JavaWeb-SpringSecurity實現需求-判斷請求是否以html結尾

時間 2020-05-30

標籤 javaweb springsecurity 實現需求判斷請求是否 html 結尾欄目 Java 简体版

原文原文鏈接

　　系列博文html

　　項目已上傳至guthub　　傳送門java

　　JavaWeb-SpringSecurity初認識　　傳送門git

　　JavaWeb-SpringSecurity在數據庫中查詢登錄用戶　　傳送門github

　　JavaWeb-SpringSecurity自定義登錄頁面　　傳送門web

　　JavaWeb-SpringSecurity實現需求-判斷請求是否以html結尾　　傳送門spring

　　JavaWeb-SpringSecurity自定義登錄配置　　傳送門數據庫

　　JavaWeb-SpringSecurity圖片驗證ImageCode　　傳送門安全

　　JavaWeb-SpringSecurity記住我功能　　傳送門app

　　JavaWeb-SpringSecurity使用短信驗證碼登錄　　傳送門ide

　　需求

　　　　請求來了，判斷請求是否以html結尾，是以html結尾則重定向到登錄頁面，不是以html結尾就須要進行身份認證

　　首先咱們在SecurityConfig.java中configure()方法中修改自定義登錄頁面訪問路徑爲/require，打開SpringSecurity對/require請求的身份認證

protected void configure(HttpSecurity http) throws Exception{ //表單驗證(身份認證)
 http.formLogin() //自定義登錄頁面
            .loginPage("/require") //若是URL爲loginPage,則用SpringSecurity中自帶的過濾器去處理該請求
            .loginProcessingUrl("/loginPage") .and() //請求受權
 .authorizeRequests() //在訪問咱們的URL時，咱們是不須要省份認證，能夠當即訪問
            .antMatchers("/login.html","/require").permitAll() //全部請求都被攔截，跳轉到(/login請求中)
 .anyRequest() //都須要咱們身份認證
 .authenticated() //SpringSecurity保護機制
 .and().csrf().disable(); }

　　在controller層下建立SecurityController.java做爲用戶發起的請求

@RequestMapping("/require") public String require() { //判斷以前的請求是否以html結尾 //若是是，重定向到登錄頁面 //若是不是，咱們就讓他身份認證
        
        return null; }

package com.Gary.GaryRESTful.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; //Web應用安全適配器
@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter{ //告訴SpringSecurity密碼用什麼加密的
 @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } protected void configure(HttpSecurity http) throws Exception{ //表單驗證(身份認證)
 http.formLogin() //自定義登錄頁面
            .loginPage("/require") //若是URL爲loginPage,則用SpringSecurity中自帶的過濾器去處理該請求
            .loginProcessingUrl("/loginPage") .and() //請求受權
 .authorizeRequests() //在訪問咱們的URL時，咱們是不須要省份認證，能夠當即訪問
            .antMatchers("/login.html","/require").permitAll() //全部請求都被攔截，跳轉到(/login請求中)
 .anyRequest() //都須要咱們身份認證
 .authenticated() //SpringSecurity保護機制
 .and().csrf().disable(); } }

SecurityConfig.java

package com.Gary.GaryRESTful.controller; import org.springframework.web.bind.annotation.RequestMapping; public class SecurityController { @RequestMapping("require") public String require() { //判斷以前的請求是否以html結尾 //若是是，重定向到登錄頁面 //若是不是，咱們就讓他身份認證
        
        return null; } }

SecurityController.java

　　完成需求編碼階段SecurityController.java

　　//拿到轉發跳轉到以前的請求
    private RequestCache requestCache = new HttpSessionRequestCache(); private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); @RequestMapping("/require") //返回的狀態碼(401)
    @ResponseStatus(code=HttpStatus.UNAUTHORIZED) public String require(HttpServletRequest request , HttpServletResponse response) throws IOException { //拿到了以前的請求
        SavedRequest savedRequest = requestCache.getRequest(request, response); if(savedRequest != null) { //url就是引起跳轉以前咱們的請求
            String url = savedRequest.getRedirectUrl(); //判斷以前的請求是否以html結尾
            if(StringUtils.endsWithIgnoreCase(url, ".html")) { //若是是，重定向到登錄頁面
                redirectStrategy.sendRedirect(request, response, "/login.html"); } } //若是不是，咱們就讓他身份認證
        return new String("須要身份認證"); }

package com.Gary.GaryRESTful.controller; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.http.HttpStatus; import org.springframework.security.web.DefaultRedirectStrategy; import org.springframework.security.web.RedirectStrategy; import org.springframework.security.web.savedrequest.HttpSessionRequestCache; import org.springframework.security.web.savedrequest.RequestCache; import org.springframework.security.web.savedrequest.SavedRequest; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.RestController; @RestController public class SecurityController { //拿到轉發跳轉到以前的請求
    private RequestCache requestCache = new HttpSessionRequestCache(); //能夠用來作重定向
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); @RequestMapping("/require") //返回的狀態碼(401)
    @ResponseStatus(code=HttpStatus.UNAUTHORIZED) public String require(HttpServletRequest request , HttpServletResponse response) throws IOException { //拿到了以前的請求
        SavedRequest savedRequest = requestCache.getRequest(request, response); if(savedRequest != null) { //url就是引起跳轉以前咱們的請求
            String url = savedRequest.getRedirectUrl(); //判斷以前的請求是否以html結尾
            if(StringUtils.endsWithIgnoreCase(url, ".html")) { //若是是，重定向到登錄頁面
                redirectStrategy.sendRedirect(request, response, "/login.html"); } } //若是不是，咱們就讓他身份認證
        return new String("須要身份認證"); } }

SecurityController.java

　　測試階段

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>

<h1>Gary登錄頁面</h1>
    <form action="/loginPage" method="post"> 用戶名： <input type="text" name="username">
        <br> 密碼： <input type="password" name="password">
        <br>
        <input type="submit">
    
    </form>

</body>
</html>

package com.Gary.GaryRESTful.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; //Web應用安全適配器
@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter{ //告訴SpringSecurity密碼用什麼加密的
 @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } protected void configure(HttpSecurity http) throws Exception{ //表單驗證(身份認證)
 http.formLogin() //自定義登錄頁面
            .loginPage("/require") //若是URL爲loginPage,則用SpringSecurity中自帶的過濾器去處理該請求
            .loginProcessingUrl("/loginPage") .and() //請求受權
 .authorizeRequests() //在訪問咱們的URL時，咱們是不須要省份認證，能夠當即訪問
            .antMatchers("/login.html","/require").permitAll() //全部請求都被攔截，跳轉到(/login請求中)
 .anyRequest() //都須要咱們身份認證
 .authenticated() //SpringSecurity保護機制
 .and().csrf().disable(); } }

SecurityConfig.java

package com.Gary.GaryRESTful.controller; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.http.HttpStatus; import org.springframework.security.web.DefaultRedirectStrategy; import org.springframework.security.web.RedirectStrategy; import org.springframework.security.web.savedrequest.HttpSessionRequestCache; import org.springframework.security.web.savedrequest.RequestCache; import org.springframework.security.web.savedrequest.SavedRequest; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.RestController; @RestController public class SecurityController { //拿到轉發跳轉到以前的請求
    private RequestCache requestCache = new HttpSessionRequestCache(); //能夠用來作重定向
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); @RequestMapping("/require") //返回的狀態碼(401)
    @ResponseStatus(code=HttpStatus.UNAUTHORIZED) public String require(HttpServletRequest request , HttpServletResponse response) throws IOException { //拿到了以前的請求
        SavedRequest savedRequest = requestCache.getRequest(request, response); if(savedRequest != null) { //url就是引起跳轉以前咱們的請求
            String url = savedRequest.getRedirectUrl(); //判斷以前的請求是否以html結尾
            if(StringUtils.endsWithIgnoreCase(url, ".html")) { //若是是，重定向到登錄頁面
                redirectStrategy.sendRedirect(request, response, "/login.html"); } } //若是不是，咱們就讓他身份認證
        return new String("須要身份認證"); } }