java– 没有web.xml的Spring安全自定义身份验证过滤器_语言综合

概述使用注释和java配置我不太清楚如何为spring security注册一个重写的过滤器.我想要实现的是在不显示登录表单的情况下进行自动登录,因为此时用户已经过身份验证.因此,只会读取标题参数并使用spring security进行授权.这是我正在尝试的简化版本,Spring安全性正常工作,除了有时显示登录屏幕.引导BypassLoginFilter是我需要

使用注释和java配置我不太清楚如何为spring security注册一个重写的过滤器.

我想要实现的是在不显示登录表单的情况下进行自动登录,因为此时用户已经过身份验证.因此,只会读取标题参数并使用spring security进行授权.

这是我正在尝试的简化版本,Spring安全性正常工作,除了有时显示登录屏幕.
引导BypassLoginFilter是我需要的全部内容.另外在某处读取http自动配置应该关闭这种行为,但不知道如何在纯java配置中实现.

SecurityWebApplicationInitializer.java

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer{}

SecurityConfig .java

import org.springframework.beans.factory.annotation.autowired;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;import org.springframework.security.config.annotation.web.builders.httpSecurity;import org.springframework.security.config.annotation.web.builders.WebSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.web.authentication.logout.logoutFilter;@Configuration@EnableWebSecurity@EnableGlobalMethodSecurity(securedEnabled=true,prePostEnabled=true)public class SecurityConfig extends WebSecurityConfigurerAdapter {    @OverrIDe    public voID configure(WebSecurity web) throws Exception {        web.ignoring().antMatchers("/resources/**");        }    @OverrIDe    protected voID configure(httpSecurity http) throws Exception {        http.csrf().disable();        http.authorizeRequests().antMatchers("/*").permitAll()                .anyRequest().hasRole("USER").and()                .formLogin()                .permitAll();        http.addFilterBefore(new BypassLoginFilter(),logoutFilter.class);        //.and().anonymous().disable();    }    @OverrIDe    @autowired    protected voID registerauthentication(AuthenticationManagerBuilder auth) {        try {            auth.inMemoryAuthentication().withUser("user").password("password")            .roles("USER").and().withUser("admin").password("password")            .roles("USER","admin");        } catch (Exception e) {            e.printstacktrace();        }    }}

BypassLoginFilter.java

import java.io.IOException;import java.util.ArrayList;import java.util.List;import javax.servlet.servletexception;import javax.servlet.http.httpServletRequest;import javax.servlet.http.httpServletResponse;import org.springframework.security.core.Authentication;import org.springframework.security.core.AuthenticationException;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;public class BypassLoginFilter extends AbstractAuthenticationProcessingFilter{    private static String header_IS_admin = "isadmin";    public BypassLoginFilter()    {        super("/*");    }        //Never gets executed    @OverrIDe    public Authentication attemptAuthentication(httpServletRequest request,httpServletResponse response) throws AuthenticationException,IOException,servletexception {        boolean isadmin = Boolean.valueOf(request.getheader(header_IS_admin));        PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken("","",getAuthoritIEs(isadmin));        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));        return getAuthenticationManager().authenticate(authRequest);    }    private List

最佳答案您可以尝试以下方法.假设您有一个类似于以下内容的YourUser类：
public class YourUser extends org.springframework.security.core.userdetails.User{   ...   public String getStartPage(){ return "/userhomepage"; }   ...}
然后你需要声明身份验证处理程序：
@Componentpublic class YourAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {    protected String determineTargetUrl(httpServletRequest request,httpServletResponse response) {        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();        if (authentication.getPrincipal() instanceof YourUser) {            final YourUser user = (YourUser) authentication.getPrincipal();            return user.getStartPage();        }else {            return "/defaultPageForNonAuthenticatedUsers";        }    }}
并在安全配置中使用它：
@Configuration@EnableWebSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter {    @OverrIDe    protected voID configure(httpSecurity http) throws Exception {        // rest calls are ommited        http.successHandler(successHandler());    }    @Bean    public AuthenticationSuccessHandler successHandler() throws Exception {        return new YourAuthenticationSuccessHandler();    }}
          总结       以上是内存溢出为你收集整理的java  – 没有web.xml的Spring安全自定义身份验证过滤器全部内容，希望文章能够帮你解决java  – 没有web.xml的Spring安全自定义身份验证过滤器所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。					
										


					
						欢迎分享，转载请注明来源：内存溢出
原文地址: http://outofmemory.cn/langs/1250884.html

java– 没有web.xml的Spring安全自定义身份验证过滤器

发表评论

评论列表（0条）