系列博文
项目已上传至guthub 传送门
JavaWeb-SpringSecurity初认识 传送门
JavaWeb-SpringSecurity在数据库中查询登陆用户 传送门
JavaWeb-SpringSecurity自定义登陆页面 传送门
JavaWeb-SpringSecurity实现需求-判断请求是否以html结尾 传送门
JavaWeb-SpringSecurity自定义登陆配置 传送门
JavaWeb-SpringSecurity图片验证ImageCode 传送门
JavaWeb-SpringSecurity记住我功能 传送门
JavaWeb-SpringSecurity使用短信验证码登陆 传送门
使用Restful自定义登陆配置
自定义登陆成功后的Handler
添加hhandler类库,创建LoginSuccessHandler.class,实现用户成功登陆Handler
@Override
//登陆成功之后会调用的函数
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
//封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub
System.out.println("登陆成功");
response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(authentication));
}
在SecurityConfig.java中配置configure()方法
protected void configure(HttpSecurity http) throws Exception{
//表单验证(身份认证)
http.formLogin()
//自定义登陆页面
.loginPage("/require")
//如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
.loginProcessingUrl("/loginPage")
//配置登陆成功调用loginSuccessHandler
.successHandler(loginSuccessHandler)
.and()
//请求授权
.authorizeRequests()
//在访问我们的URL时,我们是不需要省份认证,可以立即访问
.antMatchers("/login.html","/require").permitAll()
//所有请求都被拦截,跳转到(/login请求中)
.anyRequest()
//都需要我们身份认证
.authenticated()
//SpringSecurity保护机制
.and().csrf().disable();
}
package com.Gary.GaryRESTful.handler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import com.fasterxml.jackson.databind.ObjectMapper;
@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler{
//将我们的authentication转换为json所需要的类
@Autowired
private ObjectMapper objectMapper;
@Override
//登陆成功之后会调用的函数
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
//封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub
System.out.println("登陆成功");
response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(authentication));
}
}
package com.Gary.GaryRESTful.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import com.Gary.GaryRESTful.handler.LoginSuccessHandler;
//Web应用安全适配器
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{
//告诉SpringSecurity密码用什么加密的
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
}
@Autowired
private LoginSuccessHandler loginSuccessHandler;
protected void configure(HttpSecurity http) throws Exception{
//表单验证(身份认证)
http.formLogin()
//自定义登陆页面
.loginPage("/require")
//如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
.loginProcessingUrl("/loginPage")
//配置登陆成功调用loginSuccessHandler
.successHandler(loginSuccessHandler)
.and()
//请求授权
.authorizeRequests()
//在访问我们的URL时,我们是不需要省份认证,可以立即访问
.antMatchers("/login.html","/require").permitAll()
//所有请求都被拦截,跳转到(/login请求中)
.anyRequest()
//都需要我们身份认证
.authenticated()
//SpringSecurity保护机制
.and().csrf().disable();
}
}
//用户权限
authorities:
//认证请求的信息(ip,session)
details
//用户是否已经通过了我们的身份认证
authenticated
//UserDetails
principal
//用户输入的密码
credentials
//用户名
name
用户登陆失败后的Handler
@Override
//登陆不成功产生的错误
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
System.out.println("登陆失败");
//设置返回的状态码 500
response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(exception));
}
在SecurityConfig.java中配置configure()方法
protected void configure(HttpSecurity http) throws Exception{
//表单验证(身份认证)
http.formLogin()
//自定义登陆页面
.loginPage("/require")
//如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
.loginProcessingUrl("/loginPage")
//配置登陆成功调用loginSuccessHandler
.successHandler(loginSuccessHandler)
//配置登陆失败调用loginFailureHandler
.failureHandler(loginFailureHandler)
.and()
//请求授权
.authorizeRequests()
//在访问我们的URL时,我们是不需要省份认证,可以立即访问
.antMatchers("/login.html","/require").permitAll()
//所有请求都被拦截,跳转到(/login请求中)
.anyRequest()
//都需要我们身份认证
.authenticated()
//SpringSecurity保护机制
.and().csrf().disable();
}
package com.Gary.GaryRESTful.handler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import com.fasterxml.jackson.databind.ObjectMapper;
@Component
public class LoginFailureHandler implements AuthenticationFailureHandler{
//将我们的authentication转换为json所需要的类
@Autowired
private ObjectMapper objectMapper;
@Override
//登陆不成功产生的错误
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
System.out.println("登陆失败");
//设置返回的状态码 500
response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(exception));
}
}
package com.Gary.GaryRESTful.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import com.Gary.GaryRESTful.handler.LoginFailureHandler;
import com.Gary.GaryRESTful.handler.LoginSuccessHandler;
//Web应用安全适配器
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{
//告诉SpringSecurity密码用什么加密的
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
}
@Autowired
private LoginSuccessHandler loginSuccessHandler;
@Autowired
private LoginFailureHandler loginFailureHandler;
protected void configure(HttpSecurity http) throws Exception{
//表单验证(身份认证)
http.formLogin()
//自定义登陆页面
.loginPage("/require")
//如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
.loginProcessingUrl("/loginPage")
//配置登陆成功调用loginSuccessHandler
.successHandler(loginSuccessHandler)
//配置登陆失败调用loginFailureHandler
.failureHandler(loginFailureHandler)
.and()
//请求授权
.authorizeRequests()
//在访问我们的URL时,我们是不需要省份认证,可以立即访问
.antMatchers("/login.html","/require").permitAll()
//所有请求都被拦截,跳转到(/login请求中)
.anyRequest()
//都需要我们身份认证
.authenticated()
//SpringSecurity保护机制
.and().csrf().disable();
}
}
用户自定义登陆配置
在application.properties中配置gary.security.loginType为JSON
当用户登陆成功时,当用户打印出登陆成功信息(JSON格式)
@Override
//登陆成功之后会调用的函数
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
//封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub
System.out.println("登陆成功");
System.out.println(garySecurityProperties.getLoginType());
response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(authentication));
}
#datasource
spring.datasource.url=jdbc:mysql:///springsecurity?serverTimezone=UTC&characterEncoding=utf-8
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.dricer-class-name=com.mysql.jdbc.Driver
#jpa
#打印出数据库语句
spring.jpa.show-sql=true
#更新数据库表
spring.jpa.hibernate.ddl-auto=update
gary.security.loginType = JSON
package com.Gary.GaryRESTful.properties;
import org.springframework.boot.context.properties.ConfigurationProperties;
@ConfigurationProperties(prefix = "gary.security")
public class GarySecurityProperties {
//LoginType登陆的方式,默认为JSON(restful设计风格)
private LoginType loginType = LoginType.JSON;
public LoginType getLoginType() {
return loginType;
}
public void setLoginType(LoginType loginType) {
this.loginType = loginType;
}
}
package com.Gary.GaryRESTful.properties;
//登陆的方式
public enum LoginType {
JSON,
REDIRECT
}
package com.Gary.GaryRESTful.properties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;
@Configuration
//让我们的配置生效
@EnableConfigurationProperties(GarySecurityProperties.class)
public class GarySecurityConfig {
}
package com.Gary.GaryRESTful.handler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import com.fasterxml.jackson.databind.ObjectMapper;
@Component
public class LoginFailureHandler implements AuthenticationFailureHandler{
//将我们的authentication转换为json所需要的类
@Autowired
private ObjectMapper objectMapper;
@Override
//登陆不成功产生的错误
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
System.out.println("登陆失败");
//设置返回的状态码 500 SC_INTERNAL_SERVER_ERROR
response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(exception));
}
}
package com.Gary.GaryRESTful.handler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import com.Gary.GaryRESTful.properties.GarySecurityProperties;
import com.fasterxml.jackson.databind.ObjectMapper;
@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler{
//将我们的authentication转换为json所需要的类
@Autowired
private ObjectMapper objectMapper;
@Autowired
private GarySecurityProperties garySecurityProperties;
@Override
//登陆成功之后会调用的函数
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
//封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub
System.out.println("登陆成功");
System.out.println(garySecurityProperties.getLoginType());
response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(authentication));
}
}
为提高软件通用性
在application.properties中配置gary.security.loginType为REDIRECT(重定向)
当用户登陆成功时,LoginSuccessHandler重定向到default.jsp继承SavedRequestAwareAuthenticationSuccessHandler,SavedRequestAwareAuthenticationSuccessHandler为SpringSecurity默认处理机制
@Override
//登陆成功之后会调用的函数
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
//封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub
System.out.println("登陆成功");
if(LoginType.JSON.equals(garySecurityProperties.getLoginType()))
{
response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(authentication));
}
else
{
//调用父类中的方法,跳转到其它页面
super.onAuthenticationSuccess(request, response, authentication);
}
}
当用户登陆失败时,springsecurity进行对请求的拦截
//登陆不成功产生的错误
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
System.out.println("登陆失败");
if(LoginType.JSON.equals(garySecurityProperties.getLoginType()))
{
//设置返回的状态码 500 SC_INTERNAL_SERVER_ERROR
response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(exception));
}
else
{
//调用父类中的方法,跳转到其它页面
super.onAuthenticationFailure(request, response, exception);
}
#datasource
spring.datasource.url=jdbc:mysql:///springsecurity?serverTimezone=UTC&characterEncoding=utf-8
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.dricer-class-name=com.mysql.jdbc.Driver
#jpa
#打印出数据库语句
spring.jpa.show-sql=true
#更新数据库表
spring.jpa.hibernate.ddl-auto=update
gary.security.loginType = REDIRECT
package com.Gary.GaryRESTful.handler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import com.Gary.GaryRESTful.properties.GarySecurityProperties;
import com.Gary.GaryRESTful.properties.LoginType;
import com.fasterxml.jackson.databind.ObjectMapper;
@Component
//SavedRequestAwareAuthenticationSuccessHandler为SpringSecurity默认处理机制
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{
//将我们的authentication转换为json所需要的类
@Autowired
private ObjectMapper objectMapper;
@Autowired
private GarySecurityProperties garySecurityProperties;
@Override
//登陆成功之后会调用的函数
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
//封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub
System.out.println("登陆成功");
if(LoginType.JSON.equals(garySecurityProperties.getLoginType()))
{
response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(authentication));
}
else
{
//调用父类中的方法,跳转到其它页面
super.onAuthenticationSuccess(request, response, authentication);
}
}
}
package com.Gary.GaryRESTful.handler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import com.Gary.GaryRESTful.properties.GarySecurityProperties;
import com.Gary.GaryRESTful.properties.LoginType;
import com.fasterxml.jackson.databind.ObjectMapper;
@Component
//springsecurity默认处理器
public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler{
//将我们的authentication转换为json所需要的类
@Autowired
private ObjectMapper objectMapper;
@Autowired
//我们自己的配置
private GarySecurityProperties garySecurityProperties;
@Override
//登陆不成功产生的错误
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
System.out.println("登陆失败");
if(LoginType.JSON.equals(garySecurityProperties.getLoginType()))
{
//设置返回的状态码 500 SC_INTERNAL_SERVER_ERROR
response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(exception));
}
else
{
//调用父类中的方法,跳转到其它页面
super.onAuthenticationFailure(request, response, exception);
}
}
}
来源:oschina
链接:https://my.oschina.net/u/4380991/blog/3359427