SpringSecurity学习1-入门详解
在上一篇的demo中,我们在登录成功后,跳转页面用到了successForwardUrl() ,表示成功后转发请求到地址。内部是通过 successHandler() 方法进行控制成功后交给哪个类进行处理
源码分析
可以看到sucessForwardUrl将forwordUrl 转发给ForwardAuthenticationSuccessHandler类进行处理
而ForwardAuthenticationSuccessHandler类的内部是简单的请求转发
当我们需要请求跳转到站外的地址或者在前后端分离的项目中登录请求跳转时,使用successForwardUrl()是不行的,这就需要我们去自定义控制器
自定义登录成功处理器,重写AuthenticationSuccessHandler接口中的方法
ample.demo.handler;import org.Authentication;
import org.userdetails.User;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;//自定义登陆成功处理器
public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler {private String url;public MyAuthenticationSuccessHandler(String url) {this.url = url;}@Overridepublic void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {System.out.RemoteAddr());//获取ip地址User user = (Principal();//Principl主体存放了登录用户的信息System.out.Authorities());//权限System.out.Password());//出于安全考虑,输出null,无法查看System.out.Username());httpServletResponse.sendRedirect(url);//重定向至设定的url}
}Authentication源码
//源码
public interface Authentication extends Principal, Serializable {Collection<? extends GrantedAuthority> getAuthorities();//获取权限Object getCredentials();//获取凭证Object getDetails();//获取详情Object getPrincipal();//获取对象boolean isAuthenticated();void setAuthenticated(boolean var1) throws IllegalArgumentException;
}
同理 自定义登录失败处理器,重写AuthenticationFailureHandler接口中的方法
ample.demo.handler;import org.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;public class MyAuthenticationFailureHandler implements AuthenticationFailureHandler {private String url;public MyAuthenticationFailureHandler(String url) {this.url = url;}@Overridepublic void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {httpServletResponse.sendRedirect(url);}
}接下来需要去修改配置类,自定义控制器设定登录成功跳转到百度,登录失败跳转到知乎
fig;import t.annotation.Bean;
import t.annotation.Configuration;
import org.fig.annotation.web.builders.HttpSecurity;
import org.fig.figuration.WebSecurityConfigurerAdapter;
import org.pto.bcrypt.BCryptPasswordEncoder;
import org.pto.password.PasswordEncoder;@Configuration
//自定义登录页
public class SecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http)throws Exception{//登录http.formLogin()//自定义登录页面.loginPage("/login.html")//必须和表单提交的接口一致.loginProcessingUrl("/login")//登录成功跳转的页面,POST请求//.successForwardUrl("/toMain")//自定义登陆成功处理器.successHandler(new MyAuthenticationSuccessHandler(""))//.successHandler(new MyAuthenticationSuccessHandler("/main.html"))//登录失败后跳转的页面,post请求//.failureForwardUrl("/toError")//自定义登陆失败处理器.failureHandler(new MyAuthenticationFailureHandler(""));//.failureHandler(new MyAuthenticationFailureHandler("/error.html"));//授权http.authorizeRequests()//放行login.html,无需验证.antMatchers("/login.html").permitAll()//放行error.html,无需验证.antMatchers("/error.html").permitAll()//所有请求都必须通过认证才能访问,(必须登录).anyRequest().authenticated();//拦截所有请求,有先后顺序,anyRequest()放在最后//关闭csrf防护http.csrf().disable();}@Beanpublic PasswordEncoder getPw(){return new BCryptPasswordEncoder();}
}本文发布于:2024-01-27 17:02:46,感谢您对本站的认可!
本文链接:https://www.4u4v.net/it/17063461631533.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
| 留言与评论(共有 0 条评论) |
