spring security4 添加验证码

http://www.itwendao.com/article/detail/165400.html

http://www.itdadao.com/articles/c15a754492p0.html

@Bean
public EmbeddedServletContainerCustomizer containerCustomizer() {
return new EmbeddedServletContainerCustomizer() {
@Override
public void customize(ConfigurableEmbeddedServletContainer container) {
container.addErrorPages(new ErrorPage(HttpStatus.NOT_FOUND, "/404"));
container.addErrorPages(new ErrorPage(HttpStatus.INTERNAL_SERVER_ERROR, "/500"));
}
};
}

http://www.cnblogs.com/xinzhao/p/4934247.html?utm_source=tuicool&utm_medium=referral

https://stackoverflow.com/questions/29783059/redirect-in-a-filter-with-spring-boot/29789630

在spring security的内置login处理是无法满足要求的,需要自己进行各种定制。这里介绍login中实现验证码的实现。

实现方法

可以有三种方法可以实现验证码的功能

第一种

自定义一个filter,放在SpringSecurity过滤器之前,在用户登录的时候会先经过这个filter,然后在这个filter中实现对验证码进行验证的功能,这种方法不推荐,因为它已经脱离了SpringSecurity

第二种

自定义一个filter让它继承自UsernamePasswordAuthenticationFilter,然后重写attemptAuthentication方法在这个方法中实现验证码的功能,如果验证码错误就抛出一个继承自AuthenticationException的验证吗错误的异常比如(CaptchaException),然后这个异常就会被SpringSecurity捕获到并将异常信息返回到前台,这种实现起来比较简单。
譬如:LoginAuthenticationFilter.java

import com.google.code.kaptcha.Constants;
import com.tangcheng.app.domain.exception.CaptchaException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; public class LoginAuthenticationFilter extends UsernamePasswordAuthenticationFilter { public LoginAuthenticationFilter() {
AntPathRequestMatcher requestMatcher = new AntPathRequestMatcher("/login", "POST");
this.setRequiresAuthenticationRequestMatcher(requestMatcher);
this.setAuthenticationManager(getAuthenticationManager());
// this.setAuthenticationFailureHandler(new LoginAuthenticationFailureHandler());
} @Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
String verification = request.getParameter("code");
String captcha = (String) request.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY); if (!captcha.contentEquals(verification)) {
throw new CaptchaException("captcha code not matched!");
}
return super.attemptAuthentication(request, response);
}
}

java config:

public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
LoginAuthenticationFilter loginAuthenticationFilter = new LoginAuthenticationFilter();
loginAuthenticationFilter.setAuthenticationManager(authenticationManager());
loginAuthenticationFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
....
http.authorizeRequests()

...

.addFilterBefore(loginAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
...

自定义的跳转url,方便前端进行友好提示

    @Bean
public AuthenticationFailureHandler authenticationFailureHandler() {
ExceptionMappingAuthenticationFailureHandler failureHandler = new ExceptionMappingAuthenticationFailureHandler();
Map<String, String> failureUrlMap = new HashMap<>();
failureUrlMap.put(BadCredentialsException.class.getName(), LoginAuthenticationFailureHandler.PASS_ERROR_URL);
failureUrlMap.put(CaptchaException.class.getName(), LoginAuthenticationFailureHandler.CODE_ERROR_URL);
failureUrlMap.put(AccountExpiredException.class.getName(), LoginAuthenticationFailureHandler.EXPIRED_URL);
failureUrlMap.put(LockedException.class.getName(), LoginAuthenticationFailureHandler.LOCKED_URL);
failureUrlMap.put(DisabledException.class.getName(), LoginAuthenticationFailureHandler.DISABLED_URL);
failureHandler.setExceptionMappings(failureUrlMap);
return failureHandler;
}
package com.tangcheng.app.rest.security;

import com.tangcheng.app.domain.exception.CaptchaException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException; /**
* Created by tangcheng on 5/21/2017.
*/
public class LoginAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
public static final String PASS_ERROR_URL = "/login?error";
public static final String CODE_ERROR_URL = "/login?code";
public static final String EXPIRED_URL = "/login?expire";
public static final String DISABLED_URL = "/login?disabled";
public static final String LOCKED_URL = "/login?locked"; @Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { if (exception instanceof CaptchaException) {
getRedirectStrategy().sendRedirect(request, response, CODE_ERROR_URL);
} else {
getRedirectStrategy().sendRedirect(request, response, PASS_ERROR_URL);
}
}
}

https://github.com/helloworldtang/spring-boot-cookbook/blob/master/app/src/main/java/com/tangcheng/app/api/rest/security/LoginAuthenticationFailureHandler.java

或xml配置:

<bean id="loginFilter" class="com.zrhis.system.security.DefaultUsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/index.jsp"></property>
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login.jsp"></property>
</bean>
</property>
</bean>

最后在http中加入custom-filter配置,将这个filter放在SpringSecurity的FORM_LOGIN_FILTER之前.

<custom-filter ref="loginFilter" before="FORM_LOGIN_FILTER"/>  

第三种

直接替换掉SpringSecurity的UsernamePasswordAuthenticationFilter,这种比较复杂,但是更为合理,也是我现在正在用的。 
如果用这种方法那么http 中的auto-config就必须去掉,而form-login配置也必须去掉,因为这个不需要了,里面的属性都需要我们自行注入。

首先需要创建并配置一个login.jsp作为登录页面EntryPoint

<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login.jsp" />
</bean>

然后在http中配置下

<sec:http access-decision-manager-ref="accessDecisionManager"  entry-point-ref="authenticationEntryPoint">  

然后我们来写CaptchaAuthenticationFilter,同样需要继承自UsernamePasswordAuthenticationFilter

public class CaptchaAuthenticationFilter extends UsernamePasswordAuthenticationFilter{  

    public static final String SPRING_SECURITY_FORM_CAPTCHA_KEY = "j_captcha";
public static final String SESSION_GENERATED_CAPTCHA_KEY = Constant.SESSION_GENERATED_CAPTCHA_KEY; private String captchaParameter = SPRING_SECURITY_FORM_CAPTCHA_KEY; public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException { String genCode = this.obtainGeneratedCaptcha(request);
String inputCode = this.obtainCaptcha(request);
if(genCode == null)
throw new CaptchaException(this.messages.getMessage("LoginAuthentication.captchaInvalid"));
if(!genCode.equalsIgnoreCase(inputCode)){
throw new CaptchaException(this.messages.getMessage("LoginAuthentication.captchaNotEquals"));
} return super.attemptAuthentication(request, response);
} protected String obtainCaptcha(HttpServletRequest request){
return request.getParameter(this.captchaParameter);
} protected String obtainGeneratedCaptcha (HttpServletRequest request){
return (String)request.getSession().getAttribute(SESSION_GENERATED_CAPTCHA_KEY);
} }

Java Config:

public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
CaptchaAuthenticationFilter loginAuthenticationFilter = new CaptchaAuthenticationFilter();
loginAuthenticationFilter.setAuthenticationManager(authenticationManager());
loginAuthenticationFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
....
http.authorizeRequests()

...

.addFilterBefore(loginAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
...

自定义的跳转url,方便前端进行友好提示

    @Bean
public AuthenticationFailureHandler authenticationFailureHandler() {
ExceptionMappingAuthenticationFailureHandler failureHandler = new ExceptionMappingAuthenticationFailureHandler();
Map<String, String> failureUrlMap = new HashMap<>();
failureUrlMap.put(BadCredentialsException.class.getName(), LoginAuthenticationFailureHandler.PASS_ERROR_URL);
failureUrlMap.put(CaptchaException.class.getName(), LoginAuthenticationFailureHandler.CODE_ERROR_URL);
failureUrlMap.put(AccountExpiredException.class.getName(), LoginAuthenticationFailureHandler.EXPIRED_URL);
failureUrlMap.put(LockedException.class.getName(), LoginAuthenticationFailureHandler.LOCKED_URL);
failureUrlMap.put(DisabledException.class.getName(), LoginAuthenticationFailureHandler.DISABLED_URL);
failureHandler.setExceptionMappings(failureUrlMap);
return failureHandler;
}

或XML配置:

在配置文件中配置CaptchaAuthenticationFilter

<bean id="captchaAuthenticaionFilter" class="com.zrhis.system.security.CaptchaAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
<property name="filterProcessesUrl" value="/login.do" />
</bean> <bean id="authenticationSuccessHandler" class="com.zrhis.system.security.SimpleLoginSuccessHandler">
<property name="defaultTargetUrl" value="/WEB-INF/app.jsp"></property>
<property name="forwardToDestination" value="true"></property>
</bean>
<bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login.jsp" />
</bean>

从配置文件中就可以看出来authenticationManager、authenticationFailureHandler、authenticationSuccessHandler、filterProcessesUrl等都需要我们自行注入了。

filterProcessesUrl定义的是登录验证的地址,默认的是j_spring_security_check这里我们改成login.do

authenticationSuccessHandler中的defaultTargetUrl定义的是登录成功后跳转到的页面

authenticationFailureHandler中的defaultTargetUrl定义的是登录失败后跳转到的页面

我们的首页app.jsp在/WEB-INF下所以需要使用服务器跳转,所以需要将forwardToDestination设为true,因为客户端跳转是不能直接访问WEB-INF下的内容的。

最后在http中将FORM_LOGIN_FILTER替换掉,最终http中完整的配置就变成了下面的内容

<sec:http access-decision-manager-ref="accessDecisionManager"
entry-point-ref="authenticationEntryPoint"> <sec:access-denied-handler ref="accessDeniedHandler"/> <sec:session-management invalid-session-url="/login.jsp" /> <sec:custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR"/>
<sec:custom-filter ref="captchaAuthenticaionFilter" position="FORM_LOGIN_FILTER"/>
</sec:http>

custom-filter中before是在这个filter之前,after是之后,position是替换。

http://www.infocool.net/kb/WWW/201701/268891.html

 在使用Spring Security框架过程中,经常会有这样的需求,即在登录验证时,附带增加额外的数据,如验证码、用户类型等。下面将介绍如何实现。

  注:我的工程是在Spring Boot框架基础上的,使用xml方式配置的话请读者自行研究吧。

  • 实现自定义的WebAuthenticationDetails

  该类提供了获取用户登录时携带的额外信息的功能,默认实现WebAuthenticationDetails提供了remoteAddress与sessionId信息。开发者可以通过Authentication的getDetails()获取WebAuthenticationDetails。我们编写自定义类CustomWebAuthenticationDetails继承自WebAuthenticationDetails,添加我们关心的数据(以下是一个token字段)。

package com.courses.service;

import javax.servlet.http.HttpServletRequest;

import org.springframework.security.web.authentication.WebAuthenticationDetails;

public class CustomWebAuthenticationDetails extends WebAuthenticationDetails {
/**
*
*/
private static final long serialVersionUID = 6975601077710753878L;
private final String token; public CustomWebAuthenticationDetails(HttpServletRequest request) {
super(request);
token = request.getParameter("token");
} public String getToken() {
return token;
} @Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append(super.toString()).append("; Token: ").append(this.getToken());
return sb.toString();
}
}

  注:在登录页面,可将token字段放在form表单中,也可以直接加在url的参数中,进而把额外数据发送给后台。

  • 实现自定义的AuthenticationDetailsSource

  该接口用于在Spring Security登录过程中对用户的登录信息的详细信息进行填充,默认实现是WebAuthenticationDetailsSource,生成上面的默认实现WebAuthenticationDetails。我们编写类实现AuthenticationDetailsSource,用于生成上面自定义的CustomWebAuthenticationDetails。

package com.courses.service;

import javax.servlet.http.HttpServletRequest;

import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.stereotype.Component; @Component
public class CustomAuthenticationDetailsSource implements AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> { @Override
public WebAuthenticationDetails buildDetails(HttpServletRequest context) {
return new CustomWebAuthenticationDetails(context);
}
}
  • 配置使用自定义的AuthenticationDetailsSource

  只要看这一句.formLogin().authenticationDetailsSource(authenticationDetailsSource)

    @Autowired
private AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> authenticationDetailsSource; protected void configure(HttpSecurity http) throws Exception {
http
.headers()
.cacheControl()
.contentTypeOptions()
.httpStrictTransportSecurity()
.xssProtection()
.and()
.authorizeRequests()
.antMatchers(
"/css/**",
"/js/**")
.permitAll()
.antMatchers("/**")
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.defaultSuccessUrl("/todo.html", true)
.authenticationDetailsSource(authenticationDetailsSource)
.and()
.logout()
.logoutUrl("/logout")
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login")
.and()
.csrf().disable();
}
  • 实现自定义的AuthenticationProvider

  AuthenticationProvider提供登录验证处理逻辑,我们实现该接口编写自己的验证逻辑。

package com.courses.service;

import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component; @Component
public class CustomAuthenticationProvider implements AuthenticationProvider { @Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
CustomWebAuthenticationDetails details = (CustomWebAuthenticationDetails) authentication.getDetails(); // 如上面的介绍,这里通过authentication.getDetails()获取详细信息
// System.out.println(details); details.getRemoteAddress(); details.getSessionId(); details.getToken();
// 下面是验证逻辑,验证通过则返回UsernamePasswordAuthenticationToken,
// 否则,可直接抛出错误(AuthenticationException的子类,在登录验证不通过重定向至登录页时可通过session.SPRING_SECURITY_LAST_EXCEPTION.message获取具体错误提示信息)
if (验证通过) {
return UsernamePasswordAuthenticationToken(省略参数);
} else {
throw new AuthenticationException的子类("你要显示的错误信息")
}
} @Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
} }
  • 配置使用自定义的AuthenticationProvider

      @Autowired
    private AuthenticationProvider authenticationProvider;   @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(authenticationProvider);
    }

http://www.cnblogs.com/phoenix-smile/p/5666686.html

    @Bean
public AuthenticationFailureHandler authenticationFailureHandler() {
ExceptionMappingAuthenticationFailureHandler failureHandler = new ExceptionMappingAuthenticationFailureHandler();
Map<String, String> failureUrlMap = new HashMap<>();
failureUrlMap.put(AccountExpiredException.class.getName(), LoginAuthenticationFailureHandler.EXPIRE_URL);
failureUrlMap.put(BadCredentialsException.class.getName(), LoginAuthenticationFailureHandler.PASS_ERROR_URL);
failureUrlMap.put(CaptchaException.class.getName(), LoginAuthenticationFailureHandler.KAPTCHA_ERROR_URL);
failureHandler.setExceptionMappings(failureUrlMap);
return failureHandler;
}
Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified
at org.springframework.util.Assert.notNull(Assert.java:134)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.afterPropertiesSet(AbstractAuthenticationProcessingFilter.java:164)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1687)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1624)
... 24 common frames omitted
<sec:custom-filter position="FORM_LOGIN_FILTER" ref="formLoginFilter" />
<bean id="formLoginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="filterProcessesUrl" value="/j_spring_security_check"/>
<property name="usernameParameter" value="username "/>
<property name="passwordParameter" value="password"/>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler ">
<property name="alwaysUseDefaultTargetUrl" value="true"/>
<property name="defaultTargetUrl" value="/success.jsp"/>
</bean>
</property>
<property name="authenticationFailureHandler">
<!--bean class=" org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler "/-->
<bean id="authenticationFailureHandler" class="
org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
<property name="exceptionMappings">
<props>
<prop key="org.springframework.security.authentication.BadCredentialsException">/login/badCredentials</prop>
<prop key="org.springframework.security.authentication.CredentialsExpiredException">/login/credentialsExpired</prop>
<prop key="org.springframework.security.authentication.LockedException">/login/accountLocked</prop>
<prop key="org.springframework.security.authentication.DisabledException">/login/accountDisabled</prop>
</props>
</property>
</bean>
</property>
</bean>

http://www.jdon.com/dl/best/spring-security.html

最后就是最重要的security config 了:

import com.service.user.CustomerService;
import com.web.filter.SiteMeshFilter;
import com.web.mySecurity.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
import org.springframework.web.filter.CharacterEncodingFilter; import javax.servlet.DispatcherType;
import javax.servlet.FilterRegistration;
import javax.servlet.ServletContext;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.List; @Configuration
@EnableWebSecurity
public class SecurityConfig extends AbstractSecurityWebApplicationInitializer { @Bean
public PasswordEncoder passwordEncoder() {
return new StandardPasswordEncoder("MD5");
} @Autowired
private CustomerService customerService; @Configuration
@Order(1)
public static class FrontendWebSecurityConfigureAdapter extends WebSecurityConfigurerAdapter { @Autowired
private MyValidCodeProcessingFilter myValidCodeProcessingFilter; @Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/user/login", "/user/logout").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(myValidCodeProcessingFilter, UsernamePasswordAuthenticationFilter.class)
.formLogin()
.loginPage("/user/login")
.and()
.logout()
.logoutUrl("/user/logout")
.logoutSuccessUrl("/user/login");
} } @Bean(name = "frontAuthenticationProvider")
public MyAuthenticationProvider frontAuthenticationProvider() {
MyAuthenticationProvider myAuthenticationProvider = new MyAuthenticationProvider();
myAuthenticationProvider.setUserDetailsService(customerService);
myAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return myAuthenticationProvider;
} @Bean
public AuthenticationManager authenticationManager() {
List<AuthenticationProvider> list = new ArrayList<>();
list.add(frontAuthenticationProvider());
AuthenticationManager authenticationManager = new ProviderManager(list);
return authenticationManager;
} @Bean
public MyValidCodeProcessingFilter myValidCodeProcessingFilter(AuthenticationManager authenticationManager) {
MyValidCodeProcessingFilter filter = new MyValidCodeProcessingFilter();
filter.setAuthenticationManager(authenticationManager);
filter.setAuthenticationSuccessHandler(frontAuthenticationSuccessHandler());
filter.setAuthenticationFailureHandler(frontAuthenticationFailureHandler());
return filter;
} @Bean
public FrontAuthenticationFailureHandler frontAuthenticationFailureHandler() {
return new FrontAuthenticationFailureHandler("/user/login");
} @Bean
public FrontAuthenticationSuccessHandler frontAuthenticationSuccessHandler() {
return new FrontAuthenticationSuccessHandler("/front/test");
} @Bean
public MyAuthenticationEntryPoint myAuthenticationEntryPoint() {
return new MyAuthenticationEntryPoint("/user/login");
} }

http://www.itwendao.com/article/detail/165400.html

Spring Security-- 验证码功能的实现的更多相关文章

  1. SpringBoot学习笔记(2):引入Spring Security

    SpringBoot学习笔记(2):用Spring Security来保护你的应用 快速开始 本指南将引导您完成使用受Spring Security保护的资源创建简单Web应用程序的过程. 参考资料: ...

  2. Spring Security(19)——对Acl的支持

    目录 1.1           准备工作 1.2           表功能介绍 1.2.1     表acl_sid 1.2.2     表acl_class 1.2.3     表acl_obj ...

  3. 214. Spring Security:概述

    前言 在之前介绍过了Shiro之后,有好多粉丝问SpringSecurity在Spring Boot中怎么集成.这个系列我们就和大家分享下有关这方面的知识. 本节大纲 一.什么是SpringSecur ...

  4. 朱晔和你聊Spring系列S1E10:强大且复杂的Spring Security(含OAuth2三角色+三模式完整例子)

    Spring Security功能多,组件抽象程度高,配置方式多样,导致了Spring Security强大且复杂的特性.Spring Security的学习成本几乎是Spring家族中最高的,Spr ...

  5. Spring Security 学习总结

    Spring Security Spring Security是基于Spring提供声明式安全保护的安全性框架.Spring Security提供了完整的安全性解决方案,能够在Web请求级别和方法调用 ...

  6. 整合Spring Security(二十七)

    在这一节,我们将对/hello页面进行权限控制,必须是授权用户才能访问.当没有权限的用户访问后,跳转到登录页面. 添加依赖 在pom.xml中添加如下配置,引入对Spring Security的依赖. ...

  7. Spring Security(一)

    Spring Security(一) 基本原理 前言 Spring Security核心功能 认证(你是谁) 授权(你能干什么) 攻击防护(防止伪造身份) Srping Security基本原理 项目 ...

  8. Spring Boot中使用Spring Security进行安全控制

    我们在编写Web应用时,经常需要对页面做一些安全控制,比如:对于没有访问权限的用户需要转到登录表单页面.要实现访问控制的方法多种多样,可以通过Aop.拦截器实现,也可以通过框架实现(如:Apache ...

  9. 使用Spring Security控制会话

    1.概述 在本文中,我们将说明Spring Security如何允许我们控制HTTP会话.此控件的范围从会话超时到启用并发会话和其他高级安全配置. 2.会话何时创建? 我们可以准确控制会话何时创建以及 ...

  10. 手把手带你入门 Spring Security!

    Spring Security 是 Spring 家族中的一个安全管理框架,实际上,在 Spring Boot 出现之前,Spring Security 就已经发展了多年了,但是使用的并不多,安全管理 ...

随机推荐

  1. ActiveX数据对象之事务控制在VB和DELPHI中的应用

            本文发表在中国人民解放军"信息工程大学"学报 2001年第3期.        ActiveX数据对象之事务控制在VB和DELPHI中的应用             ...

  2. 避免"Physics Space Locked"错误

    在一些cocos2d中使用物理引擎的代码中,往往会出现如下错误: Aborting due to Chipmunk error: You cannot manually reindex objects ...

  3. 安卓笔记--intent传值不更新问题

    今天在学习安卓的过程中,遇到一个问题,就是用intent进行多次传值的话, 他永远是第一次的值 后来发现,intent接收数据被写到了onCreat();方法中,这时候finish();到上一个Act ...

  4. Android特效专辑(七)——飞机升空特效,一键清理缓存,灵活运用动画会有不一样的感受

    Android特效专辑(七)--飞机升空特效,一键清理缓存,灵活运用属性动画 最近的几篇博文反响还不错,也会继续的写下去的,关于这些特效的专辑,大多数也是借鉴大神的,最近由于工作的关系,会深入的了解一 ...

  5. index() checkbox单选问题

    index() 只对兄弟节点有用 如果这种结构要选择checkbox 时用prop附加属性 removeAttr清楚属性 $('.checkbox').prop('checked',true) $(' ...

  6. 开启flume的远程调试功能

    各种组件,比如tomcat.storm.flume,我们都可以通过JMX方式开启远程调试,主要可以用来跟踪源码,了解程序内部的运行机制,其次,也有利于你修改源码. 首先,本质上是要修改flume本身启 ...

  7. c语言,文件操作总结

    C语言文件操作 一.标准文件的读写 1.文件的打开 fopen() 文件的打开操作表示将给用户指定的文件在内存分配一个FILE结构区,并将该结构的指针返回给用户程序,以后用户程序就可用此FILE指针来 ...

  8. Linux 库函数与系统调用的关系与区别

    上周总结了<C 标准库的基础 IO>,其实这些功能函数通过「系统调用」也能实现相应功能.这次文章并不是要详细介绍各系统调用接口的使用方法,而是要深入理解「库函数」与「系统」调用之间的关系和 ...

  9. 推荐 git community book 中文版

    官方地址:http://Git.seyren.com/index.html 或者 http://gitbook.liuhui998.com/ book@github项目地址: https://gith ...

  10. 第一次作业 orm环境构建(hibernate)及基本的demo

    一.数据库 1.创建数据库hibernate01-1514010311 2.创建表 customer CREATE TABLE customer( id int(11) not null auto_i ...