Spring Security 处理不同类型的请求
1. 流程分析
2. 系统配置封装
- 配置自定义登录页地址
tdt:
security:
browser:
loginPage: /demo-signIn.html
SecurityCoreConfig
import com.tdt.security.properties.SecurityProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;
/**
* @Project: tdt-security
* @ClassName: SecurityCoreConfig
* @Author: Mr.superbeyone
* @Time: 2018-11-30 23:13
* @Description: Security核心模块配置,让SecurityProperties配置类生效
**/
@Configuration
@EnableConfigurationProperties(SecurityProperties.class)
public class SecurityCoreConfig {
}
SecurityProperties
import org.springframework.boot.context.properties.ConfigurationProperties;
/**
* @Project: tdt-security
* @ClassName: SecurityProperties
* @Author: Mr.superbeyone
* @Time: 2018-11-30 23:05
* @Description: 自定义配置项
**/
@ConfigurationProperties("tdt.security")
public class SecurityProperties {
private BrowserProperties browser = new BrowserProperties();
public BrowserProperties getBrowser() {
return browser;
}
public void setBrowser(BrowserProperties browser) {
this.browser = browser;
}
}
BrowserProperties
/**
* @Project: tdt-security
* @ClassName: BrowserProperties
* @Author: Mr.superbeyone
* @Time: 2018-11-30 23:07
* @Description: 自定义浏览器配置项
**/
public class BrowserProperties {
private String loginPage = "/tdt-signIn.html";
public String getLoginPage() {
return loginPage;
}
public void setLoginPage(String loginPage) {
this.loginPage = loginPage;
}
}
BrowserSecurityConfig
import com.tdt.security.properties.SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* @Project: tdt-security
* @ClassName: BrowserSecurityConfig
* @Description: 浏览器配置类
* @Author: Mr.superbeyone
* @Create: 2018-11-28 16:44
**/
@Configuration
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
SecurityProperties securityProperties;
@Bean
public PasswordEncoder BCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin() //想用默认的HttpBasic登录使用 http.httpBasic()
.loginPage("/authentication/require")
.loginProcessingUrl("/authentication/form")
.and()
.authorizeRequests()//下面的配置都是授权配置
.antMatchers("/authentication/require",
securityProperties.getBrowser().getLoginPage())
.permitAll()
.anyRequest()//任何请求
.authenticated()//都需要身份认证
.and()
.csrf().disable();//关闭跨站请求防护
}
}
BrowserSecurityController
import com.tdt.security.browser.support.SimpleResponse;
import com.tdt.security.properties.SecurityProperties;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @Project: tdt-security
* @ClassName: BrowserSecurityController
* @Author: Mr.superbeyone
* @Time: 2018-11-30 22:35
* @Description: BrowserSecurityController
**/
@RestController
public class BrowserSecurityController {
private Logger logger = LoggerFactory.getLogger(getClass());
//缓存请求
private RequestCache requestCache = new HttpSessionRequestCache();
//Sprig 跳转工具类
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Autowired
SecurityProperties securityProperties;
/**
* 当需要身份认证时,跳转到这里
*
* @param request
* @param response
* @return
*/
@RequestMapping("/authentication/require")
@ResponseStatus(code = HttpStatus.UNAUTHORIZED) //401 未授权
public SimpleResponse requireAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException {
SavedRequest savedRequest = requestCache.getRequest(request, response);
if (savedRequest != null) {
String targetUrl = savedRequest.getRedirectUrl();
logger.debug("引发跳转的请求是:\t{}", targetUrl);
if (StringUtils.endsWithIgnoreCase(targetUrl, ".html")) {
redirectStrategy.sendRedirect(request, response, securityProperties.getBrowser().getLoginPage());
}
}
return new SimpleResponse("访问服务需要身份认证,请引导用户到登录页面");
}
}
SimpleResponse
/**
* @Project: tdt-security
* @ClassName: SimpleResponse
* @Author: Mr.superbeyone
* @Time: 2018-11-30 22:53
* @Description: 返回结果简单包装
**/
public class SimpleResponse {
public SimpleResponse(Object content) {
this.content = content;
}
private Object content;
public Object getContent() {
return content;
}
public void setContent(Object content) {
this.content = content;
}
}
- 配置自定义登录页地址
tdt:
security:
browser:
loginPage: /demo-signIn.html
访问:localhost:8080/index.html 跳转
- 不配置自定义登录页地址
访问: localhost:8080/index.html 跳转