JavaWeb-SpringSecurity自定义登陆配置
系列博文
项目已上传至guthub 传送门
JavaWeb-SpringSecurity初认识 传送门
JavaWeb-SpringSecurity在数据库中查询登陆用户 传送门
JavaWeb-SpringSecurity自定义登陆页面 传送门
JavaWeb-SpringSecurity实现需求-判断请求是否以html结尾 传送门
JavaWeb-SpringSecurity自定义登陆配置 传送门
JavaWeb-SpringSecurity图片验证ImageCode 传送门
JavaWeb-SpringSecurity记住我功能 传送门
JavaWeb-SpringSecurity使用短信验证码登陆 传送门
使用Restful自定义登陆配置
自定义登陆成功后的Handler
添加hhandler类库,创建LoginSuccessHandler.class,实现用户成功登陆Handler
@Override
//登陆成功之后会调用的函数
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
//封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub System.out.println("登陆成功"); response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(authentication)); }
在SecurityConfig.java中配置configure()方法
protected void configure(HttpSecurity http) throws Exception{
//表单验证(身份认证)
http.formLogin()
//自定义登陆页面
.loginPage("/require")
//如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
.loginProcessingUrl("/loginPage")
//配置登陆成功调用loginSuccessHandler
.successHandler(loginSuccessHandler)
.and()
//请求授权
.authorizeRequests()
//在访问我们的URL时,我们是不需要省份认证,可以立即访问
.antMatchers("/login.html","/require").permitAll()
//所有请求都被拦截,跳转到(/login请求中)
.anyRequest()
//都需要我们身份认证
.authenticated()
//SpringSecurity保护机制
.and().csrf().disable();
}
package com.Gary.GaryRESTful.handler; import java.io.IOException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component; import com.fasterxml.jackson.databind.ObjectMapper; @Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler{ //将我们的authentication转换为json所需要的类
@Autowired
private ObjectMapper objectMapper; @Override
//登陆成功之后会调用的函数
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
//封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub System.out.println("登陆成功"); response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(authentication)); } }
LoginSuccessHandler.java
package com.Gary.GaryRESTful.config; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import com.Gary.GaryRESTful.handler.LoginSuccessHandler; //Web应用安全适配器
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{ //告诉SpringSecurity密码用什么加密的
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
} @Autowired
private LoginSuccessHandler loginSuccessHandler; protected void configure(HttpSecurity http) throws Exception{
//表单验证(身份认证)
http.formLogin()
//自定义登陆页面
.loginPage("/require")
//如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
.loginProcessingUrl("/loginPage")
//配置登陆成功调用loginSuccessHandler
.successHandler(loginSuccessHandler)
.and()
//请求授权
.authorizeRequests()
//在访问我们的URL时,我们是不需要省份认证,可以立即访问
.antMatchers("/login.html","/require").permitAll()
//所有请求都被拦截,跳转到(/login请求中)
.anyRequest()
//都需要我们身份认证
.authenticated()
//SpringSecurity保护机制
.and().csrf().disable();
} }
SecurityConfig.java
//用户权限
authorities: //认证请求的信息(ip,session)
details //用户是否已经通过了我们的身份认证
authenticated //UserDetails
principal //用户输入的密码
credentials //用户名
name
用户登陆失败后的Handler
@Override
//登陆不成功产生的错误
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException { System.out.println("登陆失败"); //设置返回的状态码 500
response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR); response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(exception)); }
在SecurityConfig.java中配置configure()方法
protected void configure(HttpSecurity http) throws Exception{
//表单验证(身份认证)
http.formLogin()
//自定义登陆页面
.loginPage("/require")
//如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
.loginProcessingUrl("/loginPage")
//配置登陆成功调用loginSuccessHandler
.successHandler(loginSuccessHandler)
//配置登陆失败调用loginFailureHandler
.failureHandler(loginFailureHandler)
.and()
//请求授权
.authorizeRequests()
//在访问我们的URL时,我们是不需要省份认证,可以立即访问
.antMatchers("/login.html","/require").permitAll()
//所有请求都被拦截,跳转到(/login请求中)
.anyRequest()
//都需要我们身份认证
.authenticated()
//SpringSecurity保护机制
.and().csrf().disable();
}
package com.Gary.GaryRESTful.handler; import java.io.IOException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component; import com.fasterxml.jackson.databind.ObjectMapper; @Component
public class LoginFailureHandler implements AuthenticationFailureHandler{ //将我们的authentication转换为json所需要的类
@Autowired
private ObjectMapper objectMapper; @Override
//登陆不成功产生的错误
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException { System.out.println("登陆失败"); //设置返回的状态码 500
response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR); response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(exception)); } }
LoginFailureHandler.java
package com.Gary.GaryRESTful.config; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import com.Gary.GaryRESTful.handler.LoginFailureHandler;
import com.Gary.GaryRESTful.handler.LoginSuccessHandler; //Web应用安全适配器
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{ //告诉SpringSecurity密码用什么加密的
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
} @Autowired
private LoginSuccessHandler loginSuccessHandler; @Autowired
private LoginFailureHandler loginFailureHandler; protected void configure(HttpSecurity http) throws Exception{
//表单验证(身份认证)
http.formLogin()
//自定义登陆页面
.loginPage("/require")
//如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
.loginProcessingUrl("/loginPage")
//配置登陆成功调用loginSuccessHandler
.successHandler(loginSuccessHandler)
//配置登陆失败调用loginFailureHandler
.failureHandler(loginFailureHandler)
.and()
//请求授权
.authorizeRequests()
//在访问我们的URL时,我们是不需要省份认证,可以立即访问
.antMatchers("/login.html","/require").permitAll()
//所有请求都被拦截,跳转到(/login请求中)
.anyRequest()
//都需要我们身份认证
.authenticated()
//SpringSecurity保护机制
.and().csrf().disable();
} }
SecurityConfig.java
用户自定义登陆配置
在application.properties中配置gary.security.loginType为JSON
当用户登陆成功时,当用户打印出登陆成功信息(JSON格式)
@Override
//登陆成功之后会调用的函数
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
//封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub System.out.println("登陆成功");
System.out.println(garySecurityProperties.getLoginType()); response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(authentication)); }
#datasource
spring.datasource.url=jdbc:mysql:///springsecurity?serverTimezone=UTC&characterEncoding=utf-8
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.dricer-class-name=com.mysql.jdbc.Driver #jpa
#打印出数据库语句
spring.jpa.show-sql=true
#更新数据库表
spring.jpa.hibernate.ddl-auto=update gary.security.loginType = JSON
application.properties
package com.Gary.GaryRESTful.properties; import org.springframework.boot.context.properties.ConfigurationProperties; @ConfigurationProperties(prefix = "gary.security")
public class GarySecurityProperties { //LoginType登陆的方式,默认为JSON(restful设计风格)
private LoginType loginType = LoginType.JSON; public LoginType getLoginType() {
return loginType;
} public void setLoginType(LoginType loginType) {
this.loginType = loginType;
} }
GarySecurityProperties.java
package com.Gary.GaryRESTful.properties; //登陆的方式
public enum LoginType { JSON, REDIRECT }
LoginType.java
package com.Gary.GaryRESTful.properties; import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration; @Configuration
//让我们的配置生效
@EnableConfigurationProperties(GarySecurityProperties.class)
public class GarySecurityConfig { }
GarySecurityConfig.java
package com.Gary.GaryRESTful.handler; import java.io.IOException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component; import com.fasterxml.jackson.databind.ObjectMapper; @Component
public class LoginFailureHandler implements AuthenticationFailureHandler{ //将我们的authentication转换为json所需要的类
@Autowired
private ObjectMapper objectMapper; @Override
//登陆不成功产生的错误
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException { System.out.println("登陆失败"); //设置返回的状态码 500 SC_INTERNAL_SERVER_ERROR
response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR); response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(exception)); } }
LoginFailureHandler.java
package com.Gary.GaryRESTful.handler; import java.io.IOException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component; import com.Gary.GaryRESTful.properties.GarySecurityProperties;
import com.fasterxml.jackson.databind.ObjectMapper; @Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler{ //将我们的authentication转换为json所需要的类
@Autowired
private ObjectMapper objectMapper; @Autowired
private GarySecurityProperties garySecurityProperties; @Override
//登陆成功之后会调用的函数
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
//封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub System.out.println("登陆成功");
System.out.println(garySecurityProperties.getLoginType()); response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(authentication)); } }
LoginSuccessHandler.java
为提高软件通用性
在application.properties中配置gary.security.loginType为REDIRECT(重定向)
当用户登陆成功时,LoginSuccessHandler重定向到default.jsp继承SavedRequestAwareAuthenticationSuccessHandler,SavedRequestAwareAuthenticationSuccessHandler为SpringSecurity默认处理机制
@Override
//登陆成功之后会调用的函数
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
//封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub System.out.println("登陆成功"); if(LoginType.JSON.equals(garySecurityProperties.getLoginType()))
{
response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(authentication));
}
else
{
//调用父类中的方法,跳转到其它页面
super.onAuthenticationSuccess(request, response, authentication);
} }
当用户登陆失败时,springsecurity进行对请求的拦截
//登陆不成功产生的错误
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException { System.out.println("登陆失败"); if(LoginType.JSON.equals(garySecurityProperties.getLoginType()))
{
//设置返回的状态码 500 SC_INTERNAL_SERVER_ERROR
response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR); response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(exception)); }
else
{
//调用父类中的方法,跳转到其它页面
super.onAuthenticationFailure(request, response, exception);
}
#datasource
spring.datasource.url=jdbc:mysql:///springsecurity?serverTimezone=UTC&characterEncoding=utf-8
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.dricer-class-name=com.mysql.jdbc.Driver #jpa
#打印出数据库语句
spring.jpa.show-sql=true
#更新数据库表
spring.jpa.hibernate.ddl-auto=update gary.security.loginType = REDIRECT
application.properties
package com.Gary.GaryRESTful.handler; import java.io.IOException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.stereotype.Component; import com.Gary.GaryRESTful.properties.GarySecurityProperties;
import com.Gary.GaryRESTful.properties.LoginType;
import com.fasterxml.jackson.databind.ObjectMapper; @Component
//SavedRequestAwareAuthenticationSuccessHandler为SpringSecurity默认处理机制
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{ //将我们的authentication转换为json所需要的类
@Autowired
private ObjectMapper objectMapper; @Autowired
private GarySecurityProperties garySecurityProperties; @Override
//登陆成功之后会调用的函数
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
//封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub System.out.println("登陆成功"); if(LoginType.JSON.equals(garySecurityProperties.getLoginType()))
{
response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(authentication));
}
else
{
//调用父类中的方法,跳转到其它页面
super.onAuthenticationSuccess(request, response, authentication);
} } }
LoginSuccessHandler.java
package com.Gary.GaryRESTful.handler; import java.io.IOException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component; import com.Gary.GaryRESTful.properties.GarySecurityProperties;
import com.Gary.GaryRESTful.properties.LoginType;
import com.fasterxml.jackson.databind.ObjectMapper; @Component
//springsecurity默认处理器
public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler{ //将我们的authentication转换为json所需要的类
@Autowired
private ObjectMapper objectMapper; @Autowired
//我们自己的配置
private GarySecurityProperties garySecurityProperties; @Override
//登陆不成功产生的错误
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException { System.out.println("登陆失败"); if(LoginType.JSON.equals(garySecurityProperties.getLoginType()))
{
//设置返回的状态码 500 SC_INTERNAL_SERVER_ERROR
response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR); response.setContentType("application/json;charset=UTF-8");
//将我们authentication转换为json通过response对象以application/json写到页面
response.getWriter().write(objectMapper.writeValueAsString(exception)); }
else
{
//调用父类中的方法,跳转到其它页面
super.onAuthenticationFailure(request, response, exception);
} } }
LoginFailureHandler.java
JavaWeb-SpringSecurity自定义登陆配置的更多相关文章
- SpringSecurity自定义登陆页面和跳转页面
如果我们不用form-login说明登陆界面,springsecurity框架将自动为我们生成登陆界面 现在我们不想用自动生成的登陆界面了,而想使用自定义的漂亮的登陆界面 则需要使用<secur ...
- springSecurity自定义认证配置
上一篇讲了springSecurity的简单入门的小demo,认证用户是在xml中写死的.今天来说一下自定义认证,读取数据库来实现认证.当然,也是非常简单的,因为仅仅是读取数据库,权限是写死的,因为相 ...
- JavaWeb-SpringSecurity自定义登陆页面
系列博文 项目已上传至guthub 传送门 JavaWeb-SpringSecurity初认识 传送门 JavaWeb-SpringSecurity在数据库中查询登陆用户 传送门 JavaWeb-Sp ...
- SharePoint 2013混合模式登陆中 使用 自定义登陆页
接前一篇博客<SharePoint 2013自定义Providers在基于表单的身份验证(Forms-Based-Authentication)中的应用>,当实现混合模式登陆后,接着我们就 ...
- Shiro 自定义登陆、授权、拦截器
Shiro 登陆.授权.拦截 按钮权限控制 一.目标 Maven+Spring+shiro 自定义登陆.授权 自定义拦截器 加载数据库资源构建拦截链 使用总结: 1.需要设计的数据库:用户.角色.权限 ...
- SpringSecurity 自定义用户 角色 资源权限控制
SpringSecurity 自定义用户 角色 资源权限控制 package com.joyen.learning.security; import java.sql.ResultSet; impor ...
- SpringSecurity 自定义表单登录
SpringSecurity 自定义表单登录 本篇主要讲解 在SpringSecurity中 如何 自定义表单登录 , SpringSecurity默认提供了一个表单登录,但是实际项目里肯定无法使用的 ...
- 【.net 深呼吸】自定义缓存配置(非Web项目)
在前一篇烂文中,老周简单讲述了非Web应用的缓存技术的基本用法.其实嘛,使用系统默认方案已经满足我们的需求了,不过,如果你真想自己来配置缓存,也是可以的. 缓存的自定义配置可以有两种方案,一种是用代码 ...
- phpstorm 自定义函数配置
phpstorm 自定义函数配置 打开设置->活动模板->
随机推荐
- window.setInterval
window.clearInterval与window.setInterval的用法 window.setInterval() 功能:按照指定的周期(以毫秒计)来调用函数或计算表达式. 语法:setI ...
- vue进阶:vuex(数据池)
非父子组件传值 vuex 一.非父子组件传值 基于父子组件通信与传值实现非父子组件传值的示例关键代码: <template> <div> <!-- 学员展示 --> ...
- VSCode中Markdown目录显示异常
更新最新的VSCode之后编辑Markdown文件发现TOC标签的目录格式异常,发现是因为行尾字符导致,必须设置行尾字符进行解决.
- JavaJDBC【三、增删改查】
获取数据库连接后,可进行增删改查操作 语句生成: Statement s = con.createStatement(sql); //生成语句 PreparedStatement ps = (Prep ...
- CentOS7.2安装Airflow
1 安装pip yum -y install epel-release yum install python-pip 2 更新pip pip install --upgrade pip pip ins ...
- 20、linux启动流程和救援模式
1.Linux启动流程 2.Linux运行级别 1.什么是运行级别,运行级别就是操作系统当前正在运行的功能级别 System V init运行级别 systemd目标名称 作用 0 runlevel0 ...
- yocto 项目编译
1. 编译整个项目 构建编译环境: ~/fsl_6dl_release$ MACHINE=imx6dlsabresd source fsl-setup-release.sh -b build-wayl ...
- Python制作的射击游戏
如果其他朋友也有不错的原创或译文,可以尝试推荐给伯乐在线.] 你有没有想过电脑游戏是怎样制作出来的?其实它没有你想象的那样复杂! 在这个教程里,你要学做一个叫<兔子和獾>的塔防游戏,兔子作 ...
- ScrollView 滚动视图
ScrollView 种类: 1.HorizontalScrollView:水平滚动视图 2.ScrollView:垂直滚动视图(常用类) public class MainActivity exte ...
- elk快速入门-Logstash
Logstash1.功能:数据输入,数据筛选,数据输出2.特性:数据来源中立性,支持众多数据源:如文件log file,指标,网站服务日志,关系型数据库,redis,mq等产生的数据3.beats:分 ...