springsecurity6配置自定义路径身份认证的实现
更新时间:2025年03月14日 11:40:21 作者:qq_43746935
本文主要介绍了springsecurity6配置自定义路径身份认证的实现,通过使用自定义的AuthorizationManager和MyService,可以实现更灵活的访问控制,感兴趣的可以了解一下
Spring Security 6 作为最新版本,引入了许多新特性和改进,例如对 Spring Framework 6 的支持、新的默认密码编码器、更简洁的配置方式等。
springsecurity6配置自定义路径身份认证 .anyRequest().authenticated()替换成
.anyRequest().access(new CustomAuthorizationManager(myService))
CustomAuthorizationManager
package com.example.springscuritydemo.config;
import com.example.springscuritydemo.service.MyService;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import java.util.function.Supplier;
public class CustomAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> {
private final MyService myService;
public CustomAuthorizationManager(MyService myService) {
this.myService = myService;
}
@Override
public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext context) {
HttpServletRequest request = context.getRequest();
Authentication auth = authentication.get();
if (auth == null) {
return new AuthorizationDecision(false);
}
return new AuthorizationDecision(myService.hasPermission(request, auth));
}
}
MyService
package com.example.springscuritydemo.service;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.security.core.Authentication;
public interface MyService {
boolean hasPermission(HttpServletRequest request, Authentication authentication);
}
MyServiceImpl
package com.example.springscuritydemo.service.impl;
import com.example.springscuritydemo.service.MyService;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import java.util.Collection;
@Service
public class MyserviceImpl implements MyService {
@Override
public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
Object obj = authentication.getPrincipal();
if (obj instanceof UserDetails) {
UserDetails userDetails = (UserDetails) obj;
Collection<? extends GrantedAuthority> authorities = userDetails.getAuthorities();
boolean contains = authorities.contains(new SimpleGrantedAuthority(request.getRequestURI()));
return contains;
}
return false;
}
}
package com.example.springscuritydemo.config;
import com.example.springscuritydemo.handle.MyAccessDeniedHandler;
import com.example.springscuritydemo.handle.MyAuthenticationSuccessHandler;
import com.example.springscuritydemo.service.MyService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.expression.WebExpressionAuthorizationManager;
@EnableWebSecurity
@Configuration
public class SecurityConfig{
@Autowired
private MyAccessDeniedHandler myAccessDeniedHandler;
// @Autowired
// private MyAuthenticationFailureHandler myAuthenticationFailureHandler;
private final MyService myService;
public SecurityConfig(MyService myService) {
this.myService = myService;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.formLogin(formLogin -> formLogin.loginPage("/login.html")
.loginProcessingUrl("/login")
//.successForwardUrl("/toMain")
.successHandler(new MyAuthenticationSuccessHandler("/main.html"))
.failureUrl("/toError")
//.failureHandler(new MyAuthenticationFailureHandler("/error.html"))
)
.authorizeHttpRequests(auth -> auth.requestMatchers("/toError","/login.html","/error.html").permitAll()
//需要认证才能访问,是security的认证。不是jwt的认证登录后访问
.requestMatchers("/js/**","/css/**","/img/**").permitAll()
.requestMatchers("main1.html")
.access(new WebExpressionAuthorizationManager("isAuthenticated() and hasIpAddress('192.168.10.6')"))
//其他路径需要身份认证
// .anyRequest().authenticated()
.anyRequest().access(new CustomAuthorizationManager(myService))
)
.csrf(httpSecurityCsrfConfigurer -> httpSecurityCsrfConfigurer.disable())
// 构建并返回安全过滤链
.build();
}
}到此这篇关于springsecurity6配置自定义路径身份认证的实现的文章就介绍到这了,更多相关springsecurity6自定义路径身份认证内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!
相关文章
这篇文章主要为大家详细介绍了springMVC实现文件上传和下载的方法,文中示例代码介绍的非常详细,具有一定的参考价值,感兴趣的小伙伴们可以参考一下2022-05-05
这篇文章主要为大家详细介绍了java+socket实现简易局域网聊天室,文中示例代码介绍的非常详细,具有一定的参考价值,感兴趣的小伙伴们可以参考一下2022-05-05
下面小编就为大家带来一篇浅谈spring和spring MVC的区别与关系。小编觉得挺不错的,现在就分享给大家,也给大家做个参考。一起跟随小编过来看看吧2017-04-04
在本篇内容里小编给大家整理的是一篇关于Java压缩文件夹最实用简单的方法以及相关实例,有需要的朋友们可以跟着学习下。2022-11-11
idea创建springboot项目(版本只能选择17和21)的解决方法
idea2023创建spring boot项目时,java版本无法选择11,本文主要介绍了idea创建springboot项目(版本只能选择17和21),下面就来介绍一下解决方法,感兴趣的可以了解一下2024-01-01
这篇文章主要介绍了springboot多模块中的共用配置文件详解,具有很好的参考价值,希望对大家有所帮助。如有错误或未考虑完全的地方,望不吝赐教2021-12-12
在本篇文章里小编给大家整理的是关于Java类的初始化顺序知识点总结,需要的朋友们可以学习下。2020-02-02
Java中File、Base64、MultipartFile之间相互转换的代码详解
File、Base64和MultipartFile都是在编程中常用的类或者数据类型,用于处理文件和数据的存储、传输和转换等操作,本文将给大家介绍了Java中File、Base64、MultipartFile之间相互转换,文中有详细的代码示例供大家参考,需要的朋友可以参考下2024-04-04
这篇文章主要介绍了java抠图片文字或签名的运行原理,本文分步骤通过实例代码给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友可以参考下2022-06-06
生产上发布 Spring Boot 项目时,流程颇为繁琐且低效,但凡代码有一丁点改动,就得把整个项目重新打包部署,耗时费力不说,生成的 JAR 包还特别臃肿,体积庞大,本文给大家介绍了SpringBoot多种生产打包方式,需要的朋友可以参考下2025-01-01
最新评论