认证和授权处理类关键代码

package com.tszr.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Controller;

/**
 * 认证和授权处理类
 */
@Controller
public class MySecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    //依赖注入通用的用户服务类
    @Autowired
    private MyUserSecurityService myUserSecurityService;
    //依赖注入加密接口
    @Autowired
    private PasswordEncoder passwordEncoder;
    //依赖注入用户认证接口
    @Autowired
    private AuthenticationProvider authenticationProvider;
    //依赖注入认证处理成功类，验证用户成功后处理不同用户跳转到不同的页面
    @Autowired
    private MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;

    /**
     * BCryptPasswordEncoder是PasswordEncoder的接口实现
     * 实现加密功能
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    /**
     * DaoAuthenticationProvider是AuthenticationProvider的实现
     */
    @Bean
    public AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider provide = new DaoAuthenticationProvider();
        //不隐藏用户未找到异常
        provide.setHideUserNotFoundExceptions(false);
        //设置自定义认证方式，用户登录认证
        provide.setUserDetailsService(myUserSecurityService);
        //设置密码加密程序认证
        provide.setPasswordEncoder(passwordEncoder);
        return provide;
    }
    /**
     * 用户认证
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        System.out.println("configure(AuthenticationManagerBuilder auth) ");
        //设置认证方式
        auth.authenticationProvider(authenticationProvider);
    }

    /**
     * 请求授权
     * 用户授权操作
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        System.out.println("configure(HttpSecurity http)");
        http.authorizeRequests()
                //首页、登录、注册页面、登录注册功能、以及静态资源过滤掉，即可任意访问
                .antMatchers("/toLogin", "/toRegister", "/", "/login", "/register", "/css/**", "/fonts/**", "/js/**").permitAll()
                //这里默认追加ROLE_，/user/**是控制器的请求匹配路径
                .antMatchers("/user/**").hasRole("USER")
                .antMatchers("/admin/**").hasAnyRole("ADMIN", "DBA")
                //其他所有请求登录后才能访问
                .anyRequest().authenticated()
                .and()
                //将输入的用户名与密码和授权的进行比较
                .formLogin()
                .loginPage("/login").successHandler(myAuthenticationSuccessHandler)
                .usernameParameter("username").passwordParameter("password")
                //登录失败
                .failureUrl("/login?error")
                .and()
                //注销行为可任意访问
                .logout().permitAll()
                .and()
                //指定异常处理页面
                .exceptionHandling().accessDeniedPage("/deniedAccess");
    }
}