目录
- CustomAuthorizationManager
- MyServiceImpl
Spring Security 6 作为最新版本,引入了许多新特性和改进,例如对 Spring Framework 6 的支持、新的默认密码编码器、更简洁的配置方式等。
springsecurity6配置自定义路径身份认证 .anyRequest().authenticated()替换成
.anyRequest().Access(new CustomAuthorizationManager(myService))CustomAuthorizationManager
package com.example.springscuritydemo.config; import com.example.springscuritydemo.service.MyService; import jakarta.servlet.http.HttpServletRequest; import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.Authentication; import org.springframework.security.web.access.intercept.RequestAuthorizationContext; import Java.util.function.Supplier; public class CustomAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> { private final MyService myService; public CustomAuthorizationManager(MyService myService) { this.myService = myService; } @Override public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext context) { HttpServletRequest request = context.getRequest(); Authentication auth = authentication.get(); if (auth == null) { return new AuthorizationDecision(false); } return new AuthorizationDecision(myService.hASPermission(request, auth)); } }
MyService
package com.example.springscuritydemo.service; import jakarta.servlet.http.HttpServletRequest; import org.springframework.security.core.Authentication; public interface MyService { boolean hasPermission(HttpServletRequest request, Authentication authentication); }
MyServiceImpl
package com.example.springscuritydemo.service.impl; import com.example.springscuritydemo.service.MyService; import jakarta.servlet.http.HttpServletRequest; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Service; import java.util.Collection; @Service public class MyserviceImpl implements MyService { @Override public boolean hasPermission(HttpServletRequest request, Authentication authentication) { Object obj = authentication.getPrincipal(); if (obj instanceof UserDetails) { UserDetails userDetails = (UserDetails) obj; Collection<? extends androidGrantedAuthority> authorities = userDetails.getAuthorities(); boolean contains = authorities.contains(new SimpleGrantedAuthority(request.getRequestURI())); return contains; } return false; } }
package LLPThIcom.example.springscuritydemo.config; import com.example.springscuritydemo.handle.MyAccessDeniedHandler; import com.example.springscuritydemo.handle.MyAuthenticationSuccessHandler; import com.example.springscuritydemo.service.MyService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.expression.WebExpressionAuthorizationManager; @EnableWebSecurity @Configuration public class SecurityConfig{ @Autowired private MyAccesjavascriptsDeniedHandler myAccessDeniedHandler; // @Autowired // private MyAuthenticationFailureHandler myAuthenticationFailureHandler; private final MyService myService; public SecurityConfig(MyService myService) { this.myService = myService; } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http .formLogin(formLogin -> formLogin.loginPage("/login.html") .loginProcessingUrl("/login") //.successForwardUrl("/toMain") .successHandler(new MyAuthenticationSuccessHandler("/main.html")) .failureUrl("/toError") //.failureHandler(new MyAuthenticationFailureHandler("/error.html")) php ) .authorizeHttpRequests(auth -> auth.requestMatchers("/toError","/login.html","/error.html").permitAll() //需要认证才能访问,是security的认证。不是jwt的认证登录后访问 .requestMatchers("/js/**","/css/**","/img/**").perwww.devze.commitAll() .requestMatchers("main1.html") .access(new WebExpressionAuthorizationManager("isAuthenticated() and hasIpAddress('192.168.10.6')")) //其他路径需要身份认证 // .anyRequest().authenticated() .anyRequest().access(new CustomAuthorizationManager(myService)) ) .csrf(httpSecurityCsrfConfigurer -> httpSecurityCsrfConfigurer.disable()) // 构建并返回安全过滤链 .build(); } }
到此这篇关于springsecurity6配置自定义路径身份认证的实现的文章就介绍到这了,更多相关springsecurity6自定义路径身份认证内容请搜索编程客栈(www.devze.com)以前的文章或继续浏览下面的相关文章希望大家以后多多支持编程客栈(www.devze.com)!
精彩评论