WebMvcConfig

最新推荐文章于 2024-01-02 20:43:04 发布
最新推荐文章于 2024-01-02 20:43:04 发布
阅读量1.4k 收藏 1
点赞数
分类专栏: spring
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xiaokanfuchen86/article/details/108872127
版权 
WebMvcConfig.java

import java.util.Arrays;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;

import com.liu.security.GdprFilter;
import com.liu.security.Http401AuthenticationFailureHandler;
import com.liu.security.MssAuthenticationFilter;
import com.liu.security.MssAuthenticationProvider;
import com.liu.security.MssUserDetailsService;
import com.liu.security.SimpleTextAuthenticationSuccessHandler;

@Configuration
@EnableWebSecurity
@Import(SecurityProblemSupport.class)
public class WebMvcConfig  extends WebSecurityConfigurerAdapter {
		
		private static final String LOGIN_PAGE_URL="/login";
		
		private static final String GDC_TASK_API_URI="/api/v3/gdc/task";
		
		
		private final MssUserDetailsService mssUserDetailsService; 
		private final SecurityProblemSupport problemSupport;
		
		public WebMvcConfig(
				MssUserDetailsService mssUserDetailsService,
				SecurityProblemSupport problemSupport) {
			this.mssUserDetailsService = mssUserDetailsService;
			this.problemSupport = problemSupport;
		}
		
		
		@Bean
		@Override
		public AuthenticationManager authenticationManagerBean() throws Exception{
				return super.authenticationManagerBean();
		}
		
		
		@Bean
		SessionAuthenticationStrategy sessionAuthenticationStrategy() {
				ConcurrentSessionControlAuthenticationStrategy  concurrentSessionControlAuthenticationStrategy
					= new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry());
				concurrentSessionControlAuthenticationStrategy.setExceptionIfMaximumExceeded(false);
				concurrentSessionControlAuthenticationStrategy.setMaximumSessions(1);
				return new CompositeSessionAuthenticationStrategy(Arrays.asList(
						concurrentSessionControlAuthenticationStrategy,
						new RegisterSessionAuthenticationStrategy(sessionRegistry())
						));
		}
		
		@Bean
		MssAuthenticationFilter mssAuthenticationFilter() throws Exception{
			MssAuthenticationFilter filter = new MssAuthenticationFilter("/api/v1/login","id","password");
			filter.setAuthenticationManager(authenticationManagerBean());
			filter.setAuthenticationSuccessHandler(simpleTextAuthenticationSuccessHandler());
			filter.setAuthenticationFailureHandler(simpleAuthenticationFailureHandler());
			filter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy());
			return filter;
		}

		@Bean
		GdprFilter gdprFilter() {
				return new GdprFilter();
		}
		
		@Bean
		public AuthenticationSuccessHandler simpleTextAuthenticationSuccessHandler() {
				return new SimpleTextAuthenticationSuccessHandler();
		}
		
		@Bean
		AuthenticationFailureHandler simpleAuthenticationFailureHandler() {
				return new Http401AuthenticationFailureHandler();
		}
		
		@Bean
		public LogoutSuccessHandler simpleLogoutSuccessHandler() {
				return new HttpStatusReturningLogoutSuccessHandler();
		}
		
		@Bean
		public PasswordEncoder passwordEncoder() {
				return new BCryptPasswordEncoder();
		}
		
		@Bean
		public MssAuthenticationProvider mssAuthenticationProvider() {
			return new MssAuthenticationProvider(mssUserDetailsService,passwordEncoder());
		}
		
		@Bean
		public SessionRegistry sessionRegistry() {
				return new SessionRegistryImpl();
		}
		
		@Override
		protected void configure(AuthenticationManagerBuilder auth) throws Exception{
				auth.userDetailsService(mssUserDetailsService)
					.passwordEncoder(passwordEncoder())
					.and().authenticationProvider(mssAuthenticationProvider());
		}
		
		
		@Override
		protected void configure(HttpSecurity http) throws Exception{
				http.csrf()
						.ignoringAntMatchers(GDC_TASK_API_URI)
						.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
					.and()
					.addFilterBefore(mssAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
					.addFilterAfter(gdprFilter(), MssAuthenticationFilter.class)
					.headers()
						.frameOptions().disable()
					.and()
						.authorizeRequests()
							.antMatchers("/").permitAll()
							.antMatchers("/api/v1/login").permitAll()
							.anyRequest().authenticated()
					.and()
						.logout()
							.logoutUrl("/api/v1/logout")
							.logoutSuccessHandler(simpleLogoutSuccessHandler())
							
					.and()
						.exceptionHandling()
							.authenticationEntryPoint(problemSupport)
							.accessDeniedHandler(problemSupport)
					.and()
						.sessionManagement()
							.maximumSessions(1)
							.sessionRegistry(sessionRegistry());
		}
}











Authority.java

package com.liu.security;

public enum Authority {

		NONE,
		ALL,
		DIVISION_GROUP,
		DIVISION,
		HEAD,
		TEAM,
}







GdprFilter.java

package com.liu.security;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

public class GdprFilter  implements Filter{
	
	private static final String GDPR_RESOURCE_PATH="user-authority";

	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
		// TODO Auto-generated method stub
		
	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		// TODO Auto-generated method stub
		if(!this.isGdprPath(request)) {
				chain.doFilter(request, response);
				return ;
		}
	}

	@Override
	public void destroy() {
		// TODO Auto-generated method stub
		
	}
	
	
	private boolean isGdprPath(ServletRequest request) {
			if(request instanceof HttpServletRequest) {
					String url = ((HttpServletRequest)request).getRequestURL().toString();
					return url.contains("/"+GDPR_RESOURCE_PATH);
			}
			return false;
	}
	
	private String getIp(ServletRequest request) {
			String ip = ((HttpServletRequest)request).getHeader("X-FORWARDED-FOR");
			if(ip == null) {
					ip = request.getRemoteAddr();
			}
			return ip;
	}
	

}





Http401AuthenticationFailureHandler.java

package com.liu.security;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;

public class Http401AuthenticationFailureHandler implements AuthenticationFailureHandler{

	@Override
	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
			AuthenticationException exception) throws IOException, ServletException {
		// TODO Auto-generated method stub
		response.setStatus(HttpStatus.UNAUTHORIZED.value());
		response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
		PrintWriter writer = response.getWriter();
		
		String detail = "error";
		
		writer.println("{\n"+
				"\"message\":\"error.http.401\"\n"+
				",\"path\":\"/api/v1/account\"\n"+
				",\"detail\":\""+detail+"\"\n"+
				"}");
		writer.flush();
	}

		
}




MssAuthenticationFilter.java

package com.liu.security;

import java.io.IOException;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.http.MediaType;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;

public class MssAuthenticationFilter extends AbstractAuthenticationProcessingFilter{

		private final String usernameParameterName;
		private final String passwordParameterName;
		private final ObjectMapper objectMapper;
		
		public MssAuthenticationFilter(String defaultFilterProcessesUrl,String usernameParameterName,String passwordParameterName) {
				super(defaultFilterProcessesUrl);
				this.usernameParameterName = usernameParameterName;
				this.passwordParameterName = passwordParameterName;
				this.objectMapper = new ObjectMapper();
		}
		
		@Override
		public Authentication attemptAuthentication(HttpServletRequest request,HttpServletResponse response) throws IOException{
				MssAuthenticationToken token = null;
				if(request.getContentType().contains(MediaType.APPLICATION_JSON.toString())) {
						TypeReference<Map<String,String>> typeRef = new TypeReference<Map<String,String>>(){};
						Map<String,String> loginVo = objectMapper.readValue(request.getReader(), typeRef);
						token = new MssAuthenticationToken(
								loginVo.get(usernameParameterName),
								loginVo.get(passwordParameterName)
						);
				}else if(request.getContentType().contains(MediaType.APPLICATION_FORM_URLENCODED_VALUE)) {
						token = new MssAuthenticationToken(
								request.getParameter(usernameParameterName),
								request.getParameter(passwordParameterName)
						);
				}
				return getAuthenticationManager().authenticate(token);
		}
		
}

 

xiaokanfuchen86
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
springboot通过实现WebMvcConfig重写addCorsMappings实现跨域问题
a93770的博客
03-14 798
springboot通过实现WebMvcConfig重写addCorsMappings实现跨域问题
使用WebMvcConfigurer配置SpringMVC
最新发布
weixin_38687619的博客
05-15 1377
配置类是使用Java代码代替传统的xml配置文件,对SpirngMvc进行配置的一种方式,需要创建一个并推荐。
23_webMvcConfig接口
Ricky_Monarch的博客
09-04 279
Springboot配置WebMvcConfig解决Cors非同源访问跨域问题
m0_59588838的博客
11-11 1769
关于Cors跨域的问题,前端有代理和jsonp的常用方式解决这种非同源的访问拒绝策略,什么是同源?请求发送到服务器端时是由我们的MVC进行处理的,而统一调配任务流程的则是我们的请求分发器,注意这里请求到处理器之后回去寻找处理器适配器(符合校验处理的请求才能被允许例如接口含有的合法api,以及跨域原则),之前我们的微信小程序开发过程中是没有考虑跨域问题的,原因是我们知道小程序的请求处理都是由微信后台进行分发处理的,也就是在微信的后台时就做了前端的跨域处理,大概是采用动态代理的方式解决了小程序的跨域。
ssm中的配置类——WebMvcConfig
weixin_42431275的博客
02-10 1421
spring中有一个特殊的类,通常大家都约定命名为WebMvcConfig,在这个类前面加一个注解@Configuration,就可以将其声明为spring容器的一个配置类,我们在其中配置spring的相关配置,其作用相当于在applicationContext.xml中的配置。其实,Web项目在启动的时候,首先web应用服务器,即web容器启动,解析web.xnl文件,然后通过web.xnl的引...
springboot添加WebMvcConfig配置类继承WebMvcConfigurationSupport导致静态资源无法访问
AllenTTTTT的博客
07-30 3702
springboot添加WebMvcConfig配置类继承WebMvcConfigurationSupport导致静态资源无法访问
SpringBoot中WebMvcConfig的常用配置说明
从入门到放弃的博客
01-15 5921
https://blog.csdn.net/zhangpower1993/article/details/89016503
java WebMvcConfig 全局设置时间服务器时区
qq_33240556的博客
12-04 961
WebMvcConfig 全局设置时间服务器时区 @Override public void extendMessageConverters(List<HttpMessageConverter<?>> converters) { MappingJackson2HttpMessageConverter jackson2HttpMessageConverter = ne...
Spring boot - WebMvcConfig 解决跨域,接收自定义请求头参数
qq_20352713的博客
09-11 6032
import com.jyt.vchat.Interceptor.CommonInterceptor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.cor...
Spring Boot中WebMvcConfig配置详解及示例
weixin_61034310的博客
01-02 2098
通过上述配置,Swagger将自动扫描指定包下的所有Controller类,并生成相应的API文档。同时,我们还可以设置API文档的基本信息,如标题、版本号和描述等。在Spring Boot项目中,我们经常需要对Web MVC进行配置,以满足项目的特定需求。在Spring Boot项目中,我们可以通过集成Swagger来自动生成接口文档。通过此类,我们可以重写父类的方法来自定义我们自己的配置。通过上述配置,我们可以根据不同的路径访问不同目录下的静态资源。类进行这些配置,并附上相应的示例代码。
WebMvcConfig.java
04-28
springMVC跨域配置WebMvcConfigurer...................................................................
springboot2.x 全局格式化
04-06
我们将通过分析`JacksonConfig.java`和`WebMvcConfig.java`两个配置类来探讨如何在Spring Boot应用中实现这些功能。 **1. 全局时间格式化** 在Spring Boot中,我们通常使用Jackson库进行JSON序列化和反序列化,...
Javaweb课程设计基于SpringBoot+MyBatis-Plus+Layui开发的一个餐厅网络点餐系统源代码+数据库
09-07
需要在config -> WebMvcConfig中的 设置静态资源映射 将 file:C:/Users/30141/IdeaProjects/canteen/picture/改成当前项目的picture对应的本地路径 需要将controller -> CommonController中的文件上传接口中将 C:\...
spring-webapp-without-xml:Spring MVC 初始化程序示例
06-11
`AppConfig`通常会包含数据源、事务管理器等配置,而`WebMvcConfig`则用于配置Spring MVC的拦截器、视图解析器、转换器和格式化器等。 在Spring MVC的Java配置中,我们可以使用`@EnableWebMvc`注解开启Web MVC的...
基于SpringBoot构建的种子项目+源代码+文档说明
11-29
│ │ │ │ └── WebMvcConfig.java MVC配置 │ │ │ ├── core │ │ │ │ ├── AbstractService.java service实现 │ │ │ │ ├── Mapper.java 通用mapper │ │ │ │ └── Service.java 通用...
Eclipse在调试过程中修改变量值
xiaokanfuchen86的博客
02-27 1021
public class Test6 { public static void main(String[] args) { Map<String,String> map = new HashMap<String,String>(); map.put("name","zhangsan"); map.p...
新浪面试题: 讲述单点登录认证流程
xiaokanfuchen86的博客
03-28 949
一、什么是sso 单点登录(sso),简称sso,是目前比较流行的企业业务整合的解决方案之一。sso是指在多个应用系统中,用户只需登录一次就可以访问所有相互信任的应用系统。 比如有多个子系统, a.com,b.com,c.com ... 要求:用户在任意一个子系统登录成功后,都可以访问其它子系统中受保护的资源。 二、认证流程 1)用户通过浏览器访问子系统A受保护的资源,既a.com/pageA。 2)在子系统A中没有用户session数据,子系统A认为用为未登录,于是子系统A将请求重定向到认证中心sso.c
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值