springboot1.5.x 第一部分自定义用户认证

按图引入包

此时，所有的接口都被保护起来，访问接口都会出现提示框如下

最基本配置如下：

效果如下：

控制台会有一个生成的密码：

基本原理，是每个过滤器处理一种认证方式：

自定义用户认证逻辑：

UserDetails和User类都是框架自带，User类带有很多属性方法，比如是否过期之类的，按需使用。如下，就多用几个

加密解密器，用上面一个

可以使用自带的实现类，也可以自己实现类

 1 /**
 2  * 
 3  */
 4 package com.imooc.security.browser;
 5 
 6 import java.io.IOException;
 7 
 8 import javax.servlet.http.HttpServletRequest;
 9 import javax.servlet.http.HttpServletResponse;
10 
11 import org.apache.commons.lang.StringUtils;
12 import org.slf4j.Logger;
13 import org.slf4j.LoggerFactory;
14 import org.springframework.beans.factory.annotation.Autowired;
15 import org.springframework.http.HttpStatus;
16 import org.springframework.security.web.DefaultRedirectStrategy;
17 import org.springframework.security.web.RedirectStrategy;
18 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
19 import org.springframework.security.web.savedrequest.RequestCache;
20 import org.springframework.security.web.savedrequest.SavedRequest;
21 import org.springframework.web.bind.annotation.RequestMapping;
22 import org.springframework.web.bind.annotation.ResponseStatus;
23 import org.springframework.web.bind.annotation.RestController;
24 
25 import com.imooc.security.browser.support.SimpleResponse;
26 import com.imooc.security.core.properties.SecurityProperties;
27 
28 /**
29  * @author zhailiang
30  *
31  */
32 @RestController
33 public class BrowserSecurityController {
34     
35     private Logger logger = LoggerFactory.getLogger(getClass());
36 
37     private RequestCache requestCache = new HttpSessionRequestCache();
38     
39     private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
40     
41     @Autowired
42     private SecurityProperties securityProperties;
43 
44     /**
45      * 当需要身份认证时，跳转到这里
46      * 
47      * @param request
48      * @param response
49      * @return
50      * @throws IOException 
51      */
52     @RequestMapping("/authentication/require")
53     @ResponseStatus(code = HttpStatus.UNAUTHORIZED)
54     public SimpleResponse requireAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException {
55 
56         SavedRequest savedRequest = requestCache.getRequest(request, response);
57 
58         if (savedRequest != null) {
59             String targetUrl = savedRequest.getRedirectUrl();
60             logger.info("引发跳转的请求是:"+targetUrl);
61             if(StringUtils.endsWithIgnoreCase(targetUrl, ".html")){
62                 redirectStrategy.sendRedirect(request, response, securityProperties.getBrowser().getLoginPage());
63             }
64         }
65 
66         return new SimpleResponse("访问的服务需要身份认证，请引导用户到登录页");
67     }
68 
69 }

自定义成功处理器，失败处理器

加入配置

下面改进，可以继承框架已有的类，复用逻辑

 1 /**
 2  * 
 3  */
 4 package com.imooc.security.browser.authentication;
 5 
 6 import java.io.IOException;
 7 
 8 import javax.servlet.ServletException;
 9 import javax.servlet.http.HttpServletRequest;
10 import javax.servlet.http.HttpServletResponse;
11 
12 import org.slf4j.Logger;
13 import org.slf4j.LoggerFactory;
14 import org.springframework.beans.factory.annotation.Autowired;
15 import org.springframework.security.core.Authentication;
16 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
17 import org.springframework.stereotype.Component;
18 
19 import com.fasterxml.jackson.databind.ObjectMapper;
20 import com.imooc.security.core.properties.LoginType;
21 import com.imooc.security.core.properties.SecurityProperties;
22 
23 /**
24  * @author zhailiang
25  *
26  */
27 @Component("imoocAuthenticationSuccessHandler")
28 public class ImoocAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
29 
30     private Logger logger = LoggerFactory.getLogger(getClass());
31 
32     @Autowired
33     private ObjectMapper objectMapper;
34 
35     @Autowired
36     private SecurityProperties securityProperties;
37 
38     /*
39      * (non-Javadoc)
40      * 
41      * @see org.springframework.security.web.authentication.
42      * AuthenticationSuccessHandler#onAuthenticationSuccess(javax.servlet.http.
43      * HttpServletRequest, javax.servlet.http.HttpServletResponse,
44      * org.springframework.security.core.Authentication)
45      */
46     @Override
47     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
48             Authentication authentication) throws IOException, ServletException {
49 
50         logger.info("登录成功");
51 
52         if (LoginType.JSON.equals(securityProperties.getBrowser().getLoginType())) {
53             response.setContentType("application/json;charset=UTF-8");
54             response.getWriter().write(objectMapper.writeValueAsString(authentication));
55         } else {
56             super.onAuthenticationSuccess(request, response, authentication);
57         }
58 
59     }
60 
61 }

View Code

 1 /**
 2  * 
 3  */
 4 package com.imooc.security.browser.authentication;
 5 
 6 import java.io.IOException;
 7 
 8 import javax.servlet.ServletException;
 9 import javax.servlet.http.HttpServletRequest;
10 import javax.servlet.http.HttpServletResponse;
11 
12 import org.slf4j.Logger;
13 import org.slf4j.LoggerFactory;
14 import org.springframework.beans.factory.annotation.Autowired;
15 import org.springframework.security.core.Authentication;
16 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
17 import org.springframework.stereotype.Component;
18 
19 import com.fasterxml.jackson.databind.ObjectMapper;
20 import com.imooc.security.core.properties.LoginType;
21 import com.imooc.security.core.properties.SecurityProperties;
22 
23 /**
24  * @author zhailiang
25  *
26  */
27 @Component("imoocAuthenticationSuccessHandler")
28 public class ImoocAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
29 
30     private Logger logger = LoggerFactory.getLogger(getClass());
31 
32     @Autowired
33     private ObjectMapper objectMapper;
34 
35     @Autowired
36     private SecurityProperties securityProperties;
37 
38     /*
39      * (non-Javadoc)
40      * 
41      * @see org.springframework.security.web.authentication.
42      * AuthenticationSuccessHandler#onAuthenticationSuccess(javax.servlet.http.
43      * HttpServletRequest, javax.servlet.http.HttpServletResponse,
44      * org.springframework.security.core.Authentication)
45      */
46     @Override
47     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
48             Authentication authentication) throws IOException, ServletException {
49 
50         logger.info("登录成功");
51 
52         if (LoginType.JSON.equals(securityProperties.getBrowser().getLoginType())) {
53             response.setContentType("application/json;charset=UTF-8");
54             response.getWriter().write(objectMapper.writeValueAsString(authentication));
55         } else {
56             super.onAuthenticationSuccess(request, response, authentication);
57         }
58 
59     }
60 
61 }

View Code

springboot1.5.x 第一部分 自定义用户认证

springboot1.5.x 第一部分自定义用户认证