JavaWeb-SpringSecurity自定义登陆配置

 

 

  系列博文

  项目已上传至guthub  传送门

  JavaWeb-SpringSecurity初认识  传送门

  JavaWeb-SpringSecurity在数据库中查询登陆用户  传送门

  JavaWeb-SpringSecurity自定义登陆页面  传送门

  JavaWeb-SpringSecurity实现需求-判断请求是否以html结尾  传送门

  JavaWeb-SpringSecurity自定义登陆配置  传送门

  JavaWeb-SpringSecurity图片验证ImageCode  传送门

  JavaWeb-SpringSecurity记住我功能  传送门

  JavaWeb-SpringSecurity使用短信验证码登陆  传送门

 

 

使用Restful自定义登陆配置

  自定义登陆成功后的Handler 

  添加hhandler类库,创建LoginSuccessHandler.class,实现用户成功登陆Handler

  

    @Override
    //登陆成功之后会调用的函数
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            //封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
            Authentication authentication) throws IOException, ServletException {
        // TODO Auto-generated method stub
        
        System.out.println("登陆成功");
        
        response.setContentType("application/json;charset=UTF-8");
        
        //将我们authentication转换为json通过response对象以application/json写到页面
        response.getWriter().write(objectMapper.writeValueAsString(authentication));
        
    }

 

  在SecurityConfig.java中配置configure()方法

protected void configure(HttpSecurity http) throws Exception{
        //表单验证(身份认证)
        http.formLogin()
            //自定义登陆页面
            .loginPage("/require")
            //如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
            .loginProcessingUrl("/loginPage")
            //配置登陆成功调用loginSuccessHandler
            .successHandler(loginSuccessHandler)
            .and()
            //请求授权
            .authorizeRequests()
            //在访问我们的URL时,我们是不需要省份认证,可以立即访问
            .antMatchers("/login.html","/require").permitAll()
            //所有请求都被拦截,跳转到(/login请求中)
            .anyRequest()
            //都需要我们身份认证
            .authenticated()
            //SpringSecurity保护机制
            .and().csrf().disable();
    }

 

 

package com.Gary.GaryRESTful.handler;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

import com.fasterxml.jackson.databind.ObjectMapper;

@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler{

    //将我们的authentication转换为json所需要的类
    @Autowired
    private ObjectMapper objectMapper;
    
    
    @Override
    //登陆成功之后会调用的函数
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            //封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
            Authentication authentication) throws IOException, ServletException {
        // TODO Auto-generated method stub
        
        System.out.println("登陆成功");
        
        response.setContentType("application/json;charset=UTF-8");
        
        //将我们authentication转换为json通过response对象以application/json写到页面
        response.getWriter().write(objectMapper.writeValueAsString(authentication));
        
    }
    
}
LoginSuccessHandler.java

 

package com.Gary.GaryRESTful.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import com.Gary.GaryRESTful.handler.LoginSuccessHandler;


//Web应用安全适配器
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    //告诉SpringSecurity密码用什么加密的
    @Bean
    public PasswordEncoder passwordEncoder()
    {
        return new BCryptPasswordEncoder();
    }
    
    @Autowired
    private LoginSuccessHandler loginSuccessHandler;

    protected void configure(HttpSecurity http) throws Exception{
        //表单验证(身份认证)
        http.formLogin()
            //自定义登陆页面
            .loginPage("/require")
            //如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
            .loginProcessingUrl("/loginPage")
            //配置登陆成功调用loginSuccessHandler
            .successHandler(loginSuccessHandler)
            .and()
            //请求授权
            .authorizeRequests()
            //在访问我们的URL时,我们是不需要省份认证,可以立即访问
            .antMatchers("/login.html","/require").permitAll()
            //所有请求都被拦截,跳转到(/login请求中)
            .anyRequest()
            //都需要我们身份认证
            .authenticated()
            //SpringSecurity保护机制
            .and().csrf().disable();
    }
    
}
SecurityConfig.java

 

//用户权限
authorities:

//认证请求的信息(ip,session)
details

//用户是否已经通过了我们的身份认证
authenticated

//UserDetails
principal

//用户输入的密码
credentials

//用户名
name

 

   用户登陆失败后的Handler

@Override
    //登陆不成功产生的错误
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException exception) throws IOException, ServletException {
        
        System.out.println("登陆失败");
        
        //设置返回的状态码 500
        response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
        
        response.setContentType("application/json;charset=UTF-8");
        
        //将我们authentication转换为json通过response对象以application/json写到页面
        response.getWriter().write(objectMapper.writeValueAsString(exception));
        
    }

 

  在SecurityConfig.java中配置configure()方法

protected void configure(HttpSecurity http) throws Exception{
        //表单验证(身份认证)
        http.formLogin()
            //自定义登陆页面
            .loginPage("/require")
            //如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
            .loginProcessingUrl("/loginPage")
            //配置登陆成功调用loginSuccessHandler
            .successHandler(loginSuccessHandler)
            //配置登陆失败调用loginFailureHandler
            .failureHandler(loginFailureHandler)
            .and()
            //请求授权
            .authorizeRequests()
            //在访问我们的URL时,我们是不需要省份认证,可以立即访问
            .antMatchers("/login.html","/require").permitAll()
            //所有请求都被拦截,跳转到(/login请求中)
            .anyRequest()
            //都需要我们身份认证
            .authenticated()
            //SpringSecurity保护机制
            .and().csrf().disable();
    }

 

 

package com.Gary.GaryRESTful.handler;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;

import com.fasterxml.jackson.databind.ObjectMapper;

@Component
public class LoginFailureHandler implements AuthenticationFailureHandler{

    //将我们的authentication转换为json所需要的类
    @Autowired
    private ObjectMapper objectMapper;

    @Override
    //登陆不成功产生的错误
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException exception) throws IOException, ServletException {
        
        System.out.println("登陆失败");
        
        //设置返回的状态码 500
        response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
        
        response.setContentType("application/json;charset=UTF-8");
        
        //将我们authentication转换为json通过response对象以application/json写到页面
        response.getWriter().write(objectMapper.writeValueAsString(exception));
        
    }
    



    
    
}
LoginFailureHandler.java

 

package com.Gary.GaryRESTful.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import com.Gary.GaryRESTful.handler.LoginFailureHandler;
import com.Gary.GaryRESTful.handler.LoginSuccessHandler;


//Web应用安全适配器
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    //告诉SpringSecurity密码用什么加密的
    @Bean
    public PasswordEncoder passwordEncoder()
    {
        return new BCryptPasswordEncoder();
    }
    
    @Autowired
    private LoginSuccessHandler loginSuccessHandler;

    @Autowired
    private LoginFailureHandler loginFailureHandler;
    
    protected void configure(HttpSecurity http) throws Exception{
        //表单验证(身份认证)
        http.formLogin()
            //自定义登陆页面
            .loginPage("/require")
            //如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
            .loginProcessingUrl("/loginPage")
            //配置登陆成功调用loginSuccessHandler
            .successHandler(loginSuccessHandler)
            //配置登陆失败调用loginFailureHandler
            .failureHandler(loginFailureHandler)
            .and()
            //请求授权
            .authorizeRequests()
            //在访问我们的URL时,我们是不需要省份认证,可以立即访问
            .antMatchers("/login.html","/require").permitAll()
            //所有请求都被拦截,跳转到(/login请求中)
            .anyRequest()
            //都需要我们身份认证
            .authenticated()
            //SpringSecurity保护机制
            .and().csrf().disable();
    }
    
}
SecurityConfig.java

 

  用户自定义登陆配置

  在application.properties中配置gary.security.loginType为JSON

  当用户登陆成功时,当用户打印出登陆成功信息(JSON格式)

  @Override
    //登陆成功之后会调用的函数
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            //封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
            Authentication authentication) throws IOException, ServletException {
        // TODO Auto-generated method stub
        
        System.out.println("登陆成功");
        System.out.println(garySecurityProperties.getLoginType());
        
        response.setContentType("application/json;charset=UTF-8");
        
        //将我们authentication转换为json通过response对象以application/json写到页面
        response.getWriter().write(objectMapper.writeValueAsString(authentication));
        
    }

 

 

#datasource
spring.datasource.url=jdbc:mysql:///springsecurity?serverTimezone=UTC&characterEncoding=utf-8
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.dricer-class-name=com.mysql.jdbc.Driver

#jpa
#打印出数据库语句
spring.jpa.show-sql=true
#更新数据库表
spring.jpa.hibernate.ddl-auto=update


gary.security.loginType = JSON
application.properties

 

package com.Gary.GaryRESTful.properties;

import org.springframework.boot.context.properties.ConfigurationProperties;

@ConfigurationProperties(prefix = "gary.security")
public class GarySecurityProperties {

    //LoginType登陆的方式,默认为JSON(restful设计风格)
    private LoginType loginType = LoginType.JSON;

    public LoginType getLoginType() {
        return loginType;
    }

    public void setLoginType(LoginType loginType) {
        this.loginType = loginType;
    }
    
    
    
}
GarySecurityProperties.java

 

package com.Gary.GaryRESTful.properties;


//登陆的方式
public enum LoginType {
    
    JSON,
    
    REDIRECT
    
}
LoginType.java

 

package com.Gary.GaryRESTful.properties;


import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;

@Configuration
//让我们的配置生效
@EnableConfigurationProperties(GarySecurityProperties.class)
public class GarySecurityConfig {

}
GarySecurityConfig.java

 

package com.Gary.GaryRESTful.handler;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;

import com.fasterxml.jackson.databind.ObjectMapper;

@Component
public class LoginFailureHandler implements AuthenticationFailureHandler{

    //将我们的authentication转换为json所需要的类
    @Autowired
    private ObjectMapper objectMapper;

    @Override
    //登陆不成功产生的错误
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException exception) throws IOException, ServletException {
        
        System.out.println("登陆失败");
        
        //设置返回的状态码 500         SC_INTERNAL_SERVER_ERROR
        response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
        
        response.setContentType("application/json;charset=UTF-8");
        
        //将我们authentication转换为json通过response对象以application/json写到页面
        response.getWriter().write(objectMapper.writeValueAsString(exception));
        
    }
    



    
    
}
LoginFailureHandler.java

 

package com.Gary.GaryRESTful.handler;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

import com.Gary.GaryRESTful.properties.GarySecurityProperties;
import com.fasterxml.jackson.databind.ObjectMapper;

@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler{

    //将我们的authentication转换为json所需要的类
    @Autowired
    private ObjectMapper objectMapper;
    
    @Autowired
    private GarySecurityProperties garySecurityProperties;
    
    @Override
    //登陆成功之后会调用的函数
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            //封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
            Authentication authentication) throws IOException, ServletException {
        // TODO Auto-generated method stub
        
        System.out.println("登陆成功");
        System.out.println(garySecurityProperties.getLoginType());
        
        response.setContentType("application/json;charset=UTF-8");
        
        //将我们authentication转换为json通过response对象以application/json写到页面
        response.getWriter().write(objectMapper.writeValueAsString(authentication));
        
    }
    
}
LoginSuccessHandler.java

 

 

为提高软件通用性

  在application.properties中配置gary.security.loginType为REDIRECT(重定向)

  当用户登陆成功时,LoginSuccessHandler重定向到default.jsp继承SavedRequestAwareAuthenticationSuccessHandler,SavedRequestAwareAuthenticationSuccessHandler为SpringSecurity默认处理机制

@Override
    //登陆成功之后会调用的函数
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            //封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
            Authentication authentication) throws IOException, ServletException {
        // TODO Auto-generated method stub
        
        System.out.println("登陆成功");
        
        
        if(LoginType.JSON.equals(garySecurityProperties.getLoginType()))
        {
            response.setContentType("application/json;charset=UTF-8");
            
            //将我们authentication转换为json通过response对象以application/json写到页面
            response.getWriter().write(objectMapper.writeValueAsString(authentication));
        }
        else
        {
            //调用父类中的方法,跳转到其它页面
            super.onAuthenticationSuccess(request, response, authentication);
        }
        
    }

 

   当用户登陆失败时,springsecurity进行对请求的拦截

//登陆不成功产生的错误
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException exception) throws IOException, ServletException {
        
        System.out.println("登陆失败");
        
        if(LoginType.JSON.equals(garySecurityProperties.getLoginType()))
        {
            //设置返回的状态码 500         SC_INTERNAL_SERVER_ERROR
            response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
            
            response.setContentType("application/json;charset=UTF-8");
            //将我们authentication转换为json通过response对象以application/json写到页面
            response.getWriter().write(objectMapper.writeValueAsString(exception));
            
        }
        else
        {
            //调用父类中的方法,跳转到其它页面
            super.onAuthenticationFailure(request, response, exception);
        }

 

 

 

#datasource
spring.datasource.url=jdbc:mysql:///springsecurity?serverTimezone=UTC&characterEncoding=utf-8
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.dricer-class-name=com.mysql.jdbc.Driver

#jpa
#打印出数据库语句
spring.jpa.show-sql=true
#更新数据库表
spring.jpa.hibernate.ddl-auto=update


gary.security.loginType = REDIRECT
application.properties

 

package com.Gary.GaryRESTful.handler;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

import com.Gary.GaryRESTful.properties.GarySecurityProperties;
import com.Gary.GaryRESTful.properties.LoginType;
import com.fasterxml.jackson.databind.ObjectMapper;

@Component
//SavedRequestAwareAuthenticationSuccessHandler为SpringSecurity默认处理机制
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{

    //将我们的authentication转换为json所需要的类
    @Autowired
    private ObjectMapper objectMapper;
    
    @Autowired
    private GarySecurityProperties garySecurityProperties;
    
    @Override
    //登陆成功之后会调用的函数
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            //封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息)
            Authentication authentication) throws IOException, ServletException {
        // TODO Auto-generated method stub
        
        System.out.println("登陆成功");
        
        
        if(LoginType.JSON.equals(garySecurityProperties.getLoginType()))
        {
            response.setContentType("application/json;charset=UTF-8");
            
            //将我们authentication转换为json通过response对象以application/json写到页面
            response.getWriter().write(objectMapper.writeValueAsString(authentication));
        }
        else
        {
            //调用父类中的方法,跳转到其它页面
            super.onAuthenticationSuccess(request, response, authentication);
        }
        
    }
    
}
LoginSuccessHandler.java

 

package com.Gary.GaryRESTful.handler;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;

import com.Gary.GaryRESTful.properties.GarySecurityProperties;
import com.Gary.GaryRESTful.properties.LoginType;
import com.fasterxml.jackson.databind.ObjectMapper;

@Component
//springsecurity默认处理器
public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler{

    //将我们的authentication转换为json所需要的类
    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    //我们自己的配置
    private GarySecurityProperties garySecurityProperties;
    
    @Override
    //登陆不成功产生的错误
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException exception) throws IOException, ServletException {
        
        System.out.println("登陆失败");
        
        if(LoginType.JSON.equals(garySecurityProperties.getLoginType()))
        {
            //设置返回的状态码 500         SC_INTERNAL_SERVER_ERROR
            response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
            
            response.setContentType("application/json;charset=UTF-8");
            //将我们authentication转换为json通过response对象以application/json写到页面
            response.getWriter().write(objectMapper.writeValueAsString(exception));
            
        }
        else
        {
            //调用父类中的方法,跳转到其它页面
            super.onAuthenticationFailure(request, response, exception);
        }
        
        
        
        
        
    }
    



    
    
}
LoginFailureHandler.java

 

 

 

posted @ 2019-10-30 02:22 Cynical丶Gary 阅读(...) 评论(...) 编辑 收藏