package com.config;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.builders.WebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.core.Authentication;

import org.springframework.security.core.AuthenticationException;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.security.web.authentication.AuthenticationFailureHandler;

import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import java.io.PrintWriter;

/**

* @author duanbochao

* @creat 2019/8/10

*/

@Configuration

public class SecurityConfigextends WebSecurityConfigurerAdapter {

@Override

    protected void configure(AuthenticationManagerBuilder auth)throws Exception {

auth.inMemoryAuthentication()

.withUser("duan").roles("admin").password("$2a$10$BIUDzypA2WNeou0C4XWMqunc0r88UwKZiwA/kmQhYDvhl.vUp3wXu")

.and()

.withUser("zhang").roles("user").password("$2a$10$BIUDzypA2WNeou0C4XWMqunc0r88UwKZiwA/kmQhYDvhl.vUp3wXu");

}

@Bean

    PasswordEncoder  passwordEncoder(){

return new BCryptPasswordEncoder();

}

@Override

    protected void configure(HttpSecurity http)throws Exception {

http

.authorizeRequests()//开启登录配置

                .antMatchers("/hello").hasRole("admin")//表示访问 /hello 这个接口，需要具备 admin 这个角色

                .antMatchers("/index").hasRole("admin")//表示访问 /hello 这个接口，需要具备 admin 这个角色

                .anyRequest().authenticated()//表示剩余的其他接口，登录之后只要是登录的人都能访问

                .and()//定义登录页面，未登录时，访问一个需要登录之后才能访问的接口，会自动跳转到该页面

                .formLogin().loginPage("/login_p")

//登录处理接口

                .loginProcessingUrl("/doLogin")

//定义登录时，用户名的 key，默认为 username

                .usernameParameter("username")

//定义登录时，用户密码的 key，默认为 password

                .passwordParameter("password")

//登录成功的处理器

                .successHandler(new AuthenticationSuccessHandler() {//登录成功后的回调

                @Override

                public void onAuthenticationSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication)throws IOException, ServletException {

resp.setContentType("application/json;charset=utf-8");

PrintWriter out = resp.getWriter();

out.write("success!");

out.flush();

}

})

.failureHandler(new AuthenticationFailureHandler() {//登录失败后的回调

                @Override

                public void onAuthenticationFailure(HttpServletRequest req, HttpServletResponse resp, AuthenticationException e)throws IOException, ServletException {

resp.setContentType("application/json;charset=utf-8");

PrintWriter out = resp.getWriter();

out.write("fail");

out.flush();

}

})

.permitAll()

.and()

.logout()

.logoutUrl("/logout")

.logoutSuccessHandler(new LogoutSuccessHandler() {//注销成功后的回调

                @Override

                public void onLogoutSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication)throws IOException, ServletException {

resp.setContentType("application/json;charset=utf-8");

PrintWriter out = resp.getWriter();

out.write("logout success");

out.flush();

}

})

.permitAll()

.and()

.httpBasic()

.and()

.csrf().disable();

}

//放行控制器

    @Override

    public void configure(WebSecurity web)throws Exception {

web.ignoring().antMatchers("/hello");

web.ignoring().antMatchers("/index");

}

}