Spring Security 自定义授权登录成功后自定义方法

avatar 2018年03月26日10:18:38 6 5523 views
博主分享免费Java教学视频,B站账号:Java刘哥 ,长期提供技术问题解决、项目定制:本站商品点此
在使用 Spring Security 做权限管理的时候,授权登录成功后,一般是跳转到首页。但是我们想再授权成功一瞬间做一些额外的操作,比如记录日志,添加 Session 等。

具体做法如下

创建 SecurityConfig 类,继承 WebSecurityConfigurerAdapter

重写 protected void configure(HttpSecurity http)  方法

在里面添加如下代码
  1. .successHandler(new AuthenticationSuccessHandler() {
  2.     @Override
  3.     public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
  4.         Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
  5.         if (principal != null && principal instanceof UserDetails) {
  7.             UserDetails user = (UserDetails) principal;
  8.             //1、添加 Session
  9.             httpServletRequest.getSession().setAttribute("userDetail", user);
  10.             //2、写入日志
  11.             logger.info("【用户已登录】" + user.getUsername());
  12.             //3、写入数据库login_record表
  13.             LoginRecord loginRecord = new LoginRecord();
  14.             loginRecord.setLoginIp(IPUtil.getIpAddr(httpServletRequest));
  15.             loginRecord.setLoginTime(System.currentTimeMillis());
  16.             loginRecord.setUser((User) user);
  17.             loginRecordRepository.save(loginRecord);
  18.             //4、页面跳转到首页
  19.             httpServletResponse.sendRedirect(ctx);//即 /forum
  21.         }
  22.     }
  23. })

第 7 行-第 19 行是自定义操作



完整代码如下
  1. package com.liuyanzhao.forum.config;
  3. import com.liuyanzhao.forum.entity.LoginRecord;
  4. import com.liuyanzhao.forum.entity.User;
  5. import com.liuyanzhao.forum.repository.LoginRecordRepository;
  6. import com.liuyanzhao.forum.service.impl.CustomUserService;
  7. import com.liuyanzhao.forum.util.IPUtil;
  8. import org.slf4j.Logger;
  9. import org.slf4j.LoggerFactory;
  10. import org.springframework.beans.factory.annotation.Autowired;
  11. import org.springframework.beans.factory.annotation.Value;
  12. import org.springframework.context.annotation.Bean;
  13. import org.springframework.security.authentication.AuthenticationManager;
  14. import org.springframework.security.authentication.AuthenticationProvider;
  15. import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
  16. import org.springframework.security.config.BeanIds;
  17. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  18. import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
  19. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  20. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  21. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  22. import org.springframework.security.core.Authentication;
  23. import org.springframework.security.core.context.SecurityContextHolder;
  24. import org.springframework.security.core.userdetails.UserDetails;
  25. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  26. import org.springframework.security.crypto.password.PasswordEncoder;
  27. import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
  29. import javax.servlet.ServletException;
  30. import javax.servlet.http.HttpServletRequest;
  31. import javax.servlet.http.HttpServletResponse;
  32. import java.io.IOException;
  34. /**
  35.  * 安全配置类
  36.  *
  37.  * @author 言曌
  38.  * @date 2018/1/23 上午11:37
  39.  */
  40. @EnableWebSecurity
  41. @EnableGlobalMethodSecurity(prePostEnabled = true// 启用方法安全设置
  42. public class SecurityConfig extends WebSecurityConfigurerAdapter {
  44.     @Value("${server.servlet.context-path}")
  45.     public String ctx;
  48.     private static final String KEY = "liuyanzhao.com";
  50.     private final Logger logger = LoggerFactory.getLogger(this.getClass());
  52.     @Autowired
  53.     private LoginRecordRepository loginRecordRepository;
  55.     /**
  56.      * 自定义UserDetailsService,从数据库中读取用户信息
  57.      *
  58.      * @return
  59.      */
  60.     @Bean
  61.     public CustomUserService customUserDetailsService() {
  62.         return new CustomUserService();
  63.     }
  66.     @Bean
  67.     public PasswordEncoder passwordEncoder() {
  68.         return new BCryptPasswordEncoder();// 使用 BCrypt 加密
  69.     }
  72.     @Bean
  73.     public AuthenticationProvider authenticationProvider() {
  74.         DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
  75.         authenticationProvider.setUserDetailsService(customUserDetailsService());
  76.         authenticationProvider.setPasswordEncoder(passwordEncoder()); // 设置密码加密方式
  77.         return authenticationProvider;
  78.     }
  80.     @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
  81.     @Override
  82.     public AuthenticationManager authenticationManagerBean() throws Exception {
  83.         return super.authenticationManagerBean();
  84.     }
  86.     /**
  87.      * 自定义配置
  88.      */
  89.     @Override
  90.     protected void configure(HttpSecurity http) throws Exception {
  91.         http.authorizeRequests().antMatchers("/css/**""/js/**""/fonts/**""/index").permitAll() // 都可以访问
  92.                 .antMatchers("/h2-console/**").permitAll() // 都可以访问
  93.                 .antMatchers("/login").permitAll() // 都可以访问
  94.                 .antMatchers("/admin/**").hasRole("ADMIN"// 需要相应的角色才能访问
  95.                 .and()
  96.                 .formLogin()   //基于 Form 表单登录验证
  97.                 .loginPage("/login").failureUrl("/login?error=true"// 自定义登录界面
  98.                 .successHandler(new AuthenticationSuccessHandler() {
  99.                     @Override
  100.                     public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
  101.                         Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
  102.                         if (principal != null && principal instanceof UserDetails) {
  103.                             UserDetails user = (UserDetails) principal;
  104.                             //1、添加 Session
  105.                             httpServletRequest.getSession().setAttribute("userDetail", user);
  106.                             //2、写入日志
  107.                             logger.info("【用户已登录】" + user.getUsername());
  108.                             //3、写入数据库login_record表
  109.                             LoginRecord loginRecord = new LoginRecord();
  110.                             loginRecord.setLoginIp(IPUtil.getIpAddr(httpServletRequest));
  111.                             loginRecord.setLoginTime(System.currentTimeMillis());
  112.                             loginRecord.setUser((User) user);
  113.                             loginRecordRepository.save(loginRecord);
  114.                             //4、页面跳转到首页
  115.                             httpServletResponse.sendRedirect(ctx);//即 /forum
  116.                         }
  117.                     }
  118.                 })
  119. //                .defaultSuccessUrl("/")//登陆成功页面,需要去掉,否则不会执行上面的方法
  120.                 .and().rememberMe().key(KEY) // 启用 remember me
  121.                 .and().exceptionHandling().accessDeniedPage("/403");  // 处理异常,拒绝访问就重定向到 403 页面
  122.         http.csrf().ignoringAntMatchers("/h2-console/**"); // 禁用 H2 控制台的 CSRF 防护
  123.         http.csrf().ignoringAntMatchers("/ajax/**"); // 禁用 H2 控制台的 CSRF 防护
  124.         http.headers().frameOptions().sameOrigin(); // 允许来自同一来源的H2 控制台的请求
  125.     }
  127.     /**
  128.      * 认证信息管理
  129.      *
  130.      * @param auth
  131.      * @throws Exception
  132.      */
  133.     @Autowired
  134.     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
  135.         auth.userDetailsService(customUserDetailsService());
  136.         auth.authenticationProvider(authenticationProvider());
  137.     }
  140. }



其他代码不是本文的重点,这里省略。



本文地址:https://liuyanzhao.com/7898.html



历史上的今天
三月
26日
  • 微信
  • 交流学习,资料分享
  • weinxin
  • 个人淘宝
  • 店铺名:言曌博客咨询部

  • (部分商品未及时上架淘宝)
avatar

发表评论

avatar 登录者:匿名
匿名评论,评论回复后会有邮件通知

  

已通过评论:0   待审核评论数:0