• springboot1.5.x 第一部分 自定义用户认证

    按图引入包

    此时,所有的接口都被保护起来,访问接口都会出现提示框如下

    最基本配置如下:

     效果如下:

     控制台会有一个生成的密码:

    基本原理,是每个过滤器处理一种认证方式:

     

    自定义用户认证逻辑:

     

     UserDetails和User类都是框架自带,User类带有很多属性方法,比如是否过期之类的,按需使用。如下,就多用几个

     加密解密器,用上面一个

     可以使用自带的实现类,也可以自己实现类

     

     

     

     

     

     1 /**
 2  * 
 3  */
 4 package com.imooc.security.browser;
 5 
 6 import java.io.IOException;
 7 
 8 import javax.servlet.http.HttpServletRequest;
 9 import javax.servlet.http.HttpServletResponse;
10 
11 import org.apache.commons.lang.StringUtils;
12 import org.slf4j.Logger;
13 import org.slf4j.LoggerFactory;
14 import org.springframework.beans.factory.annotation.Autowired;
15 import org.springframework.http.HttpStatus;
16 import org.springframework.security.web.DefaultRedirectStrategy;
17 import org.springframework.security.web.RedirectStrategy;
18 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
19 import org.springframework.security.web.savedrequest.RequestCache;
20 import org.springframework.security.web.savedrequest.SavedRequest;
21 import org.springframework.web.bind.annotation.RequestMapping;
22 import org.springframework.web.bind.annotation.ResponseStatus;
23 import org.springframework.web.bind.annotation.RestController;
24 
25 import com.imooc.security.browser.support.SimpleResponse;
26 import com.imooc.security.core.properties.SecurityProperties;
27 
28 /**
29  * @author zhailiang
30  *
31  */
32 @RestController
33 public class BrowserSecurityController {
34     
35     private Logger logger = LoggerFactory.getLogger(getClass());
36 
37     private RequestCache requestCache = new HttpSessionRequestCache();
38     
39     private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
40     
41     @Autowired
42     private SecurityProperties securityProperties;
43 
44     /**
45      * 当需要身份认证时,跳转到这里
46      * 
47      * @param request
48      * @param response
49      * @return
50      * @throws IOException 
51      */
52     @RequestMapping("/authentication/require")
53     @ResponseStatus(code = HttpStatus.UNAUTHORIZED)
54     public SimpleResponse requireAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException {
55 
56         SavedRequest savedRequest = requestCache.getRequest(request, response);
57 
58         if (savedRequest != null) {
59             String targetUrl = savedRequest.getRedirectUrl();
60             logger.info("引发跳转的请求是:"+targetUrl);
61             if(StringUtils.endsWithIgnoreCase(targetUrl, ".html")){
62                 redirectStrategy.sendRedirect(request, response, securityProperties.getBrowser().getLoginPage());
63             }
64         }
65 
66         return new SimpleResponse("访问的服务需要身份认证,请引导用户到登录页");
67     }
68 
69 }

    自定义成功处理器,失败处理器

    加入配置

     

    下面改进,可以继承框架已有的类,复用逻辑

     1 /**
 2  * 
 3  */
 4 package com.imooc.security.browser.authentication;
 5 
 6 import java.io.IOException;
 7 
 8 import javax.servlet.ServletException;
 9 import javax.servlet.http.HttpServletRequest;
10 import javax.servlet.http.HttpServletResponse;
11 
12 import org.slf4j.Logger;
13 import org.slf4j.LoggerFactory;
14 import org.springframework.beans.factory.annotation.Autowired;
15 import org.springframework.security.core.Authentication;
16 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
17 import org.springframework.stereotype.Component;
18 
19 import com.fasterxml.jackson.databind.ObjectMapper;
20 import com.imooc.security.core.properties.LoginType;
21 import com.imooc.security.core.properties.SecurityProperties;
22 
23 /**
24  * @author zhailiang
25  *
26  */
27 @Component("imoocAuthenticationSuccessHandler")
28 public class ImoocAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
29 
30     private Logger logger = LoggerFactory.getLogger(getClass());
31 
32     @Autowired
33     private ObjectMapper objectMapper;
34 
35     @Autowired
36     private SecurityProperties securityProperties;
37 
38     /*
39      * (non-Javadoc)
40      * 
41      * @see org.springframework.security.web.authentication.
42      * AuthenticationSuccessHandler#onAuthenticationSuccess(javax.servlet.http.
43      * HttpServletRequest, javax.servlet.http.HttpServletResponse,
44      * org.springframework.security.core.Authentication)
45      */
46     @Override
47     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
48             Authentication authentication) throws IOException, ServletException {
49 
50         logger.info("登录成功");
51 
52         if (LoginType.JSON.equals(securityProperties.getBrowser().getLoginType())) {
53             response.setContentType("application/json;charset=UTF-8");
54             response.getWriter().write(objectMapper.writeValueAsString(authentication));
55         } else {
56             super.onAuthenticationSuccess(request, response, authentication);
57         }
58 
59     }
60 
61 }
    View Code
     1 /**
 2  * 
 3  */
 4 package com.imooc.security.browser.authentication;
 5 
 6 import java.io.IOException;
 7 
 8 import javax.servlet.ServletException;
 9 import javax.servlet.http.HttpServletRequest;
10 import javax.servlet.http.HttpServletResponse;
11 
12 import org.slf4j.Logger;
13 import org.slf4j.LoggerFactory;
14 import org.springframework.beans.factory.annotation.Autowired;
15 import org.springframework.security.core.Authentication;
16 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
17 import org.springframework.stereotype.Component;
18 
19 import com.fasterxml.jackson.databind.ObjectMapper;
20 import com.imooc.security.core.properties.LoginType;
21 import com.imooc.security.core.properties.SecurityProperties;
22 
23 /**
24  * @author zhailiang
25  *
26  */
27 @Component("imoocAuthenticationSuccessHandler")
28 public class ImoocAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
29 
30     private Logger logger = LoggerFactory.getLogger(getClass());
31 
32     @Autowired
33     private ObjectMapper objectMapper;
34 
35     @Autowired
36     private SecurityProperties securityProperties;
37 
38     /*
39      * (non-Javadoc)
40      * 
41      * @see org.springframework.security.web.authentication.
42      * AuthenticationSuccessHandler#onAuthenticationSuccess(javax.servlet.http.
43      * HttpServletRequest, javax.servlet.http.HttpServletResponse,
44      * org.springframework.security.core.Authentication)
45      */
46     @Override
47     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
48             Authentication authentication) throws IOException, ServletException {
49 
50         logger.info("登录成功");
51 
52         if (LoginType.JSON.equals(securityProperties.getBrowser().getLoginType())) {
53             response.setContentType("application/json;charset=UTF-8");
54             response.getWriter().write(objectMapper.writeValueAsString(authentication));
55         } else {
56             super.onAuthenticationSuccess(request, response, authentication);
57         }
58 
59     }
60 
61 }
    View Code
  • 相关阅读:
    数组
    基本类型与封装类
    类与对象以及引用以及内存
    (一)eclipse Dynamic web project 工程目录以及文件路径问题
    jdbc
    连接
    curl命令
    java annotation
    websocket
    Trie(前缀树)和ternary trie和binary search tree
  • 原文地址:https://www.cnblogs.com/buxiu/p/14063776.html
Copyright © 2020-2023  润新知