/java/com/macro/mall/portal/controller/UmsMemberController.java +++ b/mall-portal/src/main/java/com/macro/mall/portal/controller/UmsMemberController.java @@ -22,12 +22,6 @@ import org.springframework.web.bind.annotation.ResponseBody; public class UmsMemberController { @Autowired private UmsMemberService memberService; - @ApiOperation("登录") - @RequestMapping(value = "/login", method = RequestMethod.POST) - @ResponseBody - public Object login(@RequestParam String username, @RequestParam String password) { - return memberService.login(username,password); - } @ApiOperation("注册") @RequestMapping(value = "/register", method = RequestMethod.POST) @@ -36,8 +30,8 @@ public class UmsMemberController { @RequestParam String password, @RequestParam String telephone, @RequestParam String authCode) { - UmsMember member = memberService.register(username,password,telephone,authCode); - if(member!=null){ + UmsMember member = memberService.register(username, password, telephone, authCode); + if (member != null) { return new CommonResult().success(member); } return new CommonResult().failed(); @@ -56,13 +50,6 @@ public class UmsMemberController { public Object updatePassword(@RequestParam String telephone, @RequestParam String password, @RequestParam String authCode) { - return null; - } - - @ApiOperation("登出操作") - @RequestMapping(value = "/logout", method = RequestMethod.POST) - @ResponseBody - public Object logout() { - return null; + return memberService.updatePassword(telephone,password,authCode); } } diff --git a/mall-portal/src/main/java/com/macro/mall/portal/service/UmsMemberService.java b/mall-portal/src/main/java/com/macro/mall/portal/service/UmsMemberService.java index c1f3d85..ff7b8fe 100644 --- a/mall-portal/src/main/java/com/macro/mall/portal/service/UmsMemberService.java +++ b/mall-portal/src/main/java/com/macro/mall/portal/service/UmsMemberService.java @@ -20,13 +20,14 @@ public interface UmsMemberService { @Transactional UmsMember register(String username, String password, String telephone, String authCode); - /** - * 登录操作 - */ - CommonResult login(String username, String password); - /** * 生成验证码 */ CommonResult generateAuthCode(String telephone); + + /** + * 修改密码 + */ + @Transactional + CommonResult updatePassword(String telephone, String password, String authCode); } diff --git a/mall-portal/src/main/java/com/macro/mall/portal/service/impl/UmsMemberServiceImpl.java b/mall-portal/src/main/java/com/macro/mall/portal/service/impl/UmsMemberServiceImpl.java index 1c58637..b124473 100644 --- a/mall-portal/src/main/java/com/macro/mall/portal/service/impl/UmsMemberServiceImpl.java +++ b/mall-portal/src/main/java/com/macro/mall/portal/service/impl/UmsMemberServiceImpl.java @@ -8,19 +8,14 @@ import com.macro.mall.model.UmsMemberLevel; import com.macro.mall.model.UmsMemberLevelExample; import com.macro.mall.portal.domain.CommonResult; import com.macro.mall.portal.service.UmsMemberService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.encoding.PasswordEncoder; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Service; import org.springframework.util.CollectionUtils; import java.util.Date; import java.util.List; +import java.util.Random; /** * 会员管理Service实现类 @@ -34,9 +29,6 @@ public class UmsMemberServiceImpl implements UmsMemberService { private UmsMemberLevelMapper memberLevelMapper; @Autowired private PasswordEncoder passwordEncoder; - @Autowired - private AuthenticationManager authenticationManager; - private static final Logger LOGGER = LoggerFactory.getLogger(UmsMemberServiceImpl.class); @Override public UmsMember getByUsername(String username) { @@ -79,22 +71,29 @@ public class UmsMemberServiceImpl implements UmsMemberService { } @Override - public CommonResult login(String username, String password) { - CommonResult result; - UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(username, passwordEncoder.encodePassword(password, null)); - try { - authenticationManager.authenticate(authentication); - SecurityContextHolder.getContext().setAuthentication(authentication); - result = new CommonResult().success("登录成功"); - } catch (AuthenticationException e) { - LOGGER.warn("登录异常:{}", e.getMessage()); - result = new CommonResult().failed("登录异常:"+e.getMessage()); + public CommonResult generateAuthCode(String telephone) { + StringBuilder sb = new StringBuilder(); + Random random = new Random(); + for(int i=0;i<6;i++){ + sb.append(random.nextInt(10)); } - return result; + // TODO: 2018/8/6 验证码进行存储 + return new CommonResult().success("获取验证码成功",sb.toString()); } @Override - public CommonResult generateAuthCode(String telephone) { - return null; + public CommonResult updatePassword(String telephone, String password, String authCode) { + UmsMemberExample example = new UmsMemberExample(); + example.createCriteria().andPhoneEqualTo(telephone); + List memberList = memberMapper.selectByExample(example); + if(CollectionUtils.isEmpty(memberList)){ + return new CommonResult().failed("该账号不存在"); + } + // TODO: 2018/8/6 验证验证码 + UmsMember umsMember = memberList.get(0); + umsMember.setPassword(passwordEncoder.encodePassword(password,null)); + memberMapper.updateByPrimaryKeySelective(umsMember); + return new CommonResult().success("密码修改成功",null); } + }