Spring Security 自定义配置
Posted INEFFABLE LAND
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Spring Security 自定义配置相关的知识,希望对你有一定的参考价值。
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//ip认证者配置
@Bean
IpAuthenticationProvider ipAuthenticationProvider() {
return new IpAuthenticationProvider();
}
//配置封装ipAuthenticationToken的过滤器
IpAuthenticationProcessingFilter ipAuthenticationProcessingFilter(AuthenticationManager authenticationManager) {
IpAuthenticationProcessingFilter ipAuthenticationProcessingFilter = new IpAuthenticationProcessingFilter();
//为过滤器添加认证器
ipAuthenticationProcessingFilter.setAuthenticationManager(authenticationManager);
//重写认证失败时的跳转页面
ipAuthenticationProcessingFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/ipLogin?error"));
return ipAuthenticationProcessingFilter;
}
//配置登录端点
@Bean
LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint(){
LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint = new LoginUrlAuthenticationEntryPoint
("/ipLogin");
return loginUrlAuthenticationEntryPoint;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.antMatchers("/ipLogin").permitAll()
.anyRequest().authenticated()
.and()
.logout()
.logoutSuccessUrl("/")
.permitAll()
.and()
.exceptionHandling()
.accessDeniedPage("/ipLogin")
.authenticationEntryPoint(loginUrlAuthenticationEntryPoint())
;
//注册IpAuthenticationProcessingFilter 注意放置的顺序 这很关键
http.addFilterBefore(ipAuthenticationProcessingFilter(authenticationManager()), UsernamePasswordAuthenticationFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(ipAuthenticationProvider());
}
}
以上是关于Spring Security 自定义配置的主要内容,如果未能解决你的问题,请参考以下文章
使用 Spring Security 配置自定义 LDAP 身份验证提供程序
如何使用自定义 JAAS 堆栈配置 Spring Security?