update

pom.xml

@@ -102,6 +102,10 @@
             <version>3.28.0</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
     </dependencies>
 
     <build>

src/main/java/com/yutou/tools/utils/APIFilter.java

@@ -20,8 +20,8 @@ import java.io.IOException;
 import java.util.Enumeration;
 import java.util.List;
 
-@Component
-@WebFilter
+/*@Component
+@WebFilter*/
 public class APIFilter implements Filter {
     public static boolean isDebug = false;
     @Resource

src/main/java/com/yutou/tools/utils/AuthConfig.java

@@ -0,0 +1,66 @@
+package com.yutou.tools.utils;
+
+import com.alibaba.fastjson.JSONObject;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+@Configuration
+@EnableWebSecurity
+public class AuthConfig extends WebSecurityConfigurerAdapter {
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        //super.configure(http);
+        http.authorizeRequests()
+                .antMatchers("/",
+                        "/login/sendCaptcha.do",
+                        "/login/login.do",
+                        "/login/check.do"
+                )
+                .permitAll()
+                .anyRequest()
+                .authenticated()
+                .and()
+                .formLogin()
+                .loginPage("/index.html")
+                .and()
+                .exceptionHandling().accessDeniedHandler(new AccessDeniedHandler() {
+            @Override
+            public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
+                System.out.println("accessDeniedHandler");
+
+            }
+        }).and().exceptionHandling().authenticationEntryPoint(new AuthenticationEntryPoint() {
+            @Override
+            public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
+                System.out.println("无权限");
+                JSONObject json = new JSONObject();
+                json.put("code", 403);
+                json.put("msg", "You have no authority.");
+                httpServletResponse.getWriter().write(json.toJSONString());
+            }
+        })
+        ;
+
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        super.configure(auth);
+        System.out.println("wt？");
+    }
+}

web/html/header.html

@@ -59,7 +59,7 @@
         if (loginStatus) {
             return;
         }
-        $.post('/login/sendCaptcha.do', function (data) {
+        $.get('/login/sendCaptcha.do', function (data) {
             let json = JSON.parse(data);
             if (json.code === 1) {
                 layer.open({