zoukankan      html  css  js  c++  java

  • Spring-security自定义过滤器

    定义过滤器

    public class TokenAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter  {

    public TokenAuthenticationFilter() {
        this.setCheckForPrincipalChanges(true);
        this.setAuthenticationManager(new AuthenticationManager() {
            @Override
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                String token = (String)authentication.getPrincipal();
                if(!StringUtils.isEmpty(token)){
                    User user =  new User(token, "ROLE_USER");
                    user.setAuthenticated(true);
                    return user;
                }else{
                    return null;
                }
            }
        });
    }

    @Override
    protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
        String token = request.getParameter("token");
        if(token == null){
            token = request.getHeader("x-token");
        }
        return token;
    }

    @Override
    protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
        return null;
    }
}

    security配置

    @Configuration
    public static class WebSecurityConfigurer extends WebSecurityConfigurerAdapter{
        
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .addFilter(new TokenAuthenticationFilter())
                .formLogin()
            .and()
                .logout()
                    .invalidateHttpSession(true)
                    .logoutUrl("/logout").logoutSuccessUrl("/")
                    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .and()
                .sessionManagement()
                    .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
                .authorizeRequests()
                    .anyRequest().authenticated();
        }
    }
  • 相关阅读:
    解释下Http请求头和常见响应状态码
    sys 模块常用方法
    os 模块常用方法
    说明os,sys模块有什么不同
    dict 的 items() 方法与 iteritems() 方法的不同?
    Python是如何进行类型转换的?
    Python中pass语句的作用是什么?
    创建一个简单tcp服务器需要的流程
    安全性
    传输数据的大小
  • 原文地址:https://www.cnblogs.com/kingsy/p/6635789.html
Copyright © 2011-2022 走看看