JavaWeb-SpringSecurity实现需求-判断请求是否以html结尾
2024-08-30 01:49:06
系列博文
项目已上传至guthub 传送门
JavaWeb-SpringSecurity初认识 传送门
JavaWeb-SpringSecurity在数据库中查询登陆用户 传送门
JavaWeb-SpringSecurity自定义登陆页面 传送门
JavaWeb-SpringSecurity实现需求-判断请求是否以html结尾 传送门
JavaWeb-SpringSecurity自定义登陆配置 传送门
JavaWeb-SpringSecurity图片验证ImageCode 传送门
JavaWeb-SpringSecurity记住我功能 传送门
JavaWeb-SpringSecurity使用短信验证码登陆 传送门
需求
请求来了,判断请求是否以html结尾,是以html结尾则重定向到登陆页面,不是以html结尾就需要进行身份认证
首先我们在SecurityConfig.java中configure()方法中修改自定义登陆页面访问路径为/require,打开SpringSecurity对/require请求的身份认证
protected void configure(HttpSecurity http) throws Exception{
//表单验证(身份认证)
http.formLogin()
//自定义登陆页面
.loginPage("/require")
//如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
.loginProcessingUrl("/loginPage")
.and()
//请求授权
.authorizeRequests()
//在访问我们的URL时,我们是不需要省份认证,可以立即访问
.antMatchers("/login.html","/require").permitAll()
//所有请求都被拦截,跳转到(/login请求中)
.anyRequest()
//都需要我们身份认证
.authenticated()
//SpringSecurity保护机制
.and().csrf().disable();
}
在controller层下创建SecurityController.java作为用户发起的请求
@RequestMapping("/require")
public String require()
{
//判断之前的请求是否以html结尾 //如果是,重定向到登陆页面 //如果不是,我们就让他身份认证 return null;
}
package com.Gary.GaryRESTful.config; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; //Web应用安全适配器
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{ //告诉SpringSecurity密码用什么加密的
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
} protected void configure(HttpSecurity http) throws Exception{
//表单验证(身份认证)
http.formLogin()
//自定义登陆页面
.loginPage("/require")
//如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
.loginProcessingUrl("/loginPage")
.and()
//请求授权
.authorizeRequests()
//在访问我们的URL时,我们是不需要省份认证,可以立即访问
.antMatchers("/login.html","/require").permitAll()
//所有请求都被拦截,跳转到(/login请求中)
.anyRequest()
//都需要我们身份认证
.authenticated()
//SpringSecurity保护机制
.and().csrf().disable();
} }
SecurityConfig.java
package com.Gary.GaryRESTful.controller; import org.springframework.web.bind.annotation.RequestMapping; public class SecurityController { @RequestMapping("require")
public String require()
{
//判断之前的请求是否以html结尾 //如果是,重定向到登陆页面 //如果不是,我们就让他身份认证 return null;
} }
SecurityController.java
完成需求编码阶段SecurityController.java
//拿到转发跳转到之前的请求
private RequestCache requestCache = new HttpSessionRequestCache(); private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); @RequestMapping("/require")
//返回的状态码(401)
@ResponseStatus(code=HttpStatus.UNAUTHORIZED)
public String require(HttpServletRequest request , HttpServletResponse response) throws IOException
{
//拿到了之前的请求
SavedRequest savedRequest = requestCache.getRequest(request, response);
if(savedRequest != null)
{
//url就是引发跳转之前我们的请求
String url = savedRequest.getRedirectUrl();
//判断之前的请求是否以html结尾
if(StringUtils.endsWithIgnoreCase(url, ".html"))
{
//如果是,重定向到登陆页面
redirectStrategy.sendRedirect(request, response, "/login.html");
} } //如果不是,我们就让他身份认证
return new String("需要身份认证");
}
package com.Gary.GaryRESTful.controller; import java.io.IOException; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.springframework.http.HttpStatus;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController; @RestController
public class SecurityController { //拿到转发跳转到之前的请求
private RequestCache requestCache = new HttpSessionRequestCache(); //可以用来做重定向
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); @RequestMapping("/require")
//返回的状态码(401)
@ResponseStatus(code=HttpStatus.UNAUTHORIZED)
public String require(HttpServletRequest request , HttpServletResponse response) throws IOException
{
//拿到了之前的请求
SavedRequest savedRequest = requestCache.getRequest(request, response);
if(savedRequest != null)
{
//url就是引发跳转之前我们的请求
String url = savedRequest.getRedirectUrl();
//判断之前的请求是否以html结尾
if(StringUtils.endsWithIgnoreCase(url, ".html"))
{
//如果是,重定向到登陆页面
redirectStrategy.sendRedirect(request, response, "/login.html"); } } //如果不是,我们就让他身份认证
return new String("需要身份认证");
} }
SecurityController.java
测试阶段
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body> <h1>Gary登陆页面</h1>
<form action="/loginPage" method="post"> 用户名:
<input type="text" name="username">
<br>
密码:
<input type="password" name="password">
<br>
<input type="submit"> </form> </body>
</html>
login.html
package com.Gary.GaryRESTful.config; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; //Web应用安全适配器
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{ //告诉SpringSecurity密码用什么加密的
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
} protected void configure(HttpSecurity http) throws Exception{
//表单验证(身份认证)
http.formLogin()
//自定义登陆页面
.loginPage("/require")
//如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求
.loginProcessingUrl("/loginPage")
.and()
//请求授权
.authorizeRequests()
//在访问我们的URL时,我们是不需要省份认证,可以立即访问
.antMatchers("/login.html","/require").permitAll()
//所有请求都被拦截,跳转到(/login请求中)
.anyRequest()
//都需要我们身份认证
.authenticated()
//SpringSecurity保护机制
.and().csrf().disable();
} }
SecurityConfig.java
package com.Gary.GaryRESTful.controller; import java.io.IOException; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.springframework.http.HttpStatus;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController; @RestController
public class SecurityController { //拿到转发跳转到之前的请求
private RequestCache requestCache = new HttpSessionRequestCache(); //可以用来做重定向
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); @RequestMapping("/require")
//返回的状态码(401)
@ResponseStatus(code=HttpStatus.UNAUTHORIZED)
public String require(HttpServletRequest request , HttpServletResponse response) throws IOException
{
//拿到了之前的请求
SavedRequest savedRequest = requestCache.getRequest(request, response);
if(savedRequest != null)
{
//url就是引发跳转之前我们的请求
String url = savedRequest.getRedirectUrl();
//判断之前的请求是否以html结尾
if(StringUtils.endsWithIgnoreCase(url, ".html"))
{
//如果是,重定向到登陆页面
redirectStrategy.sendRedirect(request, response, "/login.html"); } } //如果不是,我们就让他身份认证
return new String("需要身份认证");
} }
SecurityController.java
最新文章
- ZoomEye 钟馗之眼 搜索工具 基于API
- SQLServer 游标 (A)
- iOS $299申请时碰到的狗血问题
- redis 持久化 如果 AOF 文件出错了,怎么办?
- MySQL安装过程net start mysql 启动失败 报“错误2,系统找不到文件”的解决办法
- 关于inf的问题
- [转].net 缩略图方法
- C++11 | 正则表达式(4)
- python网络编程(六)---web客户端访问
- fedora19配置 SSH 免密码登陆
- jQuery第五章
- servlet中的过滤器 国际化
- SparkMLlib学习分类算法之逻辑回归算法
- Python中使用hashlib进行加密的简单使用
- pwn学习之二
- iOS UI调试神器,插件injection for Xcode使用方法
- 浅谈STM32L071硬件I2C挂死
- c++ 在指定长度的数组或者容器中,统计元素出现的次数(count)
- 数据库分库分表和带来的唯一ID、分页查询问题的解决
- Qt 定时器Timer使用