springcloud +spring security多种验证方式之第三方token生成自己的token通过校验和自己的表单验证大体流程
步骤:
1.继承 WebSecurityConfigurerAdapter.class,其中使用两个过滤器,一个spring scurity自带的UsernamePasswordAuthenticationFilter,一个是自定义的过滤器ZTSSOAuthenticationProcessingFilter ,他们都继承AbstractAuthenticationProcessingFilter,该filter的功能是去指定拦截界面发送的post请求,然后加入到filter chain 中去。
import com.idoipo.ibt.service.LoginAuthenticationSuccessHandler;
import com.idoipo.ibt.service.SmsAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; /**
* Created by pingli on 2018-10-13.
*/
@Configuration
@EnableWebSecurity
@SuppressWarnings("unused")
public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter{ @Value("${com.cookie}")
private String sessionCookieName; @Value("${com..cookie.token}")
private String tokenCookie; @Value("${com.cookie.timer}")
private String timerCookie; @Value("${com.cookie.curp}")
private String curpCookie; @Value("${com.cookie.gw}")
private String gwCookie; @Value("${com.cookie.commondomain}")
private String cdCookie; @Value("${com.index}")
private String homeUrl;
@Value("${com.main}")
private String mainUrl;
@Value("${zt.ssoUrl}")
private String ssoUrl;
@Value("${zt.appId}")
private String appId; @Value("${com.idoipo.infras.ibt}")
private String ibtUrl; @Autowired
private SmsAuthenticationProvider authenticationProvider; @Autowired
private ZTSSOAuthenticationProvider ztssoAuthenticationProvider; @Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager; @Autowired
private LoginAuthenticationSuccessHandler successHandler; @Override
protected void configure(HttpSecurity http) throws Exception {
String logoutUrl="/logout";
String loginUrl="/login";
String loginMiddleUrl="/SsoLogin";
String ssoUrlRequest = ssoUrl+"?a="+appId+"&"+"r="+ibtUrl+loginMiddleUrl;
http.formLogin()//处理登录
.loginPage(ssoUrlRequest)
.successHandler(successHandler)
.loginProcessingUrl(loginUrl)
.usernameParameter("mobile")
.passwordParameter("check")
.failureUrl(ssoUrlRequest)
.permitAll()
.and()
.authorizeRequests()//请求授权
.antMatchers("/",homeUrl,"/file/supload","/dist/**",loginMiddleUrl).permitAll()//首页与前端资源可以直接访问
.antMatchers(logoutUrl,"/heartbeat").authenticated()
.antMatchers(loginUrl).anonymous()
.anyRequest().authenticated()
.and()
.logout()
.logoutUrl(logoutUrl)
.logoutSuccessUrl(homeUrl)
.invalidateHttpSession(true)
.deleteCookies(sessionCookieName,tokenCookie,timerCookie,curpCookie,gwCookie,cdCookie)
.logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl, "GET"))
.and()
.csrf()
.disable()
.addFilterAt(ztssoAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class);//增加过滤/SsoLogin接口请求
} @Bean
public ZTSSOAuthenticationProcessingFilter ztssoAuthenticationFilter() {
ZTSSOAuthenticationProcessingFilter filter = new ZTSSOAuthenticationProcessingFilter();
filter.setAuthenticationManager(authenticationManager);
filter.setAuthenticationSuccessHandler(successHandler);
return filter;
} @Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
} @Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(this.authenticationProvider)
.authenticationProvider(this.ztssoAuthenticationProvider); } }
import com.idoipo.ibt.controllers.HomeController;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException; /**
* Created by pingli on 2018-10-06
* 拦截请求
*/
public class ZTSSOAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter { private Logger logger = LoggerFactory.getLogger(ZTSSOAuthenticationProcessingFilter.class);
public static final String SPRING_SECURITY_FORM_ZT_TOKEN = "Token"; private String ZTToken = SPRING_SECURITY_FORM_ZT_TOKEN;
private boolean postOnly = true; public ZTSSOAuthenticationProcessingFilter() { super(new AntPathRequestMatcher("/SsoLogin", "POST"));
} @Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException {
logger.info("进入sso过滤器");
if (postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
} String token = obtainToken(request); if (token == null) {
token = "";
} AbstractAuthenticationToken authRequest = new ZTSSOAuthenticationToken(null,token); // Allow subclasses to set the "details" property
setDetails(request, authRequest); return this.getAuthenticationManager().authenticate(authRequest);
} protected String obtainToken(HttpServletRequest request) {
return request.getParameter(ZTToken);
} protected void setDetails(HttpServletRequest request,
AbstractAuthenticationToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
} }
2
ZTSSOAuthenticationProcessingFilter 拦截到SsoLogin 的post请求后,需要一个继承
AbstractAuthenticationToken的token类来存得到的第三方的token参数。
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion; import java.util.Collection; /**
* Created by pingli on 2018-10-06
* 生成登录session,同用户不用再校验
*/
public class ZTSSOAuthenticationToken extends AbstractAuthenticationToken { private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; private final Object principal;
private String credentials; public ZTSSOAuthenticationToken(Object principal,String credentials) {
super(null);
this.principal = principal;
this.credentials = credentials;
super.setAuthenticated(true);
} public ZTSSOAuthenticationToken(Object principal, Collection<? extends GrantedAuthority> authorities) {
super(authorities);
this.principal = principal;
this.credentials = null;
super.setAuthenticated(true); // must use super, as we override
} // ~ Methods
// ======================================================================================================== public String getCredentials() {
return this.credentials;
} public Object getPrincipal() {
return this.principal;
} public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
if (isAuthenticated) {
throw new IllegalArgumentException(
"Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
} super.setAuthenticated(false);
} @Override
public void eraseCredentials() {
super.eraseCredentials();
credentials = null;
} }
3.得到参数后,需要根据token,去第三方查询用户信息,用户生成自己系统的token,这一步在实现了
AuthenticationProvider的类中去处理,这个类需要去指定
ZTSSOAuthenticationToken 支持他,所以需要重写
supports方法,从而关联上ZTSSOAuthenticationProcessingFilter ,
ZTSSOAuthenticationToken ,
AuthenticationProvider这三个类,filter得到请求,token去保存参数,provider去获取支持的token类的参数,从而完成一条线,后续其他验证也可以采用该种方式去增加,注意如果要增加成功后的处理,请注意
继承了WebSecurityConfigurerAdapter中添加
filter.setAuthenticationSuccessHandler(successHandler);去设置授权成功后可以进行一些后续处理,比如生成token字符串到前台,或者指定默认的跳转路径
import com.idoipo.ibt.bto.AccountInfo;
import com.idoipo.ibt.bto.UserDetail;
import com.idoipo.ibt.service.UserService;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component; /**
* Created by pingli on 2018-10-06
* sso验证类
*/
@Component
public class ZTSSOAuthenticationProvider implements AuthenticationProvider { private Logger logger= LoggerFactory.getLogger(ZTSSOAuthenticationProvider.class);
@Autowired
private UserService userService; @Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String ZTToken = (authentication.getCredentials()==null)?null:authentication.getCredentials().toString();
if (StringUtils.isEmpty(ZTToken)) {
throw new BadCredentialsException("token不能为空");
}
AccountInfo accountInfo = userService.getUserInfoBySSO(ZTToken);
logger.info("当前sso反回账号信息={}",accountInfo);
UserDetail userDetail = userService.getTokenByPsnId(accountInfo.getAccount());
ZTSSOAuthenticationToken result = new ZTSSOAuthenticationToken(userDetail,userDetail.getJwtToken());
result.setDetails(authentication.getDetails());
return result;
} @Override
public boolean supports(Class<?> authentication) {
logger.info(this.getClass().getName() + "---supports");
return (ZTSSOAuthenticationToken.class.isAssignableFrom(authentication));
} //后续权限控制
// private Set<GrantedAuthority> listUserGrantedAuthorities(Long uid) {
// Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
// if (null == uid) {
// return authorities;
// }
// authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
// return authorities;
// } }
import com.idoipo.ibt.bto.UserDetail;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils; import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List; /**
* Created by Jemmy on 2017-09-08.
*/
@Component
@SuppressWarnings("unused")
public class LoginAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{ private Logger logger= LoggerFactory.getLogger(LoginAuthenticationSuccessHandler.class); @Value("${com.pages.main}")
private String mainUrl; @Value("${com.common.domain}")
private String commonDomain; public LoginAuthenticationSuccessHandler() {
super();
} @Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException { logger.info("登录用户服务成功");
this.setDefaultTargetUrl(mainUrl);
this.setAlwaysUseDefaultTargetUrl(true);
UserDetail userDetail=(UserDetail)authentication.getPrincipal();
// request.setAttribute("TOKEN",userDetail.getJwtToken());
Cookie cookie=new Cookie("IBT-TOKEN",userDetail.getJwtToken());
cookie.setPath("/");
cookie.setHttpOnly(false);
cookie.setDomain(commonDomain);
response.addCookie(cookie);
super.onAuthenticationSuccess(request, response, authentication);
//request.getRequestDispatcher("redirect:/main").forward(request,response); }
}
springcloud +spring security多种验证方式之第三方token生成自己的token通过校验和自己的表单验证大体流程的更多相关文章
- 玩转spring boot——AOP与表单验证
AOP在大多数的情况下的应用场景是:日志和验证.至于AOP的理论知识我就不做赘述.而AOP的通知类型有好几种,今天的例子我只选一个有代表意义的“环绕通知”来演示. 一.AOP入门 修改“pom.xml ...
- jQuery Validation Engine 表单验证
功能强大的 jQuery 表单验证插件,适用于日常的 E-mail.电话号码.网址等验证及 Ajax 验证,除自身拥有丰富的验证规则外,还可以添加自定义的验证规则. 兼容 IE 6+, Chrome, ...
- [php基础]PHP Form表单验证:PHP form validator使用说明
在PHP网站开发建设中,用户注册.留言是必不可少的功能,用户提交的信息数据都是通过Form表单提交,为了保证数据的完整性.安全性,PHP Form表单验证是过滤数据的首要环节,PHP对表单提交数据的验 ...
- 【jquery】Validform,一款不错的 jquery 表单验证插件
关于 Validform 这是一款很不错的 jquery 表单验证插件,它几乎能够满足任何验证需求,仅仅一行代码就能搞定整站的表单验证. $('form').Validform(); 为什么能如此方便 ...
- python运维开发(十九)----Django后台表单验证、session、cookie、model操作
内容目录: Django后台表单验证 CSRF加密传输 session.cookie model数据库操作 Django后台Form表单验证 Django中Form一般有2种功能: 1.用于做用户提交 ...
- Jquery Validate结合QTip实现绚丽的表单验证
相信做过前端开发的童鞋,一定都涉及到表单验证的模块设计,也定都会对Alert的粗暴提示厌恶至极.当然,我也不例外.一直期待着,一种比较优雅提示效果. 看到这,大家可能觉得Jquery Validate ...
- Form表单验证组件
Tyrion是一个基于Python实现的支持多个WEB框架的Form表单验证组件,其完美的支持Tornado.Django.Flask.Bottle Web框架.Tyrion主要有两大重要动能: 表单 ...
- Miniui 表单验证
自定义表单验证: input输入框的表单验证可通过vtype和onvalidation事件两种方式实现 可编辑列表(例如div)的表单验证只能通过vtye来实现表单验证 (1)vtype方式: jsp ...
- Validation Engine 表单验证
前端开发仓库 » jQuery » jQuery Validation Engine 表单验证 jQuery Validation Engine 表单验证来源 功能强大的 jQuery 表单验证插件, ...
随机推荐
- C# 使用API检查域用户名和密码是否正确
添加引用: using System.Runtime.InteropServices; public class VerifyUserByDomain { ; ; ); [DllImport(&quo ...
- Git在不同环境换行符设置
首先我们在eclipse查看两个环境文件的换行符区别: 产生背景 关于“回车”(carriage return)和“换行”(line feed)这两个概念的来历和区别.在计算机还没有出现之前,有一种叫 ...
- Cloudera API访问
多租户管理页面(admin)操作 cloudera 管理页面页面操作多租户是这样的: 进入到YARN的服务页面,点击Resource Pool,你将会看到已经存在的资源池,然后再点击资源池表格右上角的 ...
- 聊聊“现在学习MFC有用吗?”
我用MFC做了4年多,后来转到WPF也做了快5年.对于二者,不敢说精通,但应该算入门.结合自己经历,如果不考虑项目需求,我认为新手学习WPF或许更好点.有3点: 1)大家都知道最近几年Motorola ...
- hl7中V2版本的ACK消息的构造
hl7 v2的ack消息即应答消息构造时有几个注意的地方. 首先,我们看下2个ack的例子: Send: MSH|^~\&|NIST_SENDER^^|NIST^^|NIST_RECEIVER ...
- Qt中如何用QImage::Format_Indexed8表示灰度图
QImage *qi = new QImage(data_ptr, width, height, QImage::Format_Indexed8); QVector<QRgb> grayT ...
- Facebook开源的JavaScript库:React
React是Facebook开源的JavaScript库,采用声明式范例,可以传递声明代码,最大限度地减少与DOM的交互. React是Facebook开源的JavaScript库,用于构建UI.你可 ...
- spring bean管理
轻量级,无侵入 Bean管理 1 创建applicationContext.xml 2 配置被管理的Bean 3 获取Bean pom.xml配置 <dependency> <gro ...
- CreateRemoteThread 远程注入
在release中可以成功,在debug中被注入的程序停止工作 #pragma once#include "stdafx.h"#include <windows.h># ...
- Json-lib 进行java与json字符串转换之一
这篇文章主要介绍了在java中,JSON字符串与java对象的相互转换实例详解,非常不错,具有参考借鉴价值,需要的朋友可以参考下. 在开发过程中,经常需要和别的系统交换数据,数据交换的格式有XML.J ...