概述
实现账号用户名+微信网页授权登录集成在Spring Security的思路
前情提要
本思路完全抛弃Spring Security的配置式账号密码登录模式,采用完全独立的Filter、Provider、Details Service、Handler来分别配置方式。避免奇奇怪怪的坑爹问题发生。
PS:本文仅提供实现思路和配置方式,具体实现代码请自行处理,谢谢。
PS:本文谢绝转载。
——————————————————————————————————————————
Spring Security Config 配置方式
Spring Security Config AuthenticationManagerBuilder 配置:
@Override
protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
/**
* Normal Login Provider Config
*/
authenticationManagerBuilder
.authenticationProvider(smDaoAuthenticationProvider())
.userDetailsService(smUserDetailsService)
.passwordEncoder(new BCryptPasswordEncoder());
/**
* Weixin Login Provider Config
*/
authenticationManagerBuilder
.authenticationProvider(wxAuthenticationProvider())
.userDetailsService(wxUserDetailsService);
}
Spring Security Config Filter配置:
/**
* Register Security Auth Manager
*
* @return
* @throws Exception
*/
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
/**
* Normal Login Filter Config
*
* @return
*/
@Bean
public SmAuthenticationProcessingFilter smAuthenticationProcessingFilter() {
SmAuthenticationProcessingFilter filter = new SmAuthenticationProcessingFilter();
filter.setAuthenticationManager(authenticationManager);
filter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
filter.setAuthenticationFailureHandler(authenticationFailureHandler);
return filter;
}
/**
* WeixinLogin Filter Config
*
* @return
*/
@Bean
public WxAuthenticationProcessingFilter wxAuthenticationProcessingFilter() {
WxAuthenticationProcessingFilter filter = new WxAuthenticationProcessingFilter();
filter.setAuthenticationManager(authenticationManager);
filter.setAuthenticationFailureHandler(wxAuthenticationFailureHandler);
return filter;
}
Spring Security Http Config 配置
无需配置.login()等一系列地址参数,Filter中只需要定义好拦截的地址,在这里开放这些地址就可以了!
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.csrf()
.disable()
.logout()
.logoutUrl("/api/system/login/loginOut")
.logoutSuccessHandler(logoutSuccessHandler)
.permitAll()
.and()
.headers()
.frameOptions()
.disable()
.and()
.authorizeRequests()
.requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
.antMatchers("/api/system/login/doLogin").permitAll()
.antMatchers("/api/wx/doLogin").permitAll()
http.authorizeRequests().antMatchers("/api/**").authenticated();
自定义Filter拦截地址定义
账户名密码登录Filter:
public class SmAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
public SmAuthenticationProcessingFilter() {
super(new AntPathRequestMatcher("/api/system/login/doLogin", "POST"));
}
实现代码若干....
}
微信登录Filter:
public class WxAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
public WxAuthenticationProcessingFilter() {
super(new AntPathRequestMatcher("/api/wx/doLogin", "GET"));
}
实现代码若干....
}