使用java 编程的注解的方式定制spring security
2016-09-08 19:20
711 查看
上一批博客 介绍了用 xml配置的方式来使用spring security
现在改造成完全使用注解的方式进行 定制 spring security
编程方式替换 在web.xml中定义的spring 的 filterChain
用java 代码来实现是:定义一个 SecurityWebApplicationInitializer 类来继承AbstractSecurityWebApplicationInitializer
编程方式实现在 applicationContext-security.xml 中定义的 http 部分
用java 代码来实现是:定义一个 SecurityConfiguration 类来继承WebSecurityConfigurerAdapter
“`
/**
@Title: SecurityConfiguration.java
@Package com.ninelephas.whale.springsecurity.configuration
@Description: TODO
Copyright: Copyright (c) 2016
Company:九象网络科技(上海)有限公司
@author roamerxv
@date 2016年9月7日 下午12:17:47
@version V1.0.0
*/
package com.ninelephas.whale.springsecurity.configuration;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import com.ninelephas.whale.springsecurity.CustomLoginSuccessHandler;
import com.ninelephas.whale.springsecurity.CustomLogoutFilter;
import com.ninelephas.whale.springsecurity.CustomUsernamePasswordAuthenticationFilter;
/**
* @ClassName: SecurityConfiguration
* @Description: TODO
* @author Comsys-roamerxv
* @date 2016年9月7日 下午12:17:47
*
*/
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
/**
* Logger for this class
*/
private static final Logger logger = LogManager.getLogger(SecurityConfiguration.class.getName());
// @Autowired
// CustomLogoutFilter customLogoutFilter;
}
3. 编程方式实现在 applicationContext-security.xml 中定义的 指定登录filter的实现类
用java 代码来实现是:定义一个 CustomUsernamePasswordAuthenticationFilter 类来实现UsernamePasswordAuthenticationFilter
* 注意!!! *
在xml配置中customUsernamePasswordAuthenticationFilter 这部分需要指定authenticationManager ,并且 是通过
来指定的。所以在SecurityConfiguration.java 文件中需要注意着几个地方
a. 定义一个
@Autowired
AuthenticationManagerBuilder authenticationManagerBuilder;
变量
b. 在配置的函数里面 设置这个变量
c. 用Bean来注解authenticationManager的方法来返回这个 AuthenticationManager
d. 在CustomUsernamePasswordAuthenticationFilter.java 中设置这个变量
5.
现在改造成完全使用注解的方式进行 定制 spring security
编程方式替换 在web.xml中定义的spring 的 filterChain
<!-- spring security --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- end -->
用java 代码来实现是:定义一个 SecurityWebApplicationInitializer 类来继承AbstractSecurityWebApplicationInitializer
/** * @Title: SecurityWebApplicationInitializer.java * @Package com.ninelephas.whale.springsecurity.configuration * @Description: TODO * Copyright: Copyright (c) 2016 * Company:九象网络科技(上海)有限公司 * * @author roamerxv * @date 2016年9月6日 下午7:04:47 * @version V1.0.0 */ package com.ninelephas.whale.springsecurity.configuration; import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; /** * @ClassName: SecurityWebApplicationInitializer * @Description: TODO * @author Comsys-roamerxv * @date 2016年9月6日 下午7:04:47 * */ public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }
编程方式实现在 applicationContext-security.xml 中定义的 http 部分
<http auto-config="false"> <intercept-url pattern="/" access="permitAll" /> <intercept-url pattern="/admin**" access="hasRole('ADMIN')" /> <intercept-url pattern="/workflow/***" access="hasRole('ADMIN')" /> 自定义登录的界面 <form-login login-page="/views/login.jsp" username-parameter="username" password-parameter="password"/> 自定登录的filter <custom-filter before="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter" /> 自定退出的filter <custom-filter before="LOGOUT_FILTER" ref="customLogoutFilter" /> </http>
用java 代码来实现是:定义一个 SecurityConfiguration 类来继承WebSecurityConfigurerAdapter
“`
/**
@Title: SecurityConfiguration.java
@Package com.ninelephas.whale.springsecurity.configuration
@Description: TODO
Copyright: Copyright (c) 2016
Company:九象网络科技(上海)有限公司
@author roamerxv
@date 2016年9月7日 下午12:17:47
@version V1.0.0
*/
package com.ninelephas.whale.springsecurity.configuration;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import com.ninelephas.whale.springsecurity.CustomLoginSuccessHandler;
import com.ninelephas.whale.springsecurity.CustomLogoutFilter;
import com.ninelephas.whale.springsecurity.CustomUsernamePasswordAuthenticationFilter;
/**
* @ClassName: SecurityConfiguration
* @Description: TODO
* @author Comsys-roamerxv
* @date 2016年9月7日 下午12:17:47
*
*/
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
/**
* Logger for this class
*/
private static final Logger logger = LogManager.getLogger(SecurityConfiguration.class.getName());
@Autowired CustomUsernamePasswordAuthenticationFilter customUsernamePasswordAuthenticationFilter;
// @Autowired
// CustomLogoutFilter customLogoutFilter;
@Autowired CustomLoginSuccessHandler customLoginSuccessHandler; // 这里要分配注入一个 AuthenticationManagerBuilder的实例 @Autowired AuthenticationManagerBuilder authenticationManagerBuilder; // 这里要注入这个方法。 @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { logger.debug("configureGlobal(AuthenticationManagerBuilder) - start"); //$NON-NLS-1$ this.authenticationManagerBuilder.inMemoryAuthentication().withUser("user").password("user").roles("USER"); this.authenticationManagerBuilder.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN"); logger.debug("configureGlobal(AuthenticationManagerBuilder) - end"); //$NON-NLS-1$ } @Override protected void configure(HttpSecurity http) throws Exception { logger.debug("configure(HttpSecurity) - start"); //$NON-NLS-1$ http.authorizeRequests() .antMatchers("/").access("permitAll") .antMatchers("/admin**").access("hasRole('ADMIN')") .antMatchers("/workflow/***").access("hasRole('ADMIN')") .and().formLogin().loginPage("/views/login.jsp").successHandler(customLoginSuccessHandler) .usernameParameter("username").passwordParameter("password") .and().csrf() .and().exceptionHandling() .and().addFilterBefore(customUsernamePasswordAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); //.addFilterBefore(customLogoutFilter, LogoutFilter.class); logger.debug("configure(HttpSecurity) - end"); //$NON-NLS-1$ } // 这里要用@Bean注解这个方法,以便容器调用获取实例 AuthenticationManager 实例 @Bean public AuthenticationManager authenticationManager() throws Exception { logger.debug("authenticationManager() - start"); //$NON-NLS-1$ logger.debug("authenticationManager() - end"); //$NON-NLS-1$ return this.authenticationManagerBuilder.build(); }
}
```
3. 编程方式实现在 applicationContext-security.xml 中定义的 指定登录filter的实现类
<beans:bean id="customUsernamePasswordAuthenticationFilter" class="com.ninelephas.whale.springsecurity.CustomUsernamePasswordAuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean>
用java 代码来实现是:定义一个 CustomUsernamePasswordAuthenticationFilter 类来实现UsernamePasswordAuthenticationFilter
```/**
* @Title: CustomLoginFilter.java
* @Package com.ninelephas.whale.springsecurity
* @Description: TODO
* Copyright: Copyright (c) 2016
* Company:九象网络科技(上海)有限公司
*
* @author roamerxv
* @date 2016年9月6日 上午11:23:31
* @version V1.0.0
*/
package com.ninelephas.whale.springsecurity;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.stereotype.Component;
/**
* @ClassName: CustomLoginFilter
* @Description: TODO
* @author Comsys-roamerxv
* @date 2016年9月6日 上午11:23:31
*
*/
@Component
public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
/**
* Logger for this class
*/
private static final Logger logger = LogManager.getLogger(CustomUsernamePasswordAuthenticationFilter.class.getName());
/*
* <p>Title: setAuthenticationManager</p>
* <p>指定AuthenticationManager</p>
* @param authenticationManager
* @see org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter#setAuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
*/
@Autowired
@Override
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
logger.debug("setAuthenticationManager(AuthenticationManager) - start"); //$NON-NLS-1$
super.setAuthenticationManager(authenticationManager);
logger.debug("setAuthenticationManager(AuthenticationManager) - end"); //$NON-NLS-1$
}
/*
* <p>Title: attemptAuthentication</p>
* <p>登录验证做的出来: </p>
* @param request
* @param response
* @return
* @throws AuthenticationException
* @see org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#attemptAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
logger.debug("attemptAuthentication(HttpServletRequest, HttpServletResponse) - start"); //$NON-NLS-1$
logger.debug("attemptAuthentication(HttpServletRequest, HttpServletResponse) - end"); //$NON-NLS-1$
return super.attemptAuthentication(request, response);
}
/*
* <p>Title: successfulAuthentication</p>
* <p>登录成功: </p>
* @param request
* @param response
* @param chain
* @param authResult
* @throws IOException
* @throws ServletException
* @see org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter#successfulAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.FilterChain, org.springframework.security.core.Authentication)
*/
@Override
protected void successfulAuthentication(HttpServletRequest request,
HttpServletResponse response,
FilterChain chain,
Authentication authResult) throws IOException, ServletException {
logger.debug("successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - start"); //$NON-NLS-1$
super.successfulAuthentication(request, response, chain, authResult);
logger.debug(new StringBuffer("登录成功!用户是:").append(authResult.getName()));
request.getSession().setAttribute("user", authResult.getName());
logger.debug("successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - end"); //$NON-NLS-1$
}
/*
* <p>Title: unsuccessfulAuthentication</p>
* <p>登录失败: </p>
* @param request
* @param response
* @param failed
* @throws IOException
* @throws ServletException
* @see org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter#unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.core.AuthenticationException)
*/
@Override
protected void unsuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, AuthenticationException failed)
throws IOException, ServletException {
logger.debug("unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - start"); //$NON-NLS-1$
super.unsuccessfulAuthentication(request, response, failed);
logger.debug("登录失败!");
logger.debug("unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - end"); //$NON-NLS-1$
}
}
```
* 注意!!! *
在xml配置中customUsernamePasswordAuthenticationFilter 这部分需要指定authenticationManager ,并且 是通过
<authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user name="user" password="user" authorities="ROLE_USER" /> <user name="admin" password="admin" authorities="ROLE_ADMIN" /> </user-service> </authentication-provider> </authentication-manager>
来指定的。所以在SecurityConfiguration.java 文件中需要注意着几个地方
a. 定义一个
@Autowired
AuthenticationManagerBuilder authenticationManagerBuilder;
变量
b. 在配置的函数里面 设置这个变量
// 这里要注入这个方法。 @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { logger.debug("configureGlobal(AuthenticationManagerBuilder) - start"); //$NON-NLS-1$ this.authenticationManagerBuilder.inMemoryAuthentication().withUser("user").password("user").roles("USER"); this.authenticationManagerBuilder.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN"); logger.debug("configureGlobal(AuthenticationManagerBuilder) - end"); //$NON-NLS-1$ }
c. 用Bean来注解authenticationManager的方法来返回这个 AuthenticationManager
// 这里要用@Bean注解这个方法,以便容器调用获取实例 AuthenticationManager 实例 @Bean public AuthenticationManager authenticationManager() throws Exception { logger.debug("authenticationManager() - start"); //$NON-NLS-1$ AuthenticationManager authenticationManager = this.authenticationManagerBuilder.build(); logger.debug(new StringBuffer("AuthenticationManager设置成功,对象指针是:").append(authenticationManager)); logger.debug("authenticationManager() - end"); //$NON-NLS-1$ return authenticationManager; }
d. 在CustomUsernamePasswordAuthenticationFilter.java 中设置这个变量
@Autowired @Override public void setAuthenticationManager(AuthenticationManager authenticationManager) { logger.debug("setAuthenticationManager(AuthenticationManager) - start"); //$NON-NLS-1$ super.setAuthenticationManager(authenticationManager); logger.debug("setAuthenticationManager(AuthenticationManager) - end"); //$NON-NLS-1$ }
5.
相关文章推荐
- ssh使用Java注解的方式声明架构
- Java基础知识强化之网络编程笔记18:Android网络通信之 使用HttpClient的Post / Get 方式读取网络数据(基于HTTP通信技术)
- springboot+redis(注解方式)使用(java代码部分)
- [java][servlet]模拟Servlet3.0使用注解的方式配置Servlet
- 《Java从入门到放弃》框架入门篇:使用注解的方式配置hibernate映射关系
- Spring Cache抽象-使用Java类注解的方式整合EhCache
- Java基础知识强化之网络编程笔记16:Android网络通信之 使用Http的Get方式读取网络数据(基于HTTP通信技术)
- JAVAWEB开发之SpringMVC详解(一)——SpringMVC的框架原理、架构简介、与mybatis整合和注解方式的使用、
- 【java简单的注解使用方式】用注解代替设置属性方法
- 使用编程方式获取当前Java进程的进程ID
- Java基础知识强化之网络编程笔记17:Android网络通信之 使用Http的Post方式读取网络数据(基于HTTP通信技术)
- Spring security 4 使用java注解进行登陆验证
- 纯java 使用spring的注解方式AOP
- Spring Framework 5.0:使用注解的方式来加载Bean、入门注解、了解java反射
- 《Java从入门到放弃》入门篇:使用注解的方式配置hibernate映射关系
- 传统Socket编程传递POJO(使用Java自带的序列化方式)
- Java接口样例(使用注解方式)
- JavaWeb学习总结(四十八)——模拟Servlet3.0使用注解的方式配置Servlet
- Spring依赖注入——java项目中使用spring注解方式进行注入
- spring学习笔记7--使用spring进行面向切面的(AOP)编程(1)注解方式实现