您的位置:首页 > 科技 > 能源 > 360免费wifi创建失败_网页设计素材 旅游_近期网络营销的热点事件_新闻发布最新新闻

360免费wifi创建失败_网页设计素材 旅游_近期网络营销的热点事件_新闻发布最新新闻

2024/11/14 4:35:18 来源:https://blog.csdn.net/dhbfjh/article/details/143575392  浏览:    关键词:360免费wifi创建失败_网页设计素材 旅游_近期网络营销的热点事件_新闻发布最新新闻
360免费wifi创建失败_网页设计素材 旅游_近期网络营销的热点事件_新闻发布最新新闻

文章目录

  • 往期回顾:Spring Boot集成Spring Security专栏及各章节快捷入口
  • 前言
  • 一、自定义用户名密码认证过滤器RestfulUsernamePasswordAuthenticationFilter
    • 1、注册过滤器方式
    • 2、修改并覆盖过滤器顺序注册器
    • 3、创建RestfulUsernamePasswordAuthenticationFilter
    • 4、创建自定义用户名密码认证过滤器配置类RestfulLoginConfigurer
  • 二、自定义安全上下文仓库SecurityContextRepositoryImpl
    • 1、分布式缓存接口和实现
    • 2、创建SecurityContextRepositoryImpl
  • 三、自定义用户详情UserDetailsImpl
  • 四、自定义用户详情数据库查询UserDetailsServiceImpl
  • 五、自定义登录登出结果处理器
  • 六、过滤器链个性化配置
  • 七、其他类
  • 八、案例源码获取

往期回顾:Spring Boot集成Spring Security专栏及各章节快捷入口

  • Spring Boot集成Spring Security专栏
  • 一、Spring Boot集成Spring Security之自动装配
  • 二、Spring Boot集成Spring Security之实现原理
  • 三、Spring Boot集成Spring Security之过滤器链详解
  • 四、Spring Boot集成Spring Security之认证流程
  • 五、Spring Boot集成Spring Security之认证流程2
  • 六、Spring Boot集成Spring Security之前后分离认证流程最佳方案
  • 七、Spring Boot集成Spring Security之前后分离认证最佳实现
  • 八、Spring Boot集成Spring Security之前后分离认证最佳实现对接测试

前言

本文介绍前后分离认证最佳代码实现,配合以下内容观看效果更佳!!!

  • 什么是前后分离认证流程最佳方案,为什么这么设计?请查看六、Spring Boot集成Spring Security之前后分离认证流程最佳方案
  • 哇偶,明白了前后分离认证流程最佳方案的原理,那怎么实现这套方案呢?请查看七、Spring Boot集成Spring Security之前后分离认证最佳实现
  • Nice,知道了怎么代码实现前后分离认证流程最佳方案,那我怎么测试呢?请查看八、Spring Boot集成Spring Security之前后分离认证最佳实现对接测试
  • 博主,帮人帮到底,送佛送到西,提不提供源码呀?请点击下载

一、自定义用户名密码认证过滤器RestfulUsernamePasswordAuthenticationFilter

1、注册过滤器方式

  1. 使用httpSecurity.addFilter/addFilterBefore/addFilterAfter向过滤器链中添加过滤器,其中addFilter只能添加内置的过滤器,顺序已在过滤器顺序注册器(FilterOrderRegistration)中设置;addFilterBefore/addFilterAfter可以添加自定义过滤器,添加在指定的过滤器之前/之后。该方式优点是使用简单,缺点是无法使用spring security内置的组件,与RestfulUsernamePasswordAuthenticationFilter需要使用AuthenticationManager组件冲突,故不使用该方式。
  2. 使用SecurityConfigurer通过配置类的方式向过滤器链中添加过滤器,官方使用的方式。该方式优点是可以使用spring security内置的组件,缺点是实现较为笨重,而且只能注册过滤器顺序注册器(FilterOrderRegistration)中设定的过滤器。该方式可以使用spring security内置的组件,所以采用本方式,需要修改过滤器顺序注册器添加自定义的过滤器。

2、修改并覆盖过滤器顺序注册器

  1. FilterOrderRegistration类为final类且未提供开放的注册自定义过滤器的方式,所以只能重写该类,并添加自定义过滤器的顺序
package org.springframework.security.config.annotation.web.builders;import com.yu.demo.spring.filter.RestfulUsernamePasswordAuthenticationFilter;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.access.intercept.AuthorizationFilter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.authentication.www.DigestAuthenticationFilter;
import org.springframework.security.web.context.SecurityContextHolderFilter;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.header.HeaderWriterFilter;
import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter;
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
import org.springframework.security.web.session.ConcurrentSessionFilter;
import org.springframework.security.web.session.DisableEncodeUrlFilter;
import org.springframework.security.web.session.ForceEagerSessionCreationFilter;
import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.web.filter.CorsFilter;import javax.servlet.Filter;
import java.util.HashMap;
import java.util.Map;final class FilterOrderRegistration {private static final int INITIAL_ORDER = 100;private static final int ORDER_STEP = 100;private final Map<String, Integer> filterToOrder = new HashMap<>();FilterOrderRegistration() {Step order = new Step(INITIAL_ORDER, ORDER_STEP);put(DisableEncodeUrlFilter.class, order.next());put(ForceEagerSessionCreationFilter.class, order.next());put(ChannelProcessingFilter.class, order.next());order.next(); // gh-8105put(WebAsyncManagerIntegrationFilter.class, order.next());put(SecurityContextHolderFilter.class, order.next());put(SecurityContextPersistenceFilter.class, order.next());put(HeaderWriterFilter.class, order.next());put(CorsFilter.class, order.next());put(CsrfFilter.class, order.next());put(LogoutFilter.class, order.next());this.filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter",order.next());this.filterToOrder.put("org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter",order.next());put(X509AuthenticationFilter.class, order.next());put(AbstractPreAuthenticatedProcessingFilter.class, order.next());this.filterToOrder.put("org.springframework.security.cas.web.CasAuthenticationFilter", order.next());this.filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter",order.next());this.filterToOrder.put("org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter",order.next());//添加自定义过滤器put(RestfulUsernamePasswordAuthenticationFilter.class, order.next());put(UsernamePasswordAuthenticationFilter.class, order.next());order.next(); // gh-8105this.filterToOrder.put("org.springframework.security.openid.OpenIDAuthenticationFilter", order.next());put(DefaultLoginPageGeneratingFilter.class, order.next());put(DefaultLogoutPageGeneratingFilter.class, order.next());put(ConcurrentSessionFilter.class, order.next());put(DigestAuthenticationFilter.class, order.next());this.filterToOrder.put("org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter",order.next());put(BasicAuthenticationFilter.class, order.next());put(RequestCacheAwareFilter.class, order.next());put(SecurityContextHolderAwareRequestFilter.class, order.next());put(JaasApiIntegrationFilter.class, order.next());put(RememberMeAuthenticationFilter.class, order.next());put(AnonymousAuthenticationFilter.class, order.next());this.filterToOrder.put("org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter",order.next());put(SessionManagementFilter.class, order.next());put(ExceptionTranslationFilter.class, order.next());put(FilterSecurityInterceptor.class, order.next());put(AuthorizationFilter.class, order.next());put(SwitchUserFilter.class, order.next());}/*** Register a {@link Filter} with its specific position. If the {@link Filter} was* already registered before, the position previously defined is not going to be* overriden** @param filter   the {@link Filter} to register* @param position the position to associate with the {@link Filter}*/void put(Class<? extends Filter> filter, int position) {String className = filter.getName();if (this.filterToOrder.containsKey(className)) {return;}this.filterToOrder.put(className, position);}/*** Gets the order of a particular {@link Filter} class taking into consideration* superclasses.** @param clazz the {@link Filter} class to determine the sort order* @return the sort order or null if not defined*/Integer getOrder(Class<?> clazz) {while (clazz != null) {Integer result = this.filterToOrder.get(clazz.getName());if (result != null) {return result;}clazz = clazz.getSuperclass();}return null;}private static class Step {private final int stepSize;private int value;Step(int initialValue, int stepSize) {this.value = initialValue;this.stepSize = stepSize;}int next() {int value = this.value;this.value += this.stepSize;return value;}}}

3、创建RestfulUsernamePasswordAuthenticationFilter

  1. 参考UsernamePasswordAuthenticationFilter
  2. 将参数获取方式从request.getParameter改为从body体中
  3. 创建UsernamePasswordAuthenticationToken
  4. 设置细节
  5. 调用getAuthenticationManager()的authenticate方法获取认证信息
package com.yu.demo.spring.filter;import com.yu.demo.util.SpringUtil;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Map;/*** 自定义前后端分离/restful方式的用户名密码认证过滤器* 参考UsernamePasswordAuthenticationFilter*/
public class RestfulUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {//是否只支持post方法private final boolean postOnly;private final String username;private final String password;public RestfulUsernamePasswordAuthenticationFilter(String username, String password, String loginUrl, String httpMethod) {super(new AntPathRequestMatcher(loginUrl, httpMethod));postOnly = HttpMethod.POST.name().equals(httpMethod);this.username = username;this.password = password;}@Overridepublic Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException {if (this.postOnly && !request.getMethod().equals(HttpMethod.POST.name())) {throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());} else {Map<String, String> body = SpringUtil.rawBodyToMap(request);String name = body.get(username);String pswd = body.get(password);UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(name, pswd);setDetails(request, authRequest);return getAuthenticationManager().authenticate(authRequest);}}protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));}}

4、创建自定义用户名密码认证过滤器配置类RestfulLoginConfigurer

  1. 参考FormLoginConfigurer
  2. 注册自定义用户名密码认证过滤器RestfulUsernamePasswordAuthenticationFilter
  3. 设置登录地址和请求方式
package com.yu.demo.spring.filter;import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;/*** 自定义前后端分离/restful方式的用户名密码验证过滤器配置器,用于注册认证过滤器* 参考FormLoginConfigurer*/
public class RestfulLoginConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractAuthenticationFilterConfigurer<H, RestfulLoginConfigurer<H>, RestfulUsernamePasswordAuthenticationFilter> {private final String loginMethod;public RestfulLoginConfigurer(RestfulUsernamePasswordAuthenticationFilter authenticationFilter, String defaultLoginProcessingUrl, String loginMethod) {super(authenticationFilter, defaultLoginProcessingUrl);this.loginMethod = loginMethod;}@Overridepublic RestfulLoginConfigurer<H> loginPage(String loginPage) {return super.loginPage(loginPage);}@Overridepublic void init(H http) throws Exception {super.init(http);}@Overrideprotected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {return new AntPathRequestMatcher(loginProcessingUrl, loginMethod);}
}

二、自定义安全上下文仓库SecurityContextRepositoryImpl

  1. 基于分布式缓存实现安全上下文仓库
  2. 获取上下文时从请求头中获取token,通过token从缓存中获取上下文,不存在时返回空值安全上下文
  3. 保存上下文时从请求头或者登录用户信息中获取token,将token和上下文保存到缓存中

1、分布式缓存接口和实现

package com.yu.demo.manager;import org.springframework.security.core.context.SecurityContext;public interface CacheManager {/*** 通过token获取认证信息** @param token token* @return 认证信息*/SecurityContext getSecurityContext(String token);/*** 是否包含token** @param token token* @return 是否包含token*/boolean contains(String token);/*** 通过token添加认证信息** @param token           token* @param securityContext 认证信息*/void addSecurityContext(String token, SecurityContext securityContext);/*** 通过token删除认证信息** @param token token*/void deleteSecurityContext(String token);}

为演示方便,这里采用过期Map,实际使用将map改为redis或者其他分布式缓存即可

package com.yu.demo.manager.impl;import com.yu.demo.manager.CacheManager;
import net.jodah.expiringmap.ExpirationPolicy;
import net.jodah.expiringmap.ExpiringMap;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.stereotype.Component;import javax.annotation.PostConstruct;
import java.util.concurrent.TimeUnit;@Component
public class CacheManagerImpl implements CacheManager {private static ExpiringMap<String, SecurityContext> SECURITY_CONTEXT_CACHE;@PostConstructpublic void init() {SECURITY_CONTEXT_CACHE = ExpiringMap.builder().maxSize(200).expiration(30, TimeUnit.MINUTES).expirationPolicy(ExpirationPolicy.ACCESSED).variableExpiration().build();}@Overridepublic SecurityContext getSecurityContext(String token) {return SECURITY_CONTEXT_CACHE.get(token);}@Overridepublic boolean contains(String token) {return SECURITY_CONTEXT_CACHE.containsKey(token);}@Overridepublic void addSecurityContext(String token, SecurityContext securityContext) {SECURITY_CONTEXT_CACHE.put(token, securityContext);}@Overridepublic void deleteSecurityContext(String token) {SECURITY_CONTEXT_CACHE.remove(token);}
}

2、创建SecurityContextRepositoryImpl

package com.yu.demo.spring.impl;import com.yu.demo.entity.UserDetailsImpl;
import com.yu.demo.manager.CacheManager;
import com.yu.demo.util.SecurityUtil;
import org.apache.poi.util.StringUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.context.HttpRequestResponseHolder;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.stereotype.Component;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;@Component
public class SecurityContextRepositoryImpl implements SecurityContextRepository {private static final String AUTHORIZATION = "Authorization";@Autowiredprivate CacheManager cacheManager;@Overridepublic SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {//获取请求头中的token,未登录访问系统时Token为空String token = requestResponseHolder.getRequest().getHeader(AUTHORIZATION);if (StringUtil.isNotBlank(token)) {SecurityContext securityContext = cacheManager.getSecurityContext(token);//securityContext已过期时为空if (SecurityUtil.isNotAuthenticated(securityContext)) {return SecurityContextHolder.createEmptyContext();}UsernamePasswordAuthenticationToken authentication = (UsernamePasswordAuthenticationToken) securityContext.getAuthentication();UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal();if (token.equals(userDetails.getToken())) {//测试过程中伪造的Token(不修改header和body,只修改signature部分字符)有概率出现可以解析成功的情况,可能是secret太短的原因,未深究,所以这里在验证下输入的Token和缓存中的tokenreturn securityContext;}}return SecurityContextHolder.createEmptyContext();}@Overridepublic void saveContext(SecurityContext securityContext, HttpServletRequest request, HttpServletResponse response) {//获取请求头中的token(登出时有,登录时没有)String token = request.getHeader(AUTHORIZATION);UsernamePasswordAuthenticationToken authentication = (UsernamePasswordAuthenticationToken) securityContext.getAuthentication();if (StringUtil.isBlank(token) && SecurityUtil.isNotAuthenticated(securityContext)) {//未登录、验证码、用户名密码校验失败return;}//第一次登录时Token为空if (StringUtil.isBlank(token)) {UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal();//登录成功cacheManager.addSecurityContext(userDetails.getToken(), securityContext);return;}//退出或token过期(缓存中设置token过期时间)if (SecurityUtil.isNotAuthenticated(securityContext)) {cacheManager.deleteSecurityContext(token);return;}//更新TokencacheManager.addSecurityContext(token, securityContext);}@Overridepublic boolean containsContext(HttpServletRequest request) {//本版本的Spring Security只有SessionManagementFilter中调用该方法//已禁用SessionManagementFilter,该方法不会被调用String token = request.getHeader(AUTHORIZATION);if (StringUtil.isBlank(token)) {return false;}return cacheManager.contains(token);}}

三、自定义用户详情UserDetailsImpl

package com.yu.demo.entity;import lombok.Getter;
import lombok.Setter;
import lombok.ToString;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;import java.util.Collection;
import java.util.Set;@Setter
@Getter
@ToString
public class UserDetailsImpl implements UserDetails {private String password;private final String username;private final Set<GrantedAuthority> authorities;private final boolean accountNonExpired;private final boolean accountNonLocked;private final boolean credentialsNonExpired;private final boolean enabled;/*** token*/private String token;public UserDetailsImpl(String username, String password, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, boolean enabled, Set<GrantedAuthority> grantedAuthorities) {this.username = username;this.password = password;this.enabled = enabled;this.accountNonExpired = accountNonExpired;this.credentialsNonExpired = credentialsNonExpired;this.accountNonLocked = accountNonLocked;this.authorities = grantedAuthorities;}@Overridepublic Collection<? extends GrantedAuthority> getAuthorities() {return authorities;}@Overridepublic String getPassword() {return password;}@Overridepublic String getUsername() {return username;}/*** 账号是否未过期** @return true:是,false:否*/@Overridepublic boolean isAccountNonExpired() {return accountNonExpired;}/*** 账号是否未锁定** @return true:是,false:否*/@Overridepublic boolean isAccountNonLocked() {return accountNonLocked;}/*** 密码是否未过期** @return true:是,false:否*/@Overridepublic boolean isCredentialsNonExpired() {return credentialsNonExpired;}/*** 账号是否启用** @return true:是,false:否*/@Overridepublic boolean isEnabled() {return enabled;}
}

四、自定义用户详情数据库查询UserDetailsServiceImpl

package com.yu.demo.spring.impl;import com.yu.demo.entity.UserDetailsImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;import java.util.UUID;@Service
public class UserDetailsServiceImpl implements UserDetailsService {//@Autowired//private UserService userService;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {//TODO 通过username从数据库中获取用户,将用户转UserDetails//User user = userService.getByUsername(username);//return new User(username, user.getPassword(), user.getEnable(), user.getAccountNonExpired(), user.getCredentialsNonExpired(), user.getAccountNonLocked(), user.getAuthorities());//{noop}不使用密码加密器,密码123的都可以验证成功UserDetailsImpl userDetails = new UserDetailsImpl(username, "{noop}123", true, true, true, true, null);//userDetails中设置token,该token只是实现认证流程,未使用jwtuserDetails.setToken(UUID.randomUUID().toString());return userDetails;}}

五、自定义登录登出结果处理器

package com.yu.demo.spring.impl;import com.yu.demo.entity.ApiResp;
import com.yu.demo.entity.UserDetailsImpl;
import com.yu.demo.util.SpringUtil;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.stereotype.Component;import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;@Component
public class LoginResultHandler implements AuthenticationSuccessHandler, LogoutSuccessHandler, AuthenticationEntryPoint, AuthenticationFailureHandler {/*** 登录成功*/@Overridepublic void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = (UsernamePasswordAuthenticationToken) authentication;UserDetailsImpl userDetailsImpl = (UserDetailsImpl) usernamePasswordAuthenticationToken.getPrincipal();//登陆成功后,擦除密码userDetailsImpl.setPassword(null);//token返回到前端SpringUtil.respJson(response, ApiResp.success(userDetailsImpl.getToken()));}/*** 登录失败*/@Overridepublic void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {SpringUtil.respJson(response, ApiResp.loginFailure());}/*** 登出成功*/@Overridepublic void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {SpringUtil.respJson(response, ApiResp.success());}/*** 未登录访问需要登录的页面时*/@Overridepublic void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {SpringUtil.respJson(response, ApiResp.notLogin());}}

六、过滤器链个性化配置

package com.yu.demo.config;import com.yu.demo.spring.filter.RestfulLoginConfigurer;
import com.yu.demo.spring.filter.RestfulUsernamePasswordAuthenticationFilter;
import com.yu.demo.spring.impl.LoginResultHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
import org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer;
import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.context.SecurityContextRepository;@Configuration
@EnableWebSecurity
public class SecurityConfig {//登录参数用户名private static final String LOGIN_ARG_USERNAME = "username";//登录参数密码private static final String LOGIN_ARG_PASSWORD = "password";//登录请求类型private static final String LOGIN_HTTP_METHOD = HttpMethod.POST.name();//登录请求地址private static final String LOGIN_URL = "/login";//登出请求地址private static final String LOGOUT_URL = "/logout";@Autowiredprivate LoginResultHandler loginResultHandler;@Autowiredprivate SecurityContextRepository securityContextRepository;@Beanpublic SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {httpSecurity//禁用UsernamePasswordAuthenticationFilter、DefaultLoginPageGeneratingFilter、DefaultLogoutPageGeneratingFilter.formLogin(FormLoginConfigurer::disable)//禁用BasicAuthenticationFilter.httpBasic(HttpBasicConfigurer::disable)//禁用CsrfFilter.csrf(CsrfConfigurer::disable)//禁用SessionManagementFilter.sessionManagement(SessionManagementConfigurer::disable)//异常处理配置.exceptionHandling(exceptionHandlingCustomizer -> exceptionHandlingCustomizer.authenticationEntryPoint(loginResultHandler))//http请求认证.authorizeHttpRequests(authorizeHttpRequestsCustomizer -> authorizeHttpRequestsCustomizer//任何请求.anyRequest()//需要认证.authenticated())//安全上下文配置.securityContext(securityContextCustomizer -> securityContextCustomizer//设置自定义securityContext仓库.securityContextRepository(securityContextRepository)//显示保存SecurityContext,官方推荐.requireExplicitSave(true))//登出配置.logout(logoutCustomizer -> logoutCustomizer//登出地址.logoutUrl(LOGOUT_URL)//登出成功处理器.logoutSuccessHandler(loginResultHandler))//注册自定义登录过滤器的配置器:自动注册自定义登录过滤器;//需要重写FilterOrderRegistration的构造方法FilterOrderRegistration(){},在构造方法中添加自定义过滤器的序号,否则注册不成功.apply(new RestfulLoginConfigurer<>(new RestfulUsernamePasswordAuthenticationFilter(LOGIN_ARG_USERNAME, LOGIN_ARG_PASSWORD, LOGIN_URL, LOGIN_HTTP_METHOD), LOGIN_URL, LOGIN_HTTP_METHOD))//设置登录地址:未设置时系统默认生成登录页面,登录地址/login.loginPage(LOGIN_URL)//设置登录成功之后的处理器.successHandler(loginResultHandler).failureHandler(loginResultHandler);//创建过滤器链对象return httpSecurity.build();}}

七、其他类

package com.yu.demo.entity;import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.Setter;
import lombok.ToString;/*** 接口响应对象** @author admin*/
@Setter
@Getter
@ToString
@AllArgsConstructor
public class ApiResp {private static final String CODE_SUCCESS = "00000";private static final String CODE_LOGIN_FAILURE = "10000";private static final String MESSAGE_LOGIN_FAILURE = "登录失败";private static final String CODE_NOT_LOGIN = "10010";private static final String MESSAGE_NOT_LOGIN = "未登录";/*** 响应码*/private String code;/*** 描述*/private String message;/*** 数据*/private Object data;/*** 成功*/public ApiResp(String code) {this.code = code;}/*** 失败+失败描述*/public ApiResp(String code, String message) {this.code = code;this.message = message;}/*** 成功+返回值*/public ApiResp(String code, Object data) {this.code = code;this.data = data;}/*** 成功无返回数据** @return 接口响应对象*/public static ApiResp success() {return new ApiResp(CODE_SUCCESS);}/*** 成功有返回数据** @param data 数据* @return 接口响应对象*/public static ApiResp success(Object data) {return new ApiResp(CODE_SUCCESS, data);}/*** 登录失败** @return 接口响应对象*/public static ApiResp loginFailure() {return new ApiResp(CODE_LOGIN_FAILURE, MESSAGE_LOGIN_FAILURE);}/*** 未登录** @return 接口响应对象*/public static ApiResp notLogin() {return new ApiResp(CODE_NOT_LOGIN, MESSAGE_NOT_LOGIN);}}
package com.yu.demo.util;import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.parser.Feature;import java.lang.reflect.Type;
import java.util.Map;/*** JSON工具类** @author admin*/
public class JsonUtil {private JsonUtil() {throw new AssertionError();}/*** 对象转json** @param javaObject 对象或集合或者数组* @return json*/public static String object2Json(Object javaObject) {return JSONObject.toJSONString(javaObject);}public static <K, V> Map<K, V> json2Map(String jsonString, Type type) {return JSON.parseObject(jsonString, type);}
}
package com.yu.demo.util;import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;/*** Spring框架工具类*/
public class SecurityUtil {private SecurityUtil() {throw new AssertionError();}public static boolean isAuthenticated(SecurityContext securityContext) {if (securityContext == null) {return false;}Authentication authentication = securityContext.getAuthentication();if (authentication == null) {return false;}return authentication.isAuthenticated();}public static boolean isNotAuthenticated(SecurityContext securityContext) {return !isAuthenticated(securityContext);}}
package com.yu.demo.util;import org.springframework.http.MediaType;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Map;/*** Spring框架工具类*/
public class SpringUtil {private SpringUtil() {throw new AssertionError();}/*** 请求body参数转为map** @param request 请求* @return 参数map* @throws IOException IO流异常*/public static Map<String, String> rawBodyToMap(HttpServletRequest request) throws IOException {BufferedReader streamReader = new BufferedReader(new InputStreamReader(request.getInputStream(), StandardCharsets.UTF_8));StringBuilder responseStrBuilder = new StringBuilder();String inputStr;while ((inputStr = streamReader.readLine()) != null) {responseStrBuilder.append(inputStr);}return JsonUtil.json2Map(responseStrBuilder.toString(), Map.class);}public static void respJson(HttpServletResponse response, Map<String, Object> apiResp) throws IOException {response.setContentType(MediaType.APPLICATION_JSON_VALUE);response.setCharacterEncoding(StandardCharsets.UTF_8.name());response.getWriter().print(JsonUtil.object2Json(apiResp));}}
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.7.18</version><relativePath/></parent><groupId>com.yu</groupId><artifactId>spring-boot-security2-demo</artifactId><version>0.0.1-SNAPSHOT</version><name>spring-boot-security2-demo</name><description>Spring Boot集成Spring Security样例</description><properties><java.version>8</java.version></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><!--fastjson--><dependency><groupId>com.alibaba</groupId><artifactId>fastjson</artifactId><version>1.2.46</version></dependency><!--过期map--><dependency><groupId>net.jodah</groupId><artifactId>expiringmap</artifactId><version>0.5.11</version></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><version>1.18.0</version></dependency></dependencies></project>

八、案例源码获取

  • CSDN下载地址
  • 私聊、评论区、+V均可

版权声明:

本网仅为发布的内容提供存储空间,不对发表、转载的内容提供任何形式的保证。凡本网注明“来源:XXX网络”的作品,均转载自其它媒体,著作权归作者所有,商业转载请联系作者获得授权,非商业转载请注明出处。

我们尊重并感谢每一位作者,均已注明文章来源和作者。如因作品内容、版权或其它问题,请及时与我们联系,联系邮箱:809451989@qq.com,投稿邮箱:809451989@qq.com