spring security 认证通过后跳转原始路径

最新推荐文章于 2022-11-22 18:00:50 发布

o_瓜田李下_o

最新推荐文章于 2022-11-22 18:00:50 发布

阅读量2.1k

点赞数

分类专栏： spring security

本文链接：https://blog.csdn.net/weixin_43931625/article/details/106527759

版权

spring security 专栏收录该内容

28 篇文章 6 订阅

订阅专栏

spring security 认证通过后跳转原始路径

默认情况下，通过认证后会自动跳转到原始访问路径，也可通过设置跳转到原始访问路径

***********************

相关类及接口

RequestCache

public interface RequestCache {
    void saveRequest(HttpServletRequest var1, HttpServletResponse var2);

    SavedRequest getRequest(HttpServletRequest var1, HttpServletResponse var2);

    HttpServletRequest getMatchingRequest(HttpServletRequest var1, HttpServletResponse var2);

    void removeRequest(HttpServletRequest var1, HttpServletResponse var2);
}

HttpSessionRquestCache

public class HttpSessionRequestCache implements RequestCache {
    static final String SAVED_REQUEST = "SPRING_SECURITY_SAVED_REQUEST";
    protected final Log logger = LogFactory.getLog(this.getClass());
    private PortResolver portResolver = new PortResolverImpl();
    private boolean createSessionAllowed = true;
    private RequestMatcher requestMatcher;
    private String sessionAttrName;

    public HttpSessionRequestCache() {
        this.requestMatcher = AnyRequestMatcher.INSTANCE;
        this.sessionAttrName = "SPRING_SECURITY_SAVED_REQUEST";
    }

    public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
        if (this.requestMatcher.matches(request)) {
            DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, this.portResolver);
            if (this.createSessionAllowed || request.getSession(false) != null) {
                request.getSession().setAttribute(this.sessionAttrName, savedRequest);
                this.logger.debug("DefaultSavedRequest added to Session: " + savedRequest);
            }
        } else {
            this.logger.debug("Request not saved as configured RequestMatcher did not match");
        }

    }

    public SavedRequest getRequest(HttpServletRequest currentRequest, HttpServletResponse response) {
        HttpSession session = currentRequest.getSession(false);
        return session != null ? (SavedRequest)session.getAttribute(this.sessionAttrName) : null;
    }

    public void removeRequest(HttpServletRequest currentRequest, HttpServletResponse response) {
        HttpSession session = currentRequest.getSession(false);
        if (session != null) {
            this.logger.debug("Removing DefaultSavedRequest from session if present");
            session.removeAttribute(this.sessionAttrName);
        }

    }

    public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
        SavedRequest saved = this.getRequest(request, response);
        if (!this.matchesSavedRequest(request, saved)) {
            this.logger.debug("saved request doesn't match");
            return null;
        } else {
            this.removeRequest(request, response);
            return new SavedRequestAwareWrapper(saved, request);
        }
    }

    private boolean matchesSavedRequest(HttpServletRequest request, SavedRequest savedRequest) {
        if (savedRequest == null) {
            return false;
        } else if (savedRequest instanceof DefaultSavedRequest) {
            DefaultSavedRequest defaultSavedRequest = (DefaultSavedRequest)savedRequest;
            return defaultSavedRequest.doesRequestMatch(request, this.portResolver);
        } else {
            String currentUrl = UrlUtils.buildFullRequestUrl(request);
            return savedRequest.getRedirectUrl().equals(currentUrl);
        }
    }

    public void setRequestMatcher(RequestMatcher requestMatcher) {
    public void setCreateSessionAllowed(boolean createSessionAllowed) {


    public void setPortResolver(PortResolver portResolver) {
    public void setSessionAttrName(String sessionAttrName) {

SavedRequest

public interface SavedRequest extends Serializable {
    String getRedirectUrl();

    List<Cookie> getCookies();

    String getMethod();

    List<String> getHeaderValues(String var1);

    Collection<String> getHeaderNames();

    List<Locale> getLocales();

    String[] getParameterValues(String var1);

    Map<String, String[]> getParameterMap();
}

***********************

示例

*****************

service 层

CustomUserDetailsService

@Service
public class CustomUserDetailsService implements UserDetailsService {

    @Resource
    private PasswordEncoder passwordEncoder;

    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        String username="gtlx";
        String password=passwordEncoder.encode("123456");

        List<GrantedAuthority> authorities=new ArrayList<>();
        authorities.add(new SimpleGrantedAuthority("ROLE_USER"));

        return new User(username,password,authorities);
    }
}

*****************

config 层

WebConfig

@Configuration
public class WebConfig implements WebMvcConfigurer {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/login/form").setViewName("login");
    }
}

WebSecurityConfig

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin().loginPage("/login/form").loginProcessingUrl("/login")
                .successHandler((httpServletRequest, httpServletResponse, authentication) -> {
                    httpServletResponse.setContentType("application/json;charset=utf=8");

                    RequestCache requestCache=new HttpSessionRequestCache();
                    SavedRequest savedRequest=requestCache.getRequest(httpServletRequest,httpServletResponse);

                    String redirectUrl=savedRequest.getRedirectUrl();
                    System.out.println("初始访问路径："+redirectUrl);

                    httpServletResponse.sendRedirect(redirectUrl);
                });

        http.authorizeRequests()
                .antMatchers("/hello").hasAuthority("ROLE_USER")
                .antMatchers("/**").permitAll();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService)
                .passwordEncoder(initPasswordEncoder());
    }

    @Bean
    public PasswordEncoder initPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }
}

*****************

controller 层

HelloController

@RestController
public class HelloController {

    @RequestMapping("/hello")
    public String hello(Principal principal){
        return "hello "+principal.getName();
    }
}

*****************

前端页面

login.html

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml"
      xmlns:th="http://www.thymeleaf.org" xmlns:sec="https://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<form th:action="@{/login}" method="post" th:align="center">
    用户名：<input type="text" name="username"><br>
    密码 ：<input type="text" name="password"><br>
    <button>提交</button>
</form>
</body>
</html>

***********************

使用测试

localhost:8080/hello，认证通过后，控制台输出

2020-06-03 18:53:43.364  INFO 5424 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2020-06-03 18:53:43.364  INFO 5424 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2020-06-03 18:53:43.368  INFO 5424 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 4 ms
初始访问路径：http://localhost:8080/hello

o_瓜田李下_o

关注

0
点赞
踩
5

收藏

觉得还不错? 一键收藏
0
评论
spring security 认证通过后跳转原始路径

springsecurity认证通过后跳转原始路径默认情况下，通过认证后会自动跳转到原始访问路径，也可通过设置跳转到原始访问路径***********************示例...
复制链接

扫一扫