1.配置文件书写当已html结尾跳转的页面
imok: security: browser: loginPage: /demologin.html
2.书写跳转逻辑代码
package com.imoke.web.controller; import com.imoke.security.SecurityProperties.SecurityProperties; import com.imoke.web.support.SimpleResponse; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.PropertySource; import org.springframework.http.HttpStatus; import org.springframework.security.web.DefaultRedirectStrategy; import org.springframework.security.web.RedirectStrategy; import org.springframework.security.web.savedrequest.HttpSessionRequestCache; import org.springframework.security.web.savedrequest.RequestCache; import org.springframework.security.web.savedrequest.SavedRequest; import org.springframework.web.bind.annotation.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @RestController @Slf4j public class BrowserSecurityController { //请求缓存拿html private RequestCache requestCache = new HttpSessionRequestCache(); private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); @Autowired private SecurityProperties securityProperties; @RequestMapping("/users") @ResponseStatus(HttpStatus.UNAUTHORIZED) public SimpleResponse requirAutenticat(HttpServletResponse response, HttpServletRequest request) throws IOException { SavedRequest savedRequest = requestCache.getRequest(request,response); if(savedRequest!=null){ System.out.println("save is"+savedRequest.getCookies()); String targetUrl = savedRequest.getRedirectUrl(); log.info("引发跳转的请求是"+targetUrl); if(StringUtils.endsWithIgnoreCase(targetUrl,".html")){ redirectStrategy.sendRedirect(request,response,securityProperties.browser.getLoginPage()); } } return new SimpleResponse("访问的服务需要生认证,请引导用户到登录页"); } @GetMapping("/message") public String getMessage(){ String x =securityProperties.browser.getLoginPage(); System.out.println("x is" +x); return x; } }
3.配置数据源实体类
package com.imoke.security.SecurityProperties.SecurityCoreConfig; import com.imoke.security.SecurityProperties.SecurityProperties; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Configuration; import org.springframework.web.bind.annotation.ControllerAdvice; @Configuration @EnableConfigurationProperties(SecurityProperties.class) public class SecurityCoreConfig { }
package com.imoke.security.SecurityProperties; import jdk.nashorn.internal.objects.annotations.Getter; import jdk.nashorn.internal.objects.annotations.Setter; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.PropertySource; import org.springframework.stereotype.Component; @ConfigurationProperties(prefix = "imok.security") public class SecurityProperties { public BrowserProperties browser = new BrowserProperties(); public BrowserProperties getBrowser() { return browser; } public void setBrowser(BrowserProperties browser) { this.browser = browser; } }
package com.imoke.security.SecurityProperties; public class BrowserProperties { private String loginPage ="/login.html"; public String getLoginPage() { return loginPage; } public void setLoginPage(String loginPage) { this.loginPage = loginPage; }
package com.imoke.web.Config; import com.imoke.security.SecurityProperties.SecurityProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; /** * @author liwenjie * @date 2019-06-19 16:58 * @mail wenjieli@newbanker.cn */ @Configuration public class brwoserConfig extends WebSecurityConfigurerAdapter { @Autowired private SecurityProperties securityProperties; @Bean public PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin() /* http.httpBasic()*/ .loginPage("/users") .loginProcessingUrl("/users/loginuser") .and() .csrf().disable()//关闭csrf .authorizeRequests() .antMatchers("/users",securityProperties.browser.getLoginPage()).permitAll()//当是这个页面是不需要身份认证 //授权认证 .anyRequest()//任何请求 .authenticated();//都需要安全认证 /*username-parameter:表示登录时用户名使用的是哪个参数,默认是“j_username”。 password-parameter:表示登录时密码使用的是哪个参数,默认是“j_password”。 login-processing-url:表示登录时提交的地址,默认是“/j-spring-security-check”。这个只是Spring Security用来标记登录页面使用的提交地址,真正关于登录这个请求是不需要用户自己处理的 */ } }
}