springsecurity表单认证

Posted 2021-03-17 tekken-wang

1.登录

• 创建 SecurityConfig 配置类 继承 SecurityConfig 重写 configure方法
• http.formLogin() 启用表单登录

• http.loginPage（"/authentication/require"） 当请求需要身份认证时，默认跳转的url，就是登录页面

• http.loginProcessingUrl（"/authentication/form"）默认的用户名密码登录请求处理url，form表单action的url

• 登录时候需要判断 是html请求还是 app这样的请求 ，登录时 springSecurity 判断需要身份认证时候将请求信 缓存到 RequestCache 里面，当跳转到 登录页面controller时候从 RequestCache 里面取出 请求类型 在判断返回页面还是 json

private RequestCache requestCache = new RequestCache ();

• 将html页面 地址配置在 yml里面 用实体类 映射yml，实体类中的url设置默认值，如果配置文件没有设置去默认值

2.登录成功处理

• 创建类继承 extends SavedRequestAwareAuthenticationSuccessHandler ，重写onAuthenticationSuccess 方法 处理登录成功后的 逻辑

@Component("imoocAuthenticationSuccessHandler")
public class ImoocAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    private Logger logger = LoggerFactory.getLogger(getClass());
    @Autowired
    private ObjectMapper objectMapper;
    @Autowired
    private SecurityProperties securityProperties;
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {
        logger.info("登录成功");
        if (LoginResponseType.JSON.equals(securityProperties.getBrowser().getLoginType())) {
            response.setContentType("application/json;charset=UTF-8");
            response.getWriter().write(objectMapper.writeValueAsString(authentication));
        } else {
            super.onAuthenticationSuccess(request, response, authentication);
        }
    }
}

• http.successHandler() 配置登录成功后的controller

public class AbstractChannelSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    protected AuthenticationSuccessHandler imoocAuthenticationSuccessHandler;
    
    @Autowired
    protected AuthenticationFailureHandler imoocAuthenticationFailureHandler;
    
    protected void applyPasswordAuthenticationConfig(HttpSecurity http) throws Exception {
        http.formLogin()
            .loginPage(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL)
            .loginProcessingUrl(SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_FORM)
            .successHandler(imoocAuthenticationSuccessHandler)
            .failureHandler(imoocAuthenticationFailureHandler);
    }
    
}

3 登录失败处理

• 登录失败与登录成功处理类似
• failureHandler(imoocAuthenticationFailureHandler); 登录失败处理controller

@Component("imoocAuthenctiationFailureHandler")
public class ImoocAuthenctiationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    private Logger logger = LoggerFactory.getLogger(getClass());
    @Autowired
    private ObjectMapper objectMapper;
    @Autowired
    private SecurityProperties securityProperties;

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException exception) throws IOException, ServletException {
        logger.info("登录失败");
        if (LoginResponseType.JSON.equals(securityProperties.getBrowser().getLoginType())) {
            response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
            response.setContentType("application/json;charset=UTF-8");
            response.getWriter().write(objectMapper.writeValueAsString(new SimpleResponse(exception.getMessage())));
        }else{
            super.onAuthenticationFailure(request, response, exception);
        }
    }
}

4 用户信息共享

• securityContext 过滤器检查 session是否有 用户信息 有 放到线程，当结束时 securityContext滤器 检查线程是否有 contgext 有放到session