JavaWeb-SpringSecurity實現需求-判斷請求是否以html結尾

時間  2019-11-09
標籤 javaweb springsecurity 實現 需求 判斷 請求 是否 html 結尾 欄目 Java 简体版
原文   原文鏈接

 

 

  系列博文html

  項目已上傳至guthub  傳送門java

  JavaWeb-SpringSecurity初認識  傳送門git

  JavaWeb-SpringSecurity在數據庫中查詢登錄用戶  傳送門github

  JavaWeb-SpringSecurity自定義登錄頁面  傳送門web

  JavaWeb-SpringSecurity實現需求-判斷請求是否以html結尾  傳送門spring

  JavaWeb-SpringSecurity自定義登錄配置  傳送門數據庫

  JavaWeb-SpringSecurity圖片驗證ImageCode  傳送門安全

  JavaWeb-SpringSecurity記住我功能  傳送門app

  JavaWeb-SpringSecurity使用短信驗證碼登錄  傳送門ide

 

  需求

    請求來了,判斷請求是否以html結尾,是以html結尾則重定向到登錄頁面,不是以html結尾就須要進行身份認證

 

  首先咱們在SecurityConfig.java中configure()方法中修改自定義登錄頁面訪問路徑爲/require,打開SpringSecurity對/require請求的身份認證

protected void configure(HttpSecurity http) throws Exception{
        //表單驗證(身份認證)
        http.formLogin()
            //自定義登錄頁面
            .loginPage("/require")
            //若是URL爲loginPage,則用SpringSecurity中自帶的過濾器去處理該請求
            .loginProcessingUrl("/loginPage")
            .and()
            //請求受權
            .authorizeRequests()
            //在訪問咱們的URL時,咱們是不須要省份認證,能夠當即訪問
            .antMatchers("/login.html","/require").permitAll()
            //全部請求都被攔截,跳轉到(/login請求中)
            .anyRequest()
            //都須要咱們身份認證
            .authenticated()
            //SpringSecurity保護機制
            .and().csrf().disable();
    }

 

  在controller層下建立SecurityController.java做爲用戶發起的請求

    @RequestMapping("/require")
    public String require()
    {
        //判斷以前的請求是否以html結尾
        
        //若是是,重定向到登錄頁面
        
        //若是不是,咱們就讓他身份認證
        
        return null;
    }

 

package com.Gary.GaryRESTful.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


//Web應用安全適配器
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    //告訴SpringSecurity密碼用什麼加密的
    @Bean
    public PasswordEncoder passwordEncoder()
    {
        return new BCryptPasswordEncoder();
    }
    
    

    protected void configure(HttpSecurity http) throws Exception{
        //表單驗證(身份認證)
        http.formLogin()
            //自定義登錄頁面
            .loginPage("/require")
            //若是URL爲loginPage,則用SpringSecurity中自帶的過濾器去處理該請求
            .loginProcessingUrl("/loginPage")
            .and()
            //請求受權
            .authorizeRequests()
            //在訪問咱們的URL時,咱們是不須要省份認證,能夠當即訪問
            .antMatchers("/login.html","/require").permitAll()
            //全部請求都被攔截,跳轉到(/login請求中)
            .anyRequest()
            //都須要咱們身份認證
            .authenticated()
            //SpringSecurity保護機制
            .and().csrf().disable();
    }
    
}
SecurityConfig.java

 

package com.Gary.GaryRESTful.controller;

import org.springframework.web.bind.annotation.RequestMapping;

public class SecurityController {

    @RequestMapping("require")
    public String require()
    {
        //判斷以前的請求是否以html結尾
        
        //若是是,重定向到登錄頁面
        
        //若是不是,咱們就讓他身份認證
        
        return null;
    }
    

}
SecurityController.java

 

  完成需求編碼階段SecurityController.java

  //拿到轉發跳轉到以前的請求
    private RequestCache requestCache = new HttpSessionRequestCache();
    
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    
    @RequestMapping("/require")
    //返回的狀態碼(401)
    @ResponseStatus(code=HttpStatus.UNAUTHORIZED)
    public String require(HttpServletRequest request , HttpServletResponse response) throws IOException
    {
        //拿到了以前的請求
        SavedRequest savedRequest = requestCache.getRequest(request, response);
        if(savedRequest != null)
        {
            //url就是引起跳轉以前咱們的請求
            String url = savedRequest.getRedirectUrl();
            //判斷以前的請求是否以html結尾
            if(StringUtils.endsWithIgnoreCase(url, ".html"))
            {
                //若是是,重定向到登錄頁面
                redirectStrategy.sendRedirect(request, response, "/login.html");
            }

        }

        //若是不是,咱們就讓他身份認證
        return new String("須要身份認證");
    }

 

package com.Gary.GaryRESTful.controller;

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.http.HttpStatus;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class SecurityController {

    //拿到轉發跳轉到以前的請求
    private RequestCache requestCache = new HttpSessionRequestCache();
    
    //能夠用來作重定向
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    
    @RequestMapping("/require")
    //返回的狀態碼(401)
    @ResponseStatus(code=HttpStatus.UNAUTHORIZED)
    public String require(HttpServletRequest request , HttpServletResponse response) throws IOException
    {
        //拿到了以前的請求
        SavedRequest savedRequest = requestCache.getRequest(request, response);
        if(savedRequest != null)
        {
            //url就是引起跳轉以前咱們的請求
            String url = savedRequest.getRedirectUrl();
            //判斷以前的請求是否以html結尾
            if(StringUtils.endsWithIgnoreCase(url, ".html"))
            {
                //若是是,重定向到登錄頁面
                redirectStrategy.sendRedirect(request, response, "/login.html");
            
            }

        }

        //若是不是,咱們就讓他身份認證
        return new String("須要身份認證");
    }
    

}
SecurityController.java

 

 

  測試階段

 

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>

<h1>Gary登錄頁面</h1>
    <form action="/loginPage" method="post">
    
        用戶名:
        <input type="text" name="username">
        <br>
        密碼:
        <input type="password" name="password">
        <br>
        <input type="submit">
    
    </form>

</body>
</html>
login.html

 

package com.Gary.GaryRESTful.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


//Web應用安全適配器
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    //告訴SpringSecurity密碼用什麼加密的
    @Bean
    public PasswordEncoder passwordEncoder()
    {
        return new BCryptPasswordEncoder();
    }
    
    

    protected void configure(HttpSecurity http) throws Exception{
        //表單驗證(身份認證)
        http.formLogin()
            //自定義登錄頁面
            .loginPage("/require")
            //若是URL爲loginPage,則用SpringSecurity中自帶的過濾器去處理該請求
            .loginProcessingUrl("/loginPage")
            .and()
            //請求受權
            .authorizeRequests()
            //在訪問咱們的URL時,咱們是不須要省份認證,能夠當即訪問
            .antMatchers("/login.html","/require").permitAll()
            //全部請求都被攔截,跳轉到(/login請求中)
            .anyRequest()
            //都須要咱們身份認證
            .authenticated()
            //SpringSecurity保護機制
            .and().csrf().disable();
    }
    
}
SecurityConfig.java

 

package com.Gary.GaryRESTful.controller;

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.http.HttpStatus;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class SecurityController {

    //拿到轉發跳轉到以前的請求
    private RequestCache requestCache = new HttpSessionRequestCache();
    
    //能夠用來作重定向
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    
    @RequestMapping("/require")
    //返回的狀態碼(401)
    @ResponseStatus(code=HttpStatus.UNAUTHORIZED)
    public String require(HttpServletRequest request , HttpServletResponse response) throws IOException
    {
        //拿到了以前的請求
        SavedRequest savedRequest = requestCache.getRequest(request, response);
        if(savedRequest != null)
        {
            //url就是引起跳轉以前咱們的請求
            String url = savedRequest.getRedirectUrl();
            //判斷以前的請求是否以html結尾
            if(StringUtils.endsWithIgnoreCase(url, ".html"))
            {
                //若是是,重定向到登錄頁面
                redirectStrategy.sendRedirect(request, response, "/login.html");
            
            }

        }

        //若是不是,咱們就讓他身份認證
        return new String("須要身份認證");
    }
    

}
SecurityController.java
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程