CustomAuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter

最新推荐文章于 2023-06-04 13:43:16 发布
最新推荐文章于 2023-06-04 13:43:16 发布
阅读量1k 收藏
点赞数
分类专栏: 让别人看的
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u013637569/article/details/50916181
版权


package com.xxxx.security.service.authentication;


import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;


import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.NullRememberMeServices;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


import org.springframework.util.Assert;
import org.springframework.web.context.support.WebApplicationContextUtils;


import com.xxxx.naiu.xxxx.model.UserLockModel;
import com.xxxx.naiu.xxxx.service.UserLockService;
import com.xxxx.naiu.xxxx.util.StUtils;


import com.xxxx.security.model.Account;
import com.xxxx.security.model.Role;
import com.xxxx.security.model.User;
import com.xxxx.security.service.authorization.GrantAuthorityService;
import com.xxxx.security.util.SecurityUtil;




public class CustomAuthenticationProcessingFilter
    //extends AuthenticationProcessingFilter {
extends UsernamePasswordAuthenticationFilter {
private Map<String, UnsuccessfulAuthenticationHandler> failureHandlerMap = new HashMap();


 private List<UnsuccessfulAuthenticationHandler> unsuccessfulAuthenticationHandlers = Collections.emptyList();

    public Map<String, UnsuccessfulAuthenticationHandler> getFailureHandlerMap() {
return failureHandlerMap;
}
public void setFailureHandlerMap(
Map<String, UnsuccessfulAuthenticationHandler> failureHandlerMap) {
this.failureHandlerMap = failureHandlerMap;
}
public List<UnsuccessfulAuthenticationHandler> getUnsuccessfulAuthenticationHandlers() {
return unsuccessfulAuthenticationHandlers;
}
public void setUnsuccessfulAuthenticationHandlers(
List<UnsuccessfulAuthenticationHandler> unsuccessfulAuthenticationHandlers) {
this.unsuccessfulAuthenticationHandlers = unsuccessfulAuthenticationHandlers;
}
private boolean useDefaultRoleMerge = false;
    private ThreadLocal<Account> currentThreadAccount = new ThreadLocal<Account>();
    private GrantAuthorityService grantAuthorityService;
    private String grantProcessesUrl;
    


    private boolean continueChainBeforeSuccessfulAuthentication = false;


    private RememberMeServices rememberMeServices = new NullRememberMeServices();
    private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
    private String defaultTargetUrl;
    private String alwaysUseDefaultTargetUrl;
    private String authenticationFailureUrl;
    private String defaultFailureUrl;
 
public String getDefaultFailureUrl() {
return defaultFailureUrl;
}
public void setDefaultFailureUrl(String defaultFailureUrl) {
this.defaultFailureUrl = defaultFailureUrl;
}
public ThreadLocal<Account> getCurrentThreadAccount() {
return currentThreadAccount;
}
public void setCurrentThreadAccount(ThreadLocal<Account> currentThreadAccount) {
this.currentThreadAccount = currentThreadAccount;
}
public RememberMeServices getRememberMeServices() {
return rememberMeServices;
}
public void setRememberMeServices(RememberMeServices rememberMeServices) {
this.rememberMeServices = rememberMeServices;
}
public AuthenticationFailureHandler getFailureHandler() {
return failureHandler;
}
public void setFailureHandler(AuthenticationFailureHandler failureHandler) {
this.failureHandler = failureHandler;
}
public String getDefaultTargetUrl() {
return defaultTargetUrl;
}
public void setDefaultTargetUrl(String defaultTargetUrl) {
this.defaultTargetUrl = defaultTargetUrl;
}
public String getAuthenticationFailureUrl() {
return authenticationFailureUrl;
}
public void setAuthenticationFailureUrl(String authenticationFailureUrl) {
this.authenticationFailureUrl = authenticationFailureUrl;
}
public GrantAuthorityService getGrantAuthorityService() {
return grantAuthorityService;
}
@Autowired
    private UserLockService userLockService;
    /** CAFCOMPKEY-e36780bd-cb3c-4bb6-9772-60dce44aadea */
   // public Authentication attemptAuthentication(HttpServletRequest request)
    public Authentication attemptAuthentication(HttpServletRequest request,HttpServletResponse response)
        throws AuthenticationException {
        String username = null;
        String password = null;
        Map<String, AccountDetailsService> map = WebApplicationContextUtils.getWebApplicationContext(request.getSession()
                                                                                                            .getServletContext())
                                                                           .getBeansOfType(AccountDetailsService.class);
        Assert.notEmpty(map, "A AccountDetailsService must be exist");
        Account account = null;
        AccountAuthenticationException lastException = null;
        Iterator<String> iter = map.keySet().iterator();
        while (iter.hasNext()) {
            String key = iter.next();
            AccountDetailsService service = map.get(key);
          try {
                account = service.obtainAccount(request);
            } catch (AccountAuthenticationException e) {
                lastException = e;
            }
            if (account != null) {
                break;
            }
        }
        if (account == null) {
            throw lastException;
        }
        currentThreadAccount.set(account);
        username = account.getName();
        password = account.getPassword();


        if (username == null) {
            username = "";
        }
        if (password == null) {
            password = "";
        }
        username = username.trim();
        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
                password);
        setDetails(request, authRequest);
        return getAuthenticationManager().authenticate(authRequest);
    }
    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
    throws IOException, ServletException
  {
    HttpServletRequest request = (HttpServletRequest)req;
    HttpServletResponse response = (HttpServletResponse)res;
    if (!requiresAuthentication(request, response)) {
      chain.doFilter(request, response);
      return;
    }
    
    
    String uri = request.getRequestURI();
    int pathParamIndex = uri.indexOf(';');


    if (pathParamIndex > 0) {
        // strip everything after the first semi-colon
        uri = uri.substring(0, pathParamIndex);
    }


    if (uri.endsWith(request.getContextPath() + getGrantProcessesUrl())) {
        User user = SecurityUtil.getCurrentUser();
        String roleId = request.getParameter("roleId");
        if (roleId == null) {
            Set<Role> roles = user.getRoles();
            grantAuthorityService.grantAuthority(roles);
        } else {
            Role currentRole = null;
            Set<Role> roles = user.getRoles();
            for (Role role : roles) {
                if (roleId.equals(role.getId().toString())) {
                    currentRole = role;
                    user.setCurrentRole(currentRole);
                    break;
                }
            }
            grantAuthorityService.grantAuthority(Collections.singletonList(currentRole));
        }
     


            return;
    }
    super.doFilter(request, response, chain);
    
 }
 //20160201
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
    throws IOException, ServletException
  { 
    SecurityContextHolder.getContext().setAuthentication(authResult);
        User user = (User) authResult.getPrincipal();        
        //登录成功后首先将登录错误次数归0
          UserLockModel userLockModel=new UserLockModel();
          userLockModel.setUsername(user.getUsername());
      userLockService.updateUserLock(userLockModel,"suc");           
          
          Map<String, Object> cachedProperties = user.getCachedProperties();
          Account account = currentThreadAccount.get();
          Map<String, Object> otherProperties = account.getOtherProperties();


          for (Iterator<String> iterator = otherProperties.keySet().iterator();
                  iterator.hasNext();) {
              String str = iterator.next();
              cachedProperties.put(str, otherProperties.get(str));
          }
          if (this.useDefaultRoleMerge) {
              Set<Role> roles = user.getRoles();
              grantAuthorityService.grantAuthority(roles);
          } else {
              Set<Role> roles = user.getRoles();


              if (roles.size() > 0) {
                  grantAuthorityService.grantAuthority(roles);
              }else{
              try {
 
  } catch (Exception e) {
  throw new AccountAuthenticationException("error");
  }
              }
          }
          String contextPath = request.getContextPath();
          response.sendRedirect(contextPath + this.defaultTargetUrl);


  }


    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
    throws IOException, ServletException
  {
    SecurityContextHolder.clearContext();
    if (this.logger.isDebugEnabled()) {
      this.logger.debug("Authentication request failed: " + failed.toString());
      this.logger.debug("Updated SecurityContextHolder to contain null Authentication");
      this.logger.debug("Delegating to authentication failure handler " + this.failureHandler);
    }




    Object obj=(Object)failed.getExtraInformation();
    User user=(User)obj;
    if(StUtils.isNnull(user)){
    if(!user.isRoot()){      


    //登录失败,错误次数+1并更新当前时间
    UserLockModel userLockModel=new UserLockModel();
    userLockModel.setUsername(user.getUsername());
userLockService.updateUserLock(userLockModel,"fail");  
    }
    }
    
    String exceptionClassName = failed.getClass().getName();
    this.logger.warn(" # [" + exceptionClassName + "] happend.");


    UnsuccessfulAuthenticationHandler handler = null;
    if (this.failureHandlerMap.containsKey(exceptionClassName)) {
      handler = (UnsuccessfulAuthenticationHandler)this.failureHandlerMap.get(exceptionClassName);
    }
    else {
      for (UnsuccessfulAuthenticationHandler h : this.unsuccessfulAuthenticationHandlers) {
        if (exceptionClassName.equals(h.getHandleableExceptioName())) {
          handler = h;
          this.failureHandlerMap.put(exceptionClassName, h);
          break;
        }
      }
    }
    if (handler == null) {
        this.logger.warn(" # default handler.");
        SecurityContextHolder.clearContext();
        String contextPath = request.getContextPath();
        response.sendRedirect(contextPath + "/security/login.jsp");
      }
      else {
        try {
          handler.handlerAuthenticationException(request, response, failed);
          SecurityContextHolder.clearContext();
        }
        catch (Exception e) {
          this.logger.error(" # exception happened, when [" + handler.getClass().getName() + "] handlerAuthenticationException.", e);
          SecurityContextHolder.clearContext();
          String contextPath = request.getContextPath();
          response.sendRedirect(contextPath + "/security/login.jsp");
        }
      }
  
  }  
    
    
    
    
    
    
    
    /**
     * XXX DOCUMENT ME!
     *
     * @return XXX DOCUMENT ME!
     */
    public String getGrantProcessesUrl() {
        return grantProcessesUrl;
    }


    /**
     * XXX DOCUMENT ME!
     *
     * @param grantProcessesUrl XXX DOCUMENT ME!
     */
    public void setGrantProcessesUrl(String grantProcessesUrl) {
        this.grantProcessesUrl = grantProcessesUrl;
    }
   
   
    /**
     * XXX DOCUMENT ME!
     *
     * @return XXX DOCUMENT ME!
     */
    public boolean isUseDefaultRoleMerge() {
        return useDefaultRoleMerge;
    }


    /**
     * XXX DOCUMENT ME!
     *
     * @param useDefaultRoleMerge XXX DOCUMENT ME!
     */
    public void setUseDefaultRoleMerge(boolean useDefaultRoleMerge) {
        this.useDefaultRoleMerge = useDefaultRoleMerge;
    }
public UserLockService getUserLockService() {
return userLockService;
}
public void setUserLockService(UserLockService userLockService) {
this.userLockService = userLockService;
}
    /**
     * XXX DOCUMENT ME!
     *
     * @param grantAuthorityService XXX DOCUMENT ME!
     */
    public void setGrantAuthorityService(
        GrantAuthorityService grantAuthorityService) {
        this.grantAuthorityService = grantAuthorityService;
    }
    public String getAlwaysUseDefaultTargetUrl() {
return alwaysUseDefaultTargetUrl;
}
public void setAlwaysUseDefaultTargetUrl(String alwaysUseDefaultTargetUrl) {
this.alwaysUseDefaultTargetUrl = alwaysUseDefaultTargetUrl;
}


public boolean isContinueChainBeforeSuccessfulAuthentication() {
return continueChainBeforeSuccessfulAuthentication;
}
public void setContinueChainBeforeSuccessfulAuthentication(
boolean continueChainBeforeSuccessfulAuthentication) {
this.continueChainBeforeSuccessfulAuthentication = continueChainBeforeSuccessfulAuthentication;
}


}
在外的少年
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Java继承extends与super关键字详解
08-27
本篇文章给大家详细讲述了Java继承extends与super关键字的相关知识点,需要的朋友们可以参考学习下。
SpringSecurity系列 - 11 前后端分离表单认证:自定义过滤器替换 UsernamePasswordAuthenticationFilter
你今天真好看呀
09-16 2496
SpringSecurity系列一:10 传统Web项目表单认证: UsernamePasswordAuthenticationFilter 过滤器在前后端分离的项目中,前端会以 json 格式来传递参数,这就需要我们自定义登录过滤器链来实现。
Spring Security 在登录时如何添加图形验证码
BASK2312的博客
11-14 1110
这里继承的过滤器为,并重写方法。用户登录的用户名/密码是在类中处理,那我们就继承这个类,增加对验证码的处理。、,不过处理起来会比继承麻烦一点。@Override// 需要是 POST 请求if (!}// 获得请求验证码值// 获得 session 中的 验证码值throw new AuthenticationServiceException("验证码不能为空!");}
【深入浅出Spring Security(五)】自定义过滤器进行前后端登录认证
qq_63691275的博客
06-04 3700
自定义登录认证可以去继承 UsernamePasswordAuthenticationFilter 过滤器重写 attemptAuthentication 方法进行自定义,然后再在自定义的 SecurityConfig 配置类里面去将它配置到 Spring 容器中,注意实例化它后一定要给它内部属性 AuthenticationManager 进行初始化赋值,不然交给Spring容器管理的时候会报错;最后添加到过滤器链中。
UsernamePasswordAuthenticationFilter
m0_57560984的博客
09-03 4239
我们前面介绍的账户密码都是指定在我们的xml配置文件中,我们最终还是需要实现和数据库中的数据比较,那么我们就需要自定义认证逻辑的实现。 我们还是一样先进行源码分析,系统认证是通过UsernamePasswordAuthenticationFilter过滤器实现的。 表单提交参数 public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter { //...
学习SpringSecurity的日常生活(三)——前后台分离登录
dongbeihuxiao的博客
04-11 2068
提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档 文章目录前言一、pandas是什么?二、使用步骤1.引入库2.读入数据总结 前言 提示:这里可以添加本文要记录的大概内容: 例如:随着人工智能的不断发展,机器学习这门技术也越来越重要,很多人都开启了学习机器学习,本文就介绍了机器学习的基础内容。 提示:以下是本篇文章正文内容,下面案例可供参考 一、pandas是什么? 示例:pandas 是基于NumPy 的一种工具,该工具是为了解决数据分析任务而创建的。 二、使用步骤 1.引入库 代.
PHP类继承 extends使用介绍
10-26
我们在文章中为大家详细介绍了有关PHP类继承 extends的实现方法,希望对于新手来说能够提升他们在PHP语言编程中的能力
详解vue mixins和extends的巧妙用法
08-28
vue提供了mixins、extends配置项,最近使用中发现很好用。下面小编通过本文给大家介绍下vue中 mixins和extends的巧妙用法,需要的朋友参考下吧
Java泛型extends及super区别实例解析
08-18
主要介绍了Java泛型extends及super区别实例解析,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
Vue Extends 扩展选项用法完整实例
10-16
主要介绍了Vue Extends 扩展选项用法,结合完整实例形式分析了Vue Extends 扩展选项相关使用技巧与操作注意事项,需要的朋友可以参考下
前后分离项目整合spring security,自定义登录验证接口,并解决maximumSessions(1)不生效的问题
Johnson_7的博客
09-19 4247
前后分离项目整合spring security,自定义登录验证接口,并解决maximumSessions(1)不生效的问题
spring security 登录修改认证提示
liliYoung_的博客
09-17 632
源码简单解析,白嫖的同学直接复制最后。 登录认证继承: extends UsernamePasswordAuthenticationFilter 进入到UsernamePasswordAuthenticationFilter内部结构中看到 默认的登录地址、登录参数等信息。 继承之后可以重写父类方法,及属性。本类中并没有看到登录认证的提示信息,这不是标题的关键部分,继续向上查看父类[AbstractAuthenticationProcessingFilter]源码。 进入到Abstr...
SpringSecurity源码理解及使用(二)
m0_52889702的博客
10-22 495
springSecurity添加验证码验证码的生成传统web开发前后端分离开发密码加密密码校验流程默认密码加密方式为什么默认是 DelegatingPasswordEncoder指定密码加密方式密码自动迭代更新RememberMe使用方式记住我流程登录认证时 勾选 记住我 流程默认方式一:记住我流程cookie值的构成免密登录流程默认方式的安全问题方式二:内存令牌的使用方式记住我流程cookie值的构成免密登录流程存取过程方式二的安全问题传统web开发记住我前后端分离开发记住我
SpringSecurity过滤器UsernamePasswordAuthenticationFilter
clyu的博客
01-01 4467
简介 UsernamePasswordAuthenticationFilter是AbstractAuthenticationProcessingFilter针对使用用户名和密码进行身份认证而定制化的一个过滤器。其添加是在调用http.formLogin()时作用,默认的登录请求pattern为"/login",并且为POST请求。当我们登录的时候,也就是匹配到loginProcessingUrl,这个过滤器就会委托认证管理器authenticationManager来验证登录 登陆流程入口是Abstrac
Spring Security 登录密码验证过程(UsernamePasswordAuthenticationFilter
热门推荐
Qurite的博客
03-20 2万+
Spring-Security主要是一个由一堆Filter组成的过滤器链,每个Filter做自己的事情。今天我跟一下登录的密码认证过程,主要是UsernamePasswordAuthenticationFilter这个类 1.web.xml中配置security <filter> <filter-name>springSecurityFilterChain...
OAuth2AuthenticationProcessingFilter资源认证服务器过滤器
qq_39256196的博客
04-22 921
方法:org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor#extractHeaderToken。经过:org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor#extract。验证当前登录用户的scope属性是否符合所请求的资源所需的权限要求,如果不满足,抛出。图1的第二步,进入断点。
SpringSecurity(三)- SpringSecurity 原理
及时当勉励,岁月不待人
09-25 560
SpringSecurity(三)- SpringSecurity 原理
覆盖UsernamePasswordAuthenticationFilter
最新发布
08-11
public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter { @Override public Authentication attemptAuthentication(HttpServletRequest request, ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值