🚧 努力ing。。

spring-boot-demo-rbac-security/src/main/java/com/xkcoding/rbac/security/config/SecurityConfig.java

@@ -0,0 +1,63 @@
+package com.xkcoding.rbac.security.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+/**
+ * <p>
+ * Security 配置
+ * </p>
+ *
+ * @package: com.xkcoding.rbac.security.config
+ * @description: Security 配置
+ * @author: yangkai.shen
+ * @date: Created in 2018-12-07 16:46
+ * @copyright: Copyright (c) 2018
+ * @version: V1.0
+ * @modified: yangkai.shen
+ */
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+    @Autowired
+    private LogoutSuccessHandler logoutSuccessHandler;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.cors()
+
+                // 关闭 CSRF
+                .and()
+                .csrf()
+                .disable()
+
+                // 认证请求
+                .authorizeRequests()
+                // 放行 /api/auth/** 的所有请求，参见 AuthController
+                .antMatchers("/api/auth/**")
+                .permitAll()
+                .anyRequest()
+                .authenticated()
+
+                // 登出处理
+                .and()
+                .logout()
+                // 登出请求默认为POST请求，改为GET请求
+                .logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"))
+                // 登出成功处理器
+                .logoutSuccessHandler(logoutSuccessHandler)
+                .permitAll()
+
+                .and()
+                // Session 管理
+                .sessionManagement()
+                // 因为使用了JWT，所以这里不管理Session
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+    }
+}

spring-boot-demo-rbac-security/src/main/java/com/xkcoding/rbac/security/config/SecurityHandlerConfig.java

@@ -0,0 +1,34 @@
+package com.xkcoding.rbac.security.config;
+
+import com.xkcoding.rbac.security.common.Status;
+import com.xkcoding.rbac.security.util.ResponseUtil;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+
+/**
+ * <p>
+ * Security 结果处理配置
+ * </p>
+ *
+ * @package: com.xkcoding.rbac.security.config
+ * @description: Security 结果处理配置
+ * @author: yangkai.shen
+ * @date: Created in 2018-12-07 17:31
+ * @copyright: Copyright (c) 2018
+ * @version: V1.0
+ * @modified: yangkai.shen
+ */
+@Configuration
+public class SecurityHandlerConfig {
+
+    /**
+     * 退出成功处理器
+     *
+     * @return 退出成功处理器
+     */
+    @Bean
+    public LogoutSuccessHandler logoutSuccessHandler() {
+        return (request, response, authentication) -> ResponseUtil.renderJson(response, Status.LOGOUT, null);
+    }
+}

spring-boot-demo-rbac-security/src/main/java/com/xkcoding/rbac/security/controller/AuthController.java

@@ -0,0 +1,34 @@
+package com.xkcoding.rbac.security.controller;
+
+import com.xkcoding.rbac.security.common.ApiResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * <p>
+ * 认证 Controller，包括用户注册，用户登录请求
+ * </p>
+ *
+ * @package: com.xkcoding.rbac.security.controller
+ * @description: 认证 Controller，包括用户注册，用户登录请求
+ * @author: yangkai.shen
+ * @date: Created in 2018-12-07 17:23
+ * @copyright: Copyright (c) 2018
+ * @version: V1.0
+ * @modified: yangkai.shen
+ */
+@Slf4j
+@RestController
+@RequestMapping("/api/auth")
+public class AuthController {
+
+    /**
+     * 登录
+     */
+    @PostMapping("/login")
+    public ApiResponse login() {
+        return ApiResponse.ofSuccess();
+    }
+}