spring security 4.1 中自定义登录界面和扩展login controller
来源:互联网 发布:淘宝权重怎么查 编辑:程序博客网 时间:2024/05/17 22:26
spring security 4.1.3 中自定义登录界面 并且扩展 login controller的实现和配置方法
参考文档 : 自定义Login/Logout Filter、AuthenticationProvider、AuthenticationToken
Spring Security Reference
1. 需求:
在项目中需要用spring security来进行权限管理。并且需要对login的功能进行扩展。比如:登录成功以后,把用户名放入session中
2. 配置
web.xml
<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="Whale" version="3.1"> <display-name>Whale</display-name> <filter> <filter-name>encodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <async-supported>true</async-supported> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath:META-INF/applicationContext.xml, classpath:META-INF/applicationContext-security.xml </param-value> </context-param> <!-- 防止内存泄漏 --> <listener> <listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class> </listener> <servlet> <servlet-name>SpringMVC</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:META-INF/spring-mvc.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> <async-supported>true</async-supported> </servlet> <servlet-mapping> <servlet-name>SpringMVC</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!-- spring security --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- end --> <welcome-file-list> <welcome-file>/views/welcome.jsp</welcome-file> </welcome-file-list> <servlet-mapping> <servlet-name>jsp</servlet-name> <url-pattern>*.jsp</url-pattern> </servlet-mapping> <session-config> <session-timeout>10</session-timeout> </session-config></web-app>
applicationContext-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd"> <http auto-config="false"> <intercept-url pattern="/" access="permitAll" /> <intercept-url pattern="/admin**" access="hasRole('ADMIN')" /> <intercept-url pattern="/dba**" access="hasRole('DBA')" /> <!-- 自定义登录的界面 --> <form-login login-page="/views/login.jsp" username-parameter="username" password-parameter="password" authentication-failure-url="/views/accessDenied.jsp" /> <!-- 自定登录的filter --> <custom-filter before="FORM_LOGIN_FILTER" ref="customLoginFilter" /> <!-- 自定退出的filter --> <custom-filter before="LOGOUT_FILTER" ref="customLogoutFilter" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user name="user" password="user" authorities="ROLE_USER" /> <user name="admin" password="root123" authorities="ROLE_ADMIN" /> <user name="dba" password="dba" authorities="ROLE_ADMIN,ROLE_DBA" /> </user-service> </authentication-provider> </authentication-manager> <!-- 指定登录filter的实现类 --> <beans:bean id="customLoginFilter" class="com.ninelephas.whale.springsecurity.CustomLoginFilter"> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean> <!-- 指定退出filter的实现类 --> <beans:bean id="customLogoutFilter" class="com.ninelephas.whale.springsecurity.CustomLogoutFilter"> <!-- 处理退出的虚拟url --> <beans:property name="filterProcessesUrl" value="/logout" /> <!-- 退出处理成功后的默认显示url --> <beans:constructor-arg index="0" value="/" /> <beans:constructor-arg index="1"> <!-- 退出成功后的handler列表 --> <beans:array> <beans:bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" /> <!-- 加入了开发人员自定义的退出成功处理 --> <beans:bean id="customLogoutSuccessHandler" class="com.ninelephas.whale.springsecurity.CustomLogoutHandler" /> </beans:array> </beans:constructor-arg> </beans:bean></beans:beans>
- 这里要注意几点:
a. http auto-config=”false” 不能设置成auto-config=”true”
b. 自定义登录的界面
<form-login login-page="/views/login.jsp" username-parameter="username" password-parameter="password" authentication-failure-url="/views/accessDenied.jsp" />
c. 自定义登录的filter
<custom-filter before="FORM_LOGIN_FILTER" ref="customLoginFilter" />
d. 定义 authentication-manager 的别名,指定给filter来使用
<authentication-manager alias="authenticationManager">
e. 指定登录filter的实现类
<beans:bean id="customLoginFilter" class="com.ninelephas.whale.springsecurity.CustomLoginFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean> - customLoginFilter 的代码如下:
/** * @Title: CustomLoginFilter.java * @Package com.ninelephas.whale.springsecurity * @Description: TODO * Copyright: Copyright (c) 2016 * Company:九象网络科技(上海)有限公司 * * @author roamerxv * @date 2016年9月6日 上午11:23:31 * @version V1.0.0 */package com.ninelephas.whale.springsecurity;import java.io.IOException;import javax.servlet.FilterChain;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.logging.log4j.LogManager;import org.apache.logging.log4j.Logger;import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;import org.springframework.security.core.Authentication;import org.springframework.security.core.AuthenticationException;import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;/** * @ClassName: CustomLoginFilter * @Description: TODO * @author Comsys-roamerxv * @date 2016年9月6日 上午11:23:31 * */public class CustomLoginFilter extends UsernamePasswordAuthenticationFilter { /** * Logger for this class */ private static final Logger logger = LogManager.getLogger(CustomLoginFilter.class.getName()); public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { logger.debug("attemptAuthentication(HttpServletRequest, HttpServletResponse) - start"); //$NON-NLS-1$ String username = obtainUsername(request).toUpperCase().trim(); String password = obtainPassword(request); Authentication returnAuthentication = null; try { UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password); returnAuthentication = this.getAuthenticationManager().authenticate(authRequest); } catch (Exception e) { logger.error(e); throw e ; } logger.debug("attemptAuthentication(HttpServletRequest, HttpServletResponse) - end"); //$NON-NLS-1$ return returnAuthentication; } @Override protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException { logger.debug("successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - start"); //$NON-NLS-1$ super.successfulAuthentication(request, response, chain, authResult); logger.debug("登录成功!"); logger.debug("successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - end"); //$NON-NLS-1$ } @Override protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException { logger.debug("unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - start"); //$NON-NLS-1$ super.unsuccessfulAuthentication(request, response, failed); logger.debug("登录失败!"); logger.debug("unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - end"); //$NON-NLS-1$ }}
CustomLogoutFilter.java
/** * @Title: CustomLogoutFilter.java * @Package com.ninelephas.whale.springsecurity * @Description: TODO * Copyright: Copyright (c) 2016 * Company:九象网络科技(上海)有限公司 * * @author roamerxv * @date 2016年9月6日 下午3:13:07 * @version V1.0.0 */package com.ninelephas.whale.springsecurity;import org.apache.logging.log4j.Logger;import org.apache.logging.log4j.LogManager;import org.springframework.security.web.authentication.logout.LogoutFilter;import org.springframework.security.web.authentication.logout.LogoutHandler;import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;/** * @ClassName: CustomLogoutFilter * @Description: TODO * @author Comsys-roamerxv * @date 2016年9月6日 下午3:13:07 * */public class CustomLogoutFilter extends LogoutFilter { /** * Logger for this class */ private static final Logger logger = LogManager.getLogger(CustomLogoutFilter.class.getName()); /** * * 创建一个新的实例 CustomLogoutFilter. * <p> * Title: * </p> * <p> * Description: * </p> * * @param logoutSuccessHandler * @param handlers */ public CustomLogoutFilter(String logoutSuccessUrl, LogoutHandler... handlers) { super(logoutSuccessUrl, handlers); logger.debug("CustomLogoutFilter(String, LogoutHandler[]) - start"); //$NON-NLS-1$ logger.debug("CustomLogoutFilter(String, LogoutHandler[]) - end"); //$NON-NLS-1$ } public CustomLogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers) { super(logoutSuccessHandler, handlers); logger.debug("CustomLogoutFilter(LogoutSuccessHandler, LogoutHandler[]) - start"); //$NON-NLS-1$ logger.debug("CustomLogoutFilter(LogoutSuccessHandler, LogoutHandler[]) - end"); //$NON-NLS-1$ }}
CustomLogoutHandler.java
/** * @Title: CustomLogoutHandler.java * @Package com.ninelephas.whale.springsecurity * @Description: TODO * Copyright: Copyright (c) 2016 * Company:九象网络科技(上海)有限公司 * * @author roamerxv * @date 2016年9月6日 下午3:38:30 * @version V1.0.0 */package com.ninelephas.whale.springsecurity;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.logging.log4j.LogManager;import org.apache.logging.log4j.Logger;import org.springframework.security.core.Authentication;import org.springframework.security.web.authentication.logout.LogoutHandler;/** * @ClassName: CustomLogoutHandler * @Description: TODO * @author Comsys-roamerxv * @date 2016年9月6日 下午3:38:30 * */public class CustomLogoutHandler implements LogoutHandler { /** * Logger for this class */ private static final Logger logger = LogManager.getLogger(CustomLogoutHandler.class.getName()); /** * 创建一个新的实例 CustomLogoutHandler. * <p>Title: </p> * <p>Description: </p> * @param logoutSuccessHandler * @param handlers */ public CustomLogoutHandler() { } public void logout(HttpServletRequest request,HttpServletResponse response, Authentication authentication){ logger.debug("logout(HttpServletRequest, HttpServletResponse, Authentication) - start"); //$NON-NLS-1$ logger.debug("logout(HttpServletRequest, HttpServletResponse, Authentication) - end"); //$NON-NLS-1$ }}
0 0
- spring security 4.1 中自定义登录界面和扩展login controller
- Spring Security自定义Login
- spring security中如何弹出登录模态框(form login与ajax login并存)
- Spring Security学习二 - 自定义Login方法
- spring security起步三:自定义登录配置与form-login属性详解
- spring security起步三:自定义登录配置与form-login属性详解
- spring security起步三:自定义登录配置与form-login属性详解
- Spring Security 3.1自定义登录
- spring security 自定义认证登录
- Spring security使用自定义登录界面且显示登录异常信息的例子
- Spring Security 的login(登录页)重构
- spring boot + mybatis + spring security(自定义登录界面)环境搭建
- Spring Security Form Login
- AlertDialog自定义布局,类似ListView选择和Login登录界面的。视频教程看到的,留着哪天用得到
- Spring Security笔记:自定义Login/Logout Filter、AuthenticationProvider、AuthenticationToken
- Spring Security笔记:自定义Login/Logout Filter、AuthenticationProvider、AuthenticationToken
- Spring Security笔记:自定义Login/Logout Filter、AuthenticationProvider、AuthenticationToken
- Spring Security笔记:自定义Login/Logout Filter、AuthenticationProvider、AuthenticationToken
- 开启博客的第一天
- H5—新特性
- 利用sort排序
- android自定义抽奖转盘
- xcode7免证书真机调试
- spring security 4.1 中自定义登录界面和扩展login controller
- POJ 2778 DNA Sequence(AC自动机+矩阵加速)
- Xcode编译之后使用cocoapods导入的第三库中头文件找不到库中的某些文件
- 获取时间戳
- Android RecyclerView 使用完全解析 体验艺术般的控件
- QWindowsWindow::setGeometryDp: Unable to set geometry
- ROS 学习系列 -- RViz 实时观测机器人建立导航2D封闭空间地图过程 (SLAM)
- 使用Spring Cloud Feign作为HTTP客户端调用远程HTTP服务
- js 文件的上传 分段读取文件 FileReader