使用java 编程的注解的方式定制spring security
来源:互联网 发布:steam联机游戏mac 编辑:程序博客网 时间:2024/05/21 19:33
上一批博客 介绍了用 xml配置的方式来使用spring security
现在改造成完全使用注解的方式进行 定制 spring security
编程方式替换 在web.xml中定义的spring 的 filterChain
<!-- spring security --><filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern></filter-mapping><!-- end -->
用java 代码来实现是:定义一个 SecurityWebApplicationInitializer 类来继承AbstractSecurityWebApplicationInitializer
/** * @Title: SecurityWebApplicationInitializer.java * @Package com.ninelephas.whale.springsecurity.configuration * @Description: TODO * Copyright: Copyright (c) 2016 * Company:九象网络科技(上海)有限公司 * * @author roamerxv * @date 2016年9月6日 下午7:04:47 * @version V1.0.0 */package com.ninelephas.whale.springsecurity.configuration;import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;/** * @ClassName: SecurityWebApplicationInitializer * @Description: TODO * @author Comsys-roamerxv * @date 2016年9月6日 下午7:04:47 * */public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {}
编程方式实现在 applicationContext-security.xml 中定义的 http 部分
<http auto-config="false"> <intercept-url pattern="/" access="permitAll" /> <intercept-url pattern="/admin**" access="hasRole('ADMIN')" /> <intercept-url pattern="/workflow/***" access="hasRole('ADMIN')" /> 自定义登录的界面 <form-login login-page="/views/login.jsp" username-parameter="username" password-parameter="password"/> 自定登录的filter <custom-filter before="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter" /> 自定退出的filter <custom-filter before="LOGOUT_FILTER" ref="customLogoutFilter" /> </http>
用java 代码来实现是:定义一个 SecurityConfiguration 类来继承WebSecurityConfigurerAdapter
“`
/**- @Title: SecurityConfiguration.java
- @Package com.ninelephas.whale.springsecurity.configuration
- @Description: TODO
- Copyright: Copyright (c) 2016
- Company:九象网络科技(上海)有限公司
-
- @author roamerxv
- @date 2016年9月7日 下午12:17:47
- @version V1.0.0
*/
package com.ninelephas.whale.springsecurity.configuration;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import com.ninelephas.whale.springsecurity.CustomLoginSuccessHandler;
import com.ninelephas.whale.springsecurity.CustomLogoutFilter;
import com.ninelephas.whale.springsecurity.CustomUsernamePasswordAuthenticationFilter;
/**
* @ClassName: SecurityConfiguration
* @Description: TODO
* @author Comsys-roamerxv
* @date 2016年9月7日 下午12:17:47
*
*/
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
/**
* Logger for this class
*/
private static final Logger logger = LogManager.getLogger(SecurityConfiguration.class.getName());
@AutowiredCustomUsernamePasswordAuthenticationFilter customUsernamePasswordAuthenticationFilter;
// @Autowired
// CustomLogoutFilter customLogoutFilter;
@AutowiredCustomLoginSuccessHandler customLoginSuccessHandler;// 这里要分配注入一个 AuthenticationManagerBuilder的实例@AutowiredAuthenticationManagerBuilder authenticationManagerBuilder;// 这里要注入这个方法。@Autowiredpublic void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { logger.debug("configureGlobal(AuthenticationManagerBuilder) - start"); //$NON-NLS-1$ this.authenticationManagerBuilder.inMemoryAuthentication().withUser("user").password("user").roles("USER"); this.authenticationManagerBuilder.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN"); logger.debug("configureGlobal(AuthenticationManagerBuilder) - end"); //$NON-NLS-1$}@Overrideprotected void configure(HttpSecurity http) throws Exception { logger.debug("configure(HttpSecurity) - start"); //$NON-NLS-1$ http.authorizeRequests() .antMatchers("/").access("permitAll") .antMatchers("/admin**").access("hasRole('ADMIN')") .antMatchers("/workflow/***").access("hasRole('ADMIN')") .and().formLogin().loginPage("/views/login.jsp").successHandler(customLoginSuccessHandler) .usernameParameter("username").passwordParameter("password") .and().csrf() .and().exceptionHandling() .and().addFilterBefore(customUsernamePasswordAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); //.addFilterBefore(customLogoutFilter, LogoutFilter.class); logger.debug("configure(HttpSecurity) - end"); //$NON-NLS-1$}// 这里要用@Bean注解这个方法,以便容器调用获取实例 AuthenticationManager 实例@Beanpublic AuthenticationManager authenticationManager() throws Exception { logger.debug("authenticationManager() - start"); //$NON-NLS-1$ logger.debug("authenticationManager() - end"); //$NON-NLS-1$ return this.authenticationManagerBuilder.build();}
}
```
3. 编程方式实现在 applicationContext-security.xml 中定义的 指定登录filter的实现类
<beans:bean id="customUsernamePasswordAuthenticationFilter" class="com.ninelephas.whale.springsecurity.CustomUsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
用java 代码来实现是:定义一个 CustomUsernamePasswordAuthenticationFilter 类来实现UsernamePasswordAuthenticationFilter
```/** * @Title: CustomLoginFilter.java * @Package com.ninelephas.whale.springsecurity * @Description: TODO * Copyright: Copyright (c) 2016 * Company:九象网络科技(上海)有限公司 * * @author roamerxv * @date 2016年9月6日 上午11:23:31 * @version V1.0.0 */package com.ninelephas.whale.springsecurity;import java.io.IOException;import javax.servlet.FilterChain;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.logging.log4j.LogManager;import org.apache.logging.log4j.Logger;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.core.Authentication;import org.springframework.security.core.AuthenticationException;import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;import org.springframework.stereotype.Component;/** * @ClassName: CustomLoginFilter * @Description: TODO * @author Comsys-roamerxv * @date 2016年9月6日 上午11:23:31 * */@Componentpublic class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter { /** * Logger for this class */ private static final Logger logger = LogManager.getLogger(CustomUsernamePasswordAuthenticationFilter.class.getName()); /* * <p>Title: setAuthenticationManager</p> * <p>指定AuthenticationManager</p> * @param authenticationManager * @see org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter#setAuthenticationManager(org.springframework.security.authentication.AuthenticationManager) */ @Autowired @Override public void setAuthenticationManager(AuthenticationManager authenticationManager) { logger.debug("setAuthenticationManager(AuthenticationManager) - start"); //$NON-NLS-1$ super.setAuthenticationManager(authenticationManager); logger.debug("setAuthenticationManager(AuthenticationManager) - end"); //$NON-NLS-1$ } /* * <p>Title: attemptAuthentication</p> * <p>登录验证做的出来: </p> * @param request * @param response * @return * @throws AuthenticationException * @see org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#attemptAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { logger.debug("attemptAuthentication(HttpServletRequest, HttpServletResponse) - start"); //$NON-NLS-1$ logger.debug("attemptAuthentication(HttpServletRequest, HttpServletResponse) - end"); //$NON-NLS-1$ return super.attemptAuthentication(request, response); } /* * <p>Title: successfulAuthentication</p> * <p>登录成功: </p> * @param request * @param response * @param chain * @param authResult * @throws IOException * @throws ServletException * @see org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter#successfulAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.FilterChain, org.springframework.security.core.Authentication) */ @Override protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException { logger.debug("successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - start"); //$NON-NLS-1$ super.successfulAuthentication(request, response, chain, authResult); logger.debug(new StringBuffer("登录成功!用户是:").append(authResult.getName())); request.getSession().setAttribute("user", authResult.getName()); logger.debug("successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - end"); //$NON-NLS-1$ } /* * <p>Title: unsuccessfulAuthentication</p> * <p>登录失败: </p> * @param request * @param response * @param failed * @throws IOException * @throws ServletException * @see org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter#unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.core.AuthenticationException) */ @Override protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException { logger.debug("unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - start"); //$NON-NLS-1$ super.unsuccessfulAuthentication(request, response, failed); logger.debug("登录失败!"); logger.debug("unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - end"); //$NON-NLS-1$ }}```
* 注意!!! *
在xml配置中customUsernamePasswordAuthenticationFilter 这部分需要指定authenticationManager ,并且 是通过
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="user" password="user" authorities="ROLE_USER" />
<user name="admin" password="admin" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
来指定的。所以在SecurityConfiguration.java 文件中需要注意着几个地方
a. 定义一个
@Autowired
AuthenticationManagerBuilder authenticationManagerBuilder;
变量
b. 在配置的函数里面 设置这个变量
// 这里要注入这个方法。 @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { logger.debug("configureGlobal(AuthenticationManagerBuilder) - start"); //$NON-NLS-1$ this.authenticationManagerBuilder.inMemoryAuthentication().withUser("user").password("user").roles("USER"); this.authenticationManagerBuilder.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN"); logger.debug("configureGlobal(AuthenticationManagerBuilder) - end"); //$NON-NLS-1$ }
c. 用Bean来注解authenticationManager的方法来返回这个 AuthenticationManager
// 这里要用@Bean注解这个方法,以便容器调用获取实例 AuthenticationManager 实例 @Bean public AuthenticationManager authenticationManager() throws Exception { logger.debug("authenticationManager() - start"); //$NON-NLS-1$ AuthenticationManager authenticationManager = this.authenticationManagerBuilder.build(); logger.debug(new StringBuffer("AuthenticationManager设置成功,对象指针是:").append(authenticationManager)); logger.debug("authenticationManager() - end"); //$NON-NLS-1$ return authenticationManager; }
d. 在CustomUsernamePasswordAuthenticationFilter.java 中设置这个变量
@Autowired @Override public void setAuthenticationManager(AuthenticationManager authenticationManager) { logger.debug("setAuthenticationManager(AuthenticationManager) - start"); //$NON-NLS-1$ super.setAuthenticationManager(authenticationManager); logger.debug("setAuthenticationManager(AuthenticationManager) - end"); //$NON-NLS-1$ }
-
- 5.
- 使用java 编程的注解的方式定制spring security
- spring security 注解@EnableGlobalMethodSecurity的三种开启注解方式
- java的方式配置spring security
- 纯java 使用spring的注解方式AOP
- Spring Security的使用
- spring security的使用
- 使用Spring的注解方式实现AOP
- 使用Spring的注解方式实现AOP
- 使用Spring的注解方式实现AOP
- spring注解缓存的使用方式
- Spring使用注解的方式实现AOP
- 使用Spring的注解方式实现AOP
- 使用Spring的注解方式实现AOP
- 使用Spring的注解方式实现AOP
- 使用Spring的注解方式实现AOP
- 注解方式使用spring aop的步骤
- spring使用注解方式的初始化流程
- 使用Spring的注解方式实现AOP
- java中通过IO流实现文件的复制
- OpenGL ES(Android)的学习路径(概念)
- 让C# Excel导入导出,支持不同版本的Office
- mybatis实现读取树结构数据
- JavaScript
- 使用java 编程的注解的方式定制spring security
- HDU 1166 敌兵布阵 线段树
- MyEclipse+Tomcat+MAVEN+SVN项目完整环境搭建
- 利用ToolBar和Drawerlayout实现简单的侧滑菜单
- 抽象
- Glide深入浅出(二)——源码解析
- xcode打包不生成ipa文件而生成文件夹 及 app文件转成ipa
- 鸡仔单片机成长记----------------浅谈51堆栈操作
- HttpURLConnection连接服务器失败解决办法