接到一个需求,要做一个免登录页面,登录的时候要传递一个参数过来
当时的第一反应就是拦截器,但以前没弄过这个,如果搜索查询还是花了我不少时间,现在这个问题已经解决,对于这个问题,值得记录一下
/**
* login界面
*
* @param uc
* @param model
* @return
*/
@RequestMapping(value = "/login", method = { RequestMethod.GET, RequestMethod.POST })
public String login(@AuthenticationPrincipal final CurrentUser<User> uc, final Model model) {
log.info("login---------------------------");
return "login";
}
首先 这就是登陆路径,@AuthenticationPrincipal这个会自动拦截post的login请求,实现自动校验登录,所以要在登录之前,写个拦截
在 SecurityConfiguration 配置页中, configure 这个方法会配置一些登录的东西
protected void configure(final HttpSecurity http) throws Exception {
http.csrf().disable();
//配置自定义过滤器在security的UsernamePasswordAuthenticationFilter过滤器之前 ------------------------------ 这个就是我说的要加的地方 加了这个就可以执行代码了 -------------------------------
http.addFilterBefore(new MyFilter("/login", "/login?error"), UsernamePasswordAuthenticationFilter.class);
http.headers().frameOptions().sameOrigin();// 设置同域名下iframe可用
http.sessionManagement().enableSessionUrlRewriting(true);
http.authorizeRequests().antMatchers("/******/**", LOGIN_URL).permitAll().antMatchers("/****/**")
.hasRole("ADMIN").anyRequest().authenticated().and().exceptionHandling()
.accessDeniedPage(ERROR_405_URL);
http.formLogin().loginPage(LOGIN_URL).authenticationDetailsSource(authenticationDetailsSource)
.defaultSuccessUrl("/main", true).failureUrl(LOGIN_URL + "?error")
// .failureHandler(new UserLoginFailureHandler())
.successHandler(new UserLoginSuccessHandler()).permitAll();
http.logout().logoutRequestMatcher(new AntPathRequestMatcher(LOGOUT_URL)).logoutSuccessUrl(LOGIN_URL)
.addLogoutHandler(new UserLogoutHandler());
}
}
------------------------------------------------------------------------------------------------------------------------------------------ 然后加入过滤类
package com.ttrdtydrh.filter;
import java.io.IOException;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.util.matcher.RequestMatcher;
/**
* 此类用来拦截 账号是rsh登入来的账号
* @author 1234567
*
*/
public class MyFilter extends AbstractAuthenticationProcessingFilter {
//拦截的url
private String processUrl;
protected MyFilter(RequestMatcher requiresAuthenticationRequestMatcher) {
super(requiresAuthenticationRequestMatcher);
// TODO Auto-generated constructor stub
}
public MyFilter(String defaultFilterProcessesUrl,String failureUrl) {
super(defaultFilterProcessesUrl);
this.processUrl=defaultFilterProcessesUrl;
setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(failureUrl));
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException, ServletException {
// TODO Auto-generated method stub
return null;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res=(HttpServletResponse)response;
if(processUrl.equals(req.getServletPath()) && "POST".equalsIgnoreCase(req.getMethod())){
//获取参数
String query = req.getParameter("aush");//username=query
if(query.equals("query")){
String parameter = req.getParameter("sssss");
System.out.println("----------- "+parameter+" --------------");
HttpSession session = req.getSession(); // 记录
session.setAttribute("dsfsdf", parameter);
session.setAttribute("fafafa", parameter);
}
}
chain.doFilter(request, response);
}
}