springcloud +spring security多种验证方式之第三方token生成自己的token通过校验和自己的表单验证大体流程
步骤:
1.继承 WebSecurityConfigurerAdapter.class,其中使用两个过滤器,一个spring scurity自带的UsernamePasswordAuthenticationFilter,一个是自定义的过滤器ZTSSOAuthenticationProcessingFilter ,他们都继承AbstractAuthenticationProcessingFilter,该filter的功能是去指定拦截界面发送的post请求,然后加入到filter chain 中去。
import com.idoipo.ibt.service.LoginAuthenticationSuccessHandler;
import com.idoipo.ibt.service.SmsAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; /**
* Created by pingli on 2018-10-13.
*/
@Configuration
@EnableWebSecurity
@SuppressWarnings("unused")
public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter{ @Value("${com.cookie}")
private String sessionCookieName; @Value("${com..cookie.token}")
private String tokenCookie; @Value("${com.cookie.timer}")
private String timerCookie; @Value("${com.cookie.curp}")
private String curpCookie; @Value("${com.cookie.gw}")
private String gwCookie; @Value("${com.cookie.commondomain}")
private String cdCookie; @Value("${com.index}")
private String homeUrl;
@Value("${com.main}")
private String mainUrl;
@Value("${zt.ssoUrl}")
private String ssoUrl;
@Value("${zt.appId}")
private String appId; @Value("${com.idoipo.infras.ibt}")
private String ibtUrl; @Autowired
private SmsAuthenticationProvider authenticationProvider; @Autowired
private ZTSSOAuthenticationProvider ztssoAuthenticationProvider; @Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager; @Autowired
private LoginAuthenticationSuccessHandler successHandler; @Override
protected void configure(HttpSecurity http) throws Exception {
String logoutUrl="/logout";
String loginUrl="/login";
String loginMiddleUrl="/SsoLogin";
String ssoUrlRequest = ssoUrl+"?a="+appId+"&"+"r="+ibtUrl+loginMiddleUrl;
http.formLogin()//处理登录
.loginPage(ssoUrlRequest)
.successHandler(successHandler)
.loginProcessingUrl(loginUrl)
.usernameParameter("mobile")
.passwordParameter("check")
.failureUrl(ssoUrlRequest)
.permitAll()
.and()
.authorizeRequests()//请求授权
.antMatchers("/",homeUrl,"/file/supload","/dist/**",loginMiddleUrl).permitAll()//首页与前端资源可以直接访问
.antMatchers(logoutUrl,"/heartbeat").authenticated()
.antMatchers(loginUrl).anonymous()
.anyRequest().authenticated()
.and()
.logout()
.logoutUrl(logoutUrl)
.logoutSuccessUrl(homeUrl)
.invalidateHttpSession(true)
.deleteCookies(sessionCookieName,tokenCookie,timerCookie,curpCookie,gwCookie,cdCookie)
.logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl, "GET"))
.and()
.csrf()
.disable()
.addFilterAt(ztssoAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class);//增加过滤/SsoLogin接口请求
} @Bean
public ZTSSOAuthenticationProcessingFilter ztssoAuthenticationFilter() {
ZTSSOAuthenticationProcessingFilter filter = new ZTSSOAuthenticationProcessingFilter();
filter.setAuthenticationManager(authenticationManager);
filter.setAuthenticationSuccessHandler(successHandler);
return filter;
} @Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
} @Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(this.authenticationProvider)
.authenticationProvider(this.ztssoAuthenticationProvider); } }
import com.idoipo.ibt.controllers.HomeController;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException; /**
* Created by pingli on 2018-10-06
* 拦截请求
*/
public class ZTSSOAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter { private Logger logger = LoggerFactory.getLogger(ZTSSOAuthenticationProcessingFilter.class);
public static final String SPRING_SECURITY_FORM_ZT_TOKEN = "Token"; private String ZTToken = SPRING_SECURITY_FORM_ZT_TOKEN;
private boolean postOnly = true; public ZTSSOAuthenticationProcessingFilter() { super(new AntPathRequestMatcher("/SsoLogin", "POST"));
} @Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException {
logger.info("进入sso过滤器");
if (postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
} String token = obtainToken(request); if (token == null) {
token = "";
} AbstractAuthenticationToken authRequest = new ZTSSOAuthenticationToken(null,token); // Allow subclasses to set the "details" property
setDetails(request, authRequest); return this.getAuthenticationManager().authenticate(authRequest);
} protected String obtainToken(HttpServletRequest request) {
return request.getParameter(ZTToken);
} protected void setDetails(HttpServletRequest request,
AbstractAuthenticationToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
} }
2
ZTSSOAuthenticationProcessingFilter 拦截到SsoLogin 的post请求后,需要一个继承
AbstractAuthenticationToken的token类来存得到的第三方的token参数。
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion; import java.util.Collection; /**
* Created by pingli on 2018-10-06
* 生成登录session,同用户不用再校验
*/
public class ZTSSOAuthenticationToken extends AbstractAuthenticationToken { private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; private final Object principal;
private String credentials; public ZTSSOAuthenticationToken(Object principal,String credentials) {
super(null);
this.principal = principal;
this.credentials = credentials;
super.setAuthenticated(true);
} public ZTSSOAuthenticationToken(Object principal, Collection<? extends GrantedAuthority> authorities) {
super(authorities);
this.principal = principal;
this.credentials = null;
super.setAuthenticated(true); // must use super, as we override
} // ~ Methods
// ======================================================================================================== public String getCredentials() {
return this.credentials;
} public Object getPrincipal() {
return this.principal;
} public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
if (isAuthenticated) {
throw new IllegalArgumentException(
"Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
} super.setAuthenticated(false);
} @Override
public void eraseCredentials() {
super.eraseCredentials();
credentials = null;
} }
3.得到参数后,需要根据token,去第三方查询用户信息,用户生成自己系统的token,这一步在实现了
AuthenticationProvider的类中去处理,这个类需要去指定
ZTSSOAuthenticationToken 支持他,所以需要重写
supports方法,从而关联上ZTSSOAuthenticationProcessingFilter ,
ZTSSOAuthenticationToken ,
AuthenticationProvider这三个类,filter得到请求,token去保存参数,provider去获取支持的token类的参数,从而完成一条线,后续其他验证也可以采用该种方式去增加,注意如果要增加成功后的处理,请注意
继承了WebSecurityConfigurerAdapter中添加
filter.setAuthenticationSuccessHandler(successHandler);去设置授权成功后可以进行一些后续处理,比如生成token字符串到前台,或者指定默认的跳转路径
import com.idoipo.ibt.bto.AccountInfo;
import com.idoipo.ibt.bto.UserDetail;
import com.idoipo.ibt.service.UserService;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component; /**
* Created by pingli on 2018-10-06
* sso验证类
*/
@Component
public class ZTSSOAuthenticationProvider implements AuthenticationProvider { private Logger logger= LoggerFactory.getLogger(ZTSSOAuthenticationProvider.class);
@Autowired
private UserService userService; @Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String ZTToken = (authentication.getCredentials()==null)?null:authentication.getCredentials().toString();
if (StringUtils.isEmpty(ZTToken)) {
throw new BadCredentialsException("token不能为空");
}
AccountInfo accountInfo = userService.getUserInfoBySSO(ZTToken);
logger.info("当前sso反回账号信息={}",accountInfo);
UserDetail userDetail = userService.getTokenByPsnId(accountInfo.getAccount());
ZTSSOAuthenticationToken result = new ZTSSOAuthenticationToken(userDetail,userDetail.getJwtToken());
result.setDetails(authentication.getDetails());
return result;
} @Override
public boolean supports(Class<?> authentication) {
logger.info(this.getClass().getName() + "---supports");
return (ZTSSOAuthenticationToken.class.isAssignableFrom(authentication));
} //后续权限控制
// private Set<GrantedAuthority> listUserGrantedAuthorities(Long uid) {
// Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
// if (null == uid) {
// return authorities;
// }
// authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
// return authorities;
// } }
import com.idoipo.ibt.bto.UserDetail;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils; import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List; /**
* Created by Jemmy on 2017-09-08.
*/
@Component
@SuppressWarnings("unused")
public class LoginAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{ private Logger logger= LoggerFactory.getLogger(LoginAuthenticationSuccessHandler.class); @Value("${com.pages.main}")
private String mainUrl; @Value("${com.common.domain}")
private String commonDomain; public LoginAuthenticationSuccessHandler() {
super();
} @Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException { logger.info("登录用户服务成功");
this.setDefaultTargetUrl(mainUrl);
this.setAlwaysUseDefaultTargetUrl(true);
UserDetail userDetail=(UserDetail)authentication.getPrincipal();
// request.setAttribute("TOKEN",userDetail.getJwtToken());
Cookie cookie=new Cookie("IBT-TOKEN",userDetail.getJwtToken());
cookie.setPath("/");
cookie.setHttpOnly(false);
cookie.setDomain(commonDomain);
response.addCookie(cookie);
super.onAuthenticationSuccess(request, response, authentication);
//request.getRequestDispatcher("redirect:/main").forward(request,response); }
}
springcloud +spring security多种验证方式之第三方token生成自己的token通过校验和自己的表单验证大体流程的更多相关文章
- 玩转spring boot——AOP与表单验证
AOP在大多数的情况下的应用场景是:日志和验证.至于AOP的理论知识我就不做赘述.而AOP的通知类型有好几种,今天的例子我只选一个有代表意义的“环绕通知”来演示. 一.AOP入门 修改“pom.xml ...
- jQuery Validation Engine 表单验证
功能强大的 jQuery 表单验证插件,适用于日常的 E-mail.电话号码.网址等验证及 Ajax 验证,除自身拥有丰富的验证规则外,还可以添加自定义的验证规则. 兼容 IE 6+, Chrome, ...
- [php基础]PHP Form表单验证:PHP form validator使用说明
在PHP网站开发建设中,用户注册.留言是必不可少的功能,用户提交的信息数据都是通过Form表单提交,为了保证数据的完整性.安全性,PHP Form表单验证是过滤数据的首要环节,PHP对表单提交数据的验 ...
- 【jquery】Validform,一款不错的 jquery 表单验证插件
关于 Validform 这是一款很不错的 jquery 表单验证插件,它几乎能够满足任何验证需求,仅仅一行代码就能搞定整站的表单验证. $('form').Validform(); 为什么能如此方便 ...
- python运维开发(十九)----Django后台表单验证、session、cookie、model操作
内容目录: Django后台表单验证 CSRF加密传输 session.cookie model数据库操作 Django后台Form表单验证 Django中Form一般有2种功能: 1.用于做用户提交 ...
- Jquery Validate结合QTip实现绚丽的表单验证
相信做过前端开发的童鞋,一定都涉及到表单验证的模块设计,也定都会对Alert的粗暴提示厌恶至极.当然,我也不例外.一直期待着,一种比较优雅提示效果. 看到这,大家可能觉得Jquery Validate ...
- Form表单验证组件
Tyrion是一个基于Python实现的支持多个WEB框架的Form表单验证组件,其完美的支持Tornado.Django.Flask.Bottle Web框架.Tyrion主要有两大重要动能: 表单 ...
- Miniui 表单验证
自定义表单验证: input输入框的表单验证可通过vtype和onvalidation事件两种方式实现 可编辑列表(例如div)的表单验证只能通过vtye来实现表单验证 (1)vtype方式: jsp ...
- Validation Engine 表单验证
前端开发仓库 » jQuery » jQuery Validation Engine 表单验证 jQuery Validation Engine 表单验证来源 功能强大的 jQuery 表单验证插件, ...
随机推荐
- CodeSmith 基本语法(二)
CodeSmith之四 - 典型实例(四) CodeSmith API文档 (三) CodeSmith 基本语法(二) CodeSmith 图形界面基本操作(一) CodeSmith的C#语法与Asp ...
- Asp.net工作流workflow实战之工作流持久化(五)
直接看msdn https://msdn.microsoft.com/zh-cn/library/ee395773(v=vs.100).aspx
- HDU4039(map应用)
The Social Network Time Limit: 3000/2000 MS (Java/Others) Memory Limit: 65768/65768 K (Java/Others)T ...
- Shell脚本把文件从GBK转为UTF-8编码
http://www.jb51.net/article/51308.htm 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 ...
- Python模块之: ConfigParser 配置文件读取
Python模块之: ConfigParser 配置文件读取 ConfigParser用于读写类似INI文件的配置文件,配置文件的内容可组织为组,还支持多个选项值(option-value)类型. ...
- 【render】partial及其局部变量
原文:http://www.cnblogs.com/lwm-1988/archive/2011/09/13/2175041.html 1. partial 1.1 把partial作为view的一部分 ...
- JavaScript基本概念A
简介 如果需要了解这些概念, 您应该熟悉 JS 的基本知识. 弱类型 在也无需绞尽脑汁觉得到底采用 float.double,int 还是 short 或是 long 还是 String.只需这样定义 ...
- paramiko连接方式
链接方法: 方式一: ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh. ...
- java线程面试题及答案
1)2017Java面试题及答案:什么是线程? 线程是操作系统能够进行运算调度的最小单位,它被包含在进程之中,是进程中的实际运作单位.程序员可以通过它进行多处理器编程,你可以使用多线程对运算密集型任务 ...
- 简单cpu web flask mysql
转:http://blog.csdn.net/u010663768/article/details/60632133 python 2.7 cpu入库 #!/usr/bin/python # -*- ...