欧美一级特黄大片做受成人-亚洲成人一区二区电影-激情熟女一区二区三区-日韩专区欧美专区国产专区

springsecurity自定義認(rèn)證登錄的全過(guò)程記錄

spring security使用分類:

成都創(chuàng)新互聯(lián)-專業(yè)網(wǎng)站定制、快速模板網(wǎng)站建設(shè)、高性價(jià)比廣漢網(wǎng)站開(kāi)發(fā)、企業(yè)建站全套包干低至880元,成熟完善的模板庫(kù),直接使用。一站式廣漢網(wǎng)站制作公司更省心,省錢,快速模板網(wǎng)站建設(shè)找我們,業(yè)務(wù)覆蓋廣漢地區(qū)。費(fèi)用合理售后完善,十余年實(shí)體公司更值得信賴。

如何使用spring security,相信百度過(guò)的都知道,總共有四種用法,從簡(jiǎn)到深為:

1、不用數(shù)據(jù)庫(kù),全部數(shù)據(jù)寫(xiě)在配置文件,這個(gè)也是官方文檔里面的demo;

2、使用數(shù)據(jù)庫(kù),根據(jù)spring security默認(rèn)實(shí)現(xiàn)代碼設(shè)計(jì)數(shù)據(jù)庫(kù),也就是說(shuō)數(shù)據(jù)庫(kù)已經(jīng)固定了,這種方法不靈活,而且那個(gè)數(shù)據(jù)庫(kù)設(shè)計(jì)得很簡(jiǎn)陋,實(shí)用性差;

3、spring security和Acegi不同,它不能修改默認(rèn)filter了,但支持插入filter,所以根據(jù)這個(gè),我們可以插入自己的filter來(lái)靈活使用;

4、暴力手段,修改源碼,前面說(shuō)的修改默認(rèn)filter只是修改配置文件以替換filter而已,這種是直接改了里面的源碼,但是這種不符合OO設(shè)計(jì)原則,而且不實(shí)際,不可用。

本文主要介紹了關(guān)于spring security自定義認(rèn)證登錄的相關(guān)內(nèi)容,分享出來(lái)供大家參考學(xué)習(xí),下面話不多說(shuō)了,來(lái)一起看看詳細(xì)的介紹吧。

1.概要

1.1.簡(jiǎn)介

spring security是一種基于 Spring AOP 和 Servlet 過(guò)濾器的安全框架,以此來(lái)管理權(quán)限認(rèn)證等。

1.2.spring security 自定義認(rèn)證流程

1)認(rèn)證過(guò)程

生成未認(rèn)證的AuthenticationToken                 

 ↑(獲取信息)  (根據(jù)AuthenticationToken分配provider)     
 AuthenticationFilter -> AuthenticationManager -> AuthenticationProvider
        ↓(認(rèn)證)
       UserDetails(一般查詢數(shù)據(jù)庫(kù)獲?。?        ↓(通過(guò))
        生成認(rèn)證成功的AuthenticationToken
         ↓(存放)
        SecurityContextHolder

2)將AuthenticationFilter加入到security過(guò)濾鏈(資源服務(wù)器中配置),如:

http.addFilterBefore(AuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class)

或者:

http.addFilterAfter(AuthenticationFilter, UsernamePasswordAuthenticationFilter.class)

2.以手機(jī)號(hào)短信登錄為例

2.1.開(kāi)發(fā)環(huán)境

  • SpringBoot
  • Spring security
  • redis

2.2.核心代碼分析

2.2.1.自定義登錄認(rèn)證流程

2.2.1.1.自定義認(rèn)證登錄Token

/**
 * 手機(jī)登錄Token
 *
 * @author : CatalpaFlat
 */
public class MobileLoginAuthenticationToken extends AbstractAuthenticationToken {
 private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 private static final Logger logger = LoggerFactory.getLogger(MobileLoginAuthenticationToken.class.getName());
 private final Object principal;
 public MobileLoginAuthenticationToken(String mobile) {
 super(null);
 this.principal = mobile;
 this.setAuthenticated(false);
 logger.info("MobileLoginAuthenticationToken setAuthenticated ->false loading ...");
 }
 public MobileLoginAuthenticationToken(Object principal,
      Collection<? extends GrantedAuthority> authorities) {
 super(authorities);
 this.principal = principal;
 // must use super, as we override
 super.setAuthenticated(true);
 logger.info("MobileLoginAuthenticationToken setAuthenticated ->true loading ...");
 }
 @Override
 public void setAuthenticated(boolean authenticated) {
 if (authenticated) {
  throw new IllegalArgumentException(
   "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
 }
 super.setAuthenticated(false);
 }
 @Override
 public Object getCredentials() {
 return null;
 }
 @Override
 public Object getPrincipal() {
 return this.principal;
 }
 @Override
 public void eraseCredentials() {
 super.eraseCredentials();
 }
}

注:

setAuthenticated():判斷是否已認(rèn)證

  • 在過(guò)濾器時(shí),會(huì)生成一個(gè)未認(rèn)證的AuthenticationToken,此時(shí)調(diào)用的是自定義token的setAuthenticated(),此時(shí)設(shè)置為false -> 未認(rèn)證
  • 在提供者時(shí),會(huì)生成一個(gè)已認(rèn)證的AuthenticationToken,此時(shí)調(diào)用的是父類的setAuthenticated(),此時(shí)設(shè)置為true -> 已認(rèn)證

2.2.1.1.自定義認(rèn)證登錄過(guò)濾器

/**
 * 手機(jī)短信登錄過(guò)濾器
 *
 * @author : CatalpaFlat
 */
public class MobileLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 private boolean postOnly = true;
 private static final Logger logger = LoggerFactory.getLogger(MobileLoginAuthenticationFilter.class.getName());
 @Getter
 @Setter
 private String mobileParameterName;
 public MobileLoginAuthenticationFilter(String mobileLoginUrl, String mobileParameterName,
      String httpMethod) {
 super(new AntPathRequestMatcher(mobileLoginUrl, httpMethod));
 this.mobileParameterName = mobileParameterName;
 logger.info("MobileLoginAuthenticationFilter loading ...");
 }
 @Override
 public Authentication attemptAuthentication(HttpServletRequest request,      HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
 if (postOnly && !request.getMethod().equals(HttpMethod.POST.name())) {
  throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
 }
 //get mobile
 String mobile = obtainMobile(request);
 //assemble token
 MobileLoginAuthenticationToken authRequest = new MobileLoginAuthenticationToken(mobile);

 // Allow subclasses to set the "details" property
 setDetails(request, authRequest);

 return this.getAuthenticationManager().authenticate(authRequest);
 }
 /**
 * 設(shè)置身份認(rèn)證的詳情信息
 */
 private void setDetails(HttpServletRequest request, MobileLoginAuthenticationToken authRequest) {
 authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
 }
 /**
 * 獲取手機(jī)號(hào)
 */
 private String obtainMobile(HttpServletRequest request) {
 return request.getParameter(mobileParameterName);
 }
 public void setPostOnly(boolean postOnly) {
 this.postOnly = postOnly;
 }
}

注:attemptAuthentication()方法:

  • 過(guò)濾指定的url、httpMethod
  • 獲取所需請(qǐng)求參數(shù)數(shù)據(jù)封裝生成一個(gè)未認(rèn)證的AuthenticationToken
  • 傳遞給AuthenticationManager認(rèn)證

2.2.1.1.自定義認(rèn)證登錄提供者

/**
 * 手機(jī)短信登錄認(rèn)證提供者
 *
 * @author : CatalpaFlat
 */
public class MobileLoginAuthenticationProvider implements AuthenticationProvider {
 private static final Logger logger = LoggerFactory.getLogger(MobileLoginAuthenticationProvider.class.getName());
 @Getter
 @Setter
 private UserDetailsService customUserDetailsService;
 public MobileLoginAuthenticationProvider() {
 logger.info("MobileLoginAuthenticationProvider loading ...");
 }
 /**
 * 認(rèn)證
 */
 @Override
 public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 //獲取過(guò)濾器封裝的token信息
 MobileLoginAuthenticationToken authenticationToken = (MobileLoginAuthenticationToken) authentication;
 //獲取用戶信息(數(shù)據(jù)庫(kù)認(rèn)證)
 UserDetails userDetails = customUserDetailsService.loadUserByUsername((String) authenticationToken.getPrincipal());
 //不通過(guò)
 if (userDetails == null) {
  throw new InternalAuthenticationServiceException("Unable to obtain user information");
 }
 //通過(guò)
 MobileLoginAuthenticationToken authenticationResult = new MobileLoginAuthenticationToken(userDetails, userDetails.getAuthorities());
 authenticationResult.setDetails(authenticationToken.getDetails());

 return authenticationResult;
 }
 /**
 * 根據(jù)token類型,來(lái)判斷使用哪個(gè)Provider
 */
 @Override
 public boolean supports(Class<?> authentication) {
 return MobileLoginAuthenticationToken.class.isAssignableFrom(authentication);
 }
}

注:authenticate()方法

  • 獲取過(guò)濾器封裝的token信息
  • 調(diào)取UserDetailsService獲取用戶信息(數(shù)據(jù)庫(kù)認(rèn)證)->判斷通過(guò)與否
  • 通過(guò)則封裝一個(gè)新的AuthenticationToken,并返回

2.2.1.1.自定義認(rèn)證登錄認(rèn)證配置

@Configuration(SpringBeanNameConstant.DEFAULT_CUSTOM_MOBILE_LOGIN_AUTHENTICATION_SECURITY_CONFIG_BN)
public class MobileLoginAuthenticationSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
 private static final Logger logger = LoggerFactory.getLogger(MobileLoginAuthenticationSecurityConfig.class.getName());
 @Value("${login.mobile.url}")
 private String defaultMobileLoginUrl;
 @Value("${login.mobile.parameter}")
 private String defaultMobileLoginParameter;
 @Value("${login.mobile.httpMethod}")
 private String defaultMobileLoginHttpMethod;
 @Autowired
 private CustomYmlConfig customYmlConfig;
 @Autowired
 private UserDetailsService customUserDetailsService;
 @Autowired
 private AuthenticationSuccessHandler customAuthenticationSuccessHandler;
 @Autowired
 private AuthenticationFailureHandler customAuthenticationFailureHandler;
 public MobileLoginAuthenticationSecurityConfig() {
 logger.info("MobileLoginAuthenticationSecurityConfig loading ...");
 }
 @Override
 public void configure(HttpSecurity http) throws Exception {
 MobilePOJO mobile = customYmlConfig.getLogins().getMobile();
 String url = mobile.getUrl();
 String parameter = mobile.getParameter().getMobile();
 String httpMethod = mobile.getHttpMethod();
 MobileLoginAuthenticationFilter mobileLoginAuthenticationFilter = new MobileLoginAuthenticationFilter(StringUtils.isBlank(url) ? defaultMobileLoginUrl : url,
  StringUtils.isBlank(parameter) ? defaultMobileLoginUrl : parameter, StringUtils.isBlank(httpMethod) ? defaultMobileLoginHttpMethod : httpMethod); mobileLoginAuthenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class)); mobileLoginAuthenticationFilter.setAuthenticationSuccessHandler(customAuthenticationSuccessHandler); mobileLoginAuthenticationFilter.setAuthenticationFailureHandler(customAuthenticationFailureHandler);
 MobileLoginAuthenticationProvider mobileLoginAuthenticationProvider = new MobileLoginAuthenticationProvider(); mobileLoginAuthenticationProvider.setCustomUserDetailsService(customUserDetailsService);
 http.authenticationProvider(mobileLoginAuthenticationProvider)
  .addFilterAfter(mobileLoginAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
 }
}

注:configure()方法

實(shí)例化AuthenticationFilter和AuthenticationProvider

將AuthenticationFilter和AuthenticationProvider添加到spring security中。

2.2.2.基于redis自定義驗(yàn)證碼校驗(yàn)

2.2.2.1.基于redis自定義驗(yàn)證碼過(guò)濾器

/**
 * 驗(yàn)證碼過(guò)濾器
 *
 * @author : CatalpaFlat
 */
@Component(SpringBeanNameConstant.DEFAULT_VALIDATE_CODE_FILTER_BN)
public class ValidateCodeFilter extends OncePerRequestFilter implements InitializingBean {
 private static final Logger logger = LoggerFactory.getLogger(ValidateCodeFilter.class.getName());
 @Autowired
 private CustomYmlConfig customYmlConfig;
 @Autowired
 private RedisTemplate<Object, Object> redisTemplate;
 /**
  * 驗(yàn)證請(qǐng)求url與配置的url是否匹配的工具類
  */
 private AntPathMatcher pathMatcher = new AntPathMatcher();
 public ValidateCodeFilter() {
  logger.info("Loading ValidateCodeFilter...");
 }
 @Override
 protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
         FilterChain filterChain) throws ServletException, IOException {
  String url = customYmlConfig.getLogins().getMobile().getUrl();
  if (pathMatcher.match(url, request.getRequestURI())) {
   String deviceId = request.getHeader("deviceId");
   if (StringUtils.isBlank(deviceId)) {
    throw new CustomException(HttpStatus.NOT_ACCEPTABLE.value(), "Not deviceId in the head of the request");
   }
   String codeParamName = customYmlConfig.getLogins().getMobile().getParameter().getCode();
   String code = request.getParameter(codeParamName);
   if (StringUtils.isBlank(code)) {
    throw new CustomException(HttpStatus.NOT_ACCEPTABLE.value(), "Not code in the parameters of the request");
   }
   String key = SystemConstant.DEFAULT_MOBILE_KEY_PIX + deviceId;
   SmsCodePO smsCodePo = (SmsCodePO) redisTemplate.opsForValue().get(key);
   if (smsCodePo.isExpried()){
    throw new CustomException(HttpStatus.BAD_REQUEST.value(), "The verification code has expired");
   }
   String smsCode = smsCodePo.getCode();
   if (StringUtils.isBlank(smsCode)) {
    throw new CustomException(HttpStatus.BAD_REQUEST.value(), "Verification code does not exist");
   }
   if (StringUtils.equals(code, smsCode)) {
    redisTemplate.delete(key);
    //let it go
    filterChain.doFilter(request, response);
   } else {
    throw new CustomException(HttpStatus.BAD_REQUEST.value(), "Validation code is incorrect");
   }
  }else {
   //let it go
   filterChain.doFilter(request, response);
  }
 }
}

注:doFilterInternal()

自定義驗(yàn)證碼過(guò)濾校驗(yàn)

2.2.2.2.將自定義驗(yàn)證碼過(guò)濾器添加到spring security過(guò)濾器鏈

http.addFilterBefore(validateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class)

注:添加到認(rèn)證預(yù)處理過(guò)濾器前

3.測(cè)試效果

spring security自定義認(rèn)證登錄的全過(guò)程記錄

spring security自定義認(rèn)證登錄的全過(guò)程記錄

spring security自定義認(rèn)證登錄的全過(guò)程記錄

spring security自定義認(rèn)證登錄的全過(guò)程記錄

最后附上源碼地址:https://gitee.com/CatalpaFlat/springSecurity.git  (本地下載)

總結(jié)

以上就是這篇文章的全部?jī)?nèi)容了,希望本文的內(nèi)容對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值,如果有疑問(wèn)大家可以留言交流,謝謝大家對(duì)創(chuàng)新互聯(lián)的支持。

本文標(biāo)題:springsecurity自定義認(rèn)證登錄的全過(guò)程記錄
當(dāng)前URL:http://aaarwkj.com/article26/jpoojg.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供品牌網(wǎng)站建設(shè)、網(wǎng)站設(shè)計(jì)、全網(wǎng)營(yíng)銷推廣、、自適應(yīng)網(wǎng)站、品牌網(wǎng)站設(shè)計(jì)

廣告

聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)

成都網(wǎng)站建設(shè)公司

網(wǎng)站設(shè)計(jì)公司知識(shí)

蜜桃视频在线视频免费观看| 99精品国产中文字幕| 欧美一区二区精品少妇| 2021最新四虎永久免费| 欧洲亚洲精品免费二区| 每日更新中文字幕粉嫩av| 国产精品国产一级国产av | 亚洲国产日韩精品欧美| 熟女aaa一区二区午夜| 国产精品午夜福利91| 久热99在线视频免费观看| 区二区三区毛片乱码免费| 天堂av日韩在线播放| 国产亚洲精品国产福利久久| 久久精品国产久精国产爱| 日韩精品在线观看天堂| 亚洲av免费一区二区三区| 香蕉视频网站欧美一区| 亚洲av毛片在线免费播放| 欧洲一区二区三区黄色| 91精品中综合久久久久| 亚洲一区二区三区经典精品| 久久精品人妻麻豆尤物| 抱着操才爽的免费视频观看| 九九九热精品视频在线观看| 亚洲精品午夜在线观看| 天堂在线av免费观看| 午夜激情毛片在线观看| 欧美黑人在线一区二区| 久久偷拍女生厕所尿尿| 96热久久这里只有精品| 色综合色综合蘑菇在线| 久久精品国产亚洲av麻豆尤物| 精品熟妇人妻一区二区三区| 久久中文字幕一区二区三区| 免费无遮挡18禁视频| 亚洲成人av网址大全| 亚洲av色福免费网站| 人妻少妇系列一区二区| 中文字幕亚洲欧美日韩高清| 国产二区日韩成人精品|