devbox
凡人多烦事01
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

Spring Security 自定义记住我功能!_security记住我自定义

作者:凡人多烦事01 | 2024-02-07 22:02:59

security记住我自定义

目录

一、介绍

二、源码分析           

          ​编辑

三、传统web应用

四、前后端分离应用

4.1 自定义认证类 LoginFilter

4.2 ⾃定义 RememberMeService

4.3 配置应用

一、介绍

 本篇文章从方面进行讲解 :

  •   传统web 应用场景
  •   前后端分离应用场景       

二、源码分析           

        AbstractUserDetailsAuthenticationProvider类中authenticate⽅法在最后认证成功之后实现了记住我功能,但是查看源码得知如果开启记住我,必须进⾏相关的设置。

          6d3e8bc5e2f33dde0e73c230b0b92bbd.png

通过对源码的分析得出自定义的实现方式:

  1. 传统web方式
    1. 需要在所添加页面内添加一个 remember-me 的参数 值 为 true on yes 1
    2. 在配置类开启rememberMe 功能
  2. 前后端分离方式
    1. 自定义LoginFilter 继承 UsernamePasswordAuthenticationFilter 重写 attemptAuthentication 修改通 JSON 的方式获取值
    2. 自定义 RememberMeServices 的实现类 ,去重写rememberMeRequestd 方法,来修改成通过其他方式获取remember-me的值。
    3. 将重写后的类配置到 WebSecurityConfigurerAdapter 的继承类中
    4. 注意 rememberService 需要被配置两次 ,一次是在认证成功后使用的 ,一次是自动登录使用的。

三、传统web应用

        通过源码分析得知必须在认证请求中加⼊参数remember-me值为"true,on,yes,1"其中任意⼀个才可以完成记住我功能,这个时候修改认证界⾯:

  1. <!DOCTYPE html>
  2. <html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns="http://www.w3.org/1999/html">
  3. <head>
  4.     <meta charset="UTF-8">
  5.     <title>登录页面</title>
  6. </head>
  7. <body>
  8.     <form action="/doLogin" method="post">
  9.         用户名:<input type="text" name="uName" /></br>
  10.         密码: <input type="password" name="pwdsss">
  11.         是否记住我 : <input type="checkbox" name="remember-me" value="true"/>
  12.         <input type="submit" value="提交">
  13.     </form>
  14. </body>
  15.  
  16. </html>

配置中开启记住我

  1. @Configuration(proxyBeanMethods = false)
  2. public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  3.  
  4.  
  5.     /**
  6.      * 自定义数据源
  7.      * @return
  8.      */
  9.     @Override
  10.     @Bean
  11.     public UserDetailsService userDetailsService(){
  12.         UserDetails userDetails = User.withUsername("zs").password("{noop}123").roles("admin").build();
  13.         InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager();
  14.         inMemoryUserDetailsManager.createUser(userDetails);
  15.         return  inMemoryUserDetailsManager;
  16.     }
  17.  
  18.     /**
  19.      * 定义安全规则
  20.      */
  21.     @Override
  22.     protected void configure(HttpSecurity http) throws Exception {
  23.         http.authorizeRequests()
  24.                 .mvcMatchers("/login.html").permitAll()
  25.                 .anyRequest().authenticated()
  26.                 .and()
  27.                 .rememberMe()// 开启记住我
  28.                 .and()
  29.                 .formLogin()
  30.                 .loginPage("/login.html")
  31.                 .loginProcessingUrl("/doLogin")
  32.                 .failureForwardUrl("/login.html")
  33.                 .usernameParameter("uName")
  34.                 .passwordParameter("pwdsss")
  35.                 .and()
  36.                 .csrf()
  37.                 .disable();
  38.     }
  39. }

四、前后端分离应用

4.1 自定义认证类 LoginFilter

  1. package com.bjpowenrode.filter;
  2.  
  3. import com.fasterxml.jackson.databind.ObjectMapper;
  4. import org.springframework.http.MediaType;
  5. import org.springframework.security.authentication.AuthenticationServiceException;
  6. import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  7. import org.springframework.security.core.Authentication;
  8. import org.springframework.security.core.AuthenticationException;
  9. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
  10. import org.springframework.stereotype.Component;
  11. import org.springframework.util.ObjectUtils;
  12. import org.springframework.util.StringUtils;
  13.  
  14. import javax.servlet.ServletInputStream;
  15. import javax.servlet.http.HttpServletRequest;
  16. import javax.servlet.http.HttpServletResponse;
  17. import java.io.IOException;
  18. import java.util.Map;
  19.  
  20. import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
  21.  
  22. /**
  23.  * @author 千城丶Y
  24.  * @className : LoginFilter
  25.  * @date : 2022/9/3 14:50
  26.  * @Description TODO 自定义前后端登录验证的Filter
  27.  */
  28. public class LoginFilter extends UsernamePasswordAuthenticationFilter {
  29.  
  30.     private  String passwordParameter  =SPRING_SECURITY_FORM_PASSWORD_KEY;
  31.     private  String usernameParameter  =SPRING_SECURITY_FORM_USERNAME_KEY;
  32.     private String rememberMeParameter = SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY ;
  33.  
  34.  
  35.     /**
  36.      * 重写获取用户信息的方法
  37.      */
  38.     @Override
  39.     public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
  40.         if (!request.getMethod().equals("POST")) {
  41.             throw new AuthenticationServiceException(
  42.                     "Authentication method not supported: " + request.getMethod());
  43.         }
  44.  
  45.         try {
  46.             //2.判断是否是 json 格式请求类型
  47.             if (request.getContentType().equalsIgnoreCase(MediaType.APPLICATION_JSON_VALUE)) {
  48.                 // 获取JSON 流数据
  49.                 ServletInputStream inputStream = request.getInputStream();
  50.                 Map<String,String> map = new ObjectMapper().readValue(inputStream, Map.class);
  51.  
  52.                 // 获取用户名
  53.  
  54.                 String userName = map.get( usernameParameter);
  55.                 String pwd = map.get(passwordParameter);
  56.                 String rememberMe = map.get(rememberMeParameter);
  57.  
  58.                 if (StringUtils.isEmpty(userName)){
  59.                     userName = "";
  60.                 }
  61.                 if (StringUtils.isEmpty(pwd)){
  62.                     pwd = "";
  63.                 }
  64.  
  65.                 if (!ObjectUtils.isEmpty(rememberMe)){
  66.                     request.setAttribute(rememberMeParameter,rememberMe);
  67.                 }
  68.  
  69.                 UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
  70.                         userName, pwd);
  71.  
  72.                 // Allow subclasses to set the "details" property
  73.                 setDetails(request, authRequest);
  74.  
  75.                 return this.getAuthenticationManager().authenticate(authRequest);
  76.             }else {
  77.                 throw new AuthenticationServiceException("认证参数格式不正确!");
  78.             }
  79.  
  80.         } catch (IOException e) {
  81.             e.printStackTrace();
  82.             return null;
  83.         }
  84.     }
  85.  
  86.     @Override
  87.     public void setPasswordParameter(String passwordParameter) {
  88.         this.passwordParameter = passwordParameter;
  89.     }
  90.  
  91.     @Override
  92.     public void setUsernameParameter(String usernameParameter) {
  93.         this.usernameParameter = usernameParameter;
  94.     }
  95.  
  96.     public void setRememberMeParameter(String rememberMeParameter) {
  97.         this.rememberMeParameter = rememberMeParameter;
  98.     }
  99. }

4.2 ⾃定义 RememberMeService

  1. package com.bjpowenrode.service;
  2.  
  3. import org.springframework.security.core.userdetails.UserDetailsService;
  4. import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
  5. import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
  6.  
  7. import javax.servlet.http.HttpServletRequest;
  8.  
  9. /**
  10.  * @author 千城丶Y
  11.  * @className : My
  13.  * @date : 2022/9/3 15:20
  14.  * @Description TODO 自定义 RememberMeService
  15.  */
  16. public class MyPersistentTokenBasedRememberMeServices extends PersistentTokenBasedRememberMeServices {
  17.  
  18.     private boolean alwaysRemember;
  19.     public MyPersistentTokenBasedRememberMeServices(String key, UserDetailsService userDetailsService, PersistentTokenRepository tokenRepository) {
  20.         super(key, userDetailsService, tokenRepository);
  21.     }
  22.  
  23.     @Override
  24.     protected boolean rememberMeRequested(HttpServletRequest request, String parameter) {
  25.         if (alwaysRemember) {
  26.             return true;
  27.         }
  28.         // 这里修改为从 请求作用域中获取
  29.         String paramValue = request.getAttribute(parameter).toString();
  30.         if (paramValue != null) {
  31.             if (paramValue.equalsIgnoreCase("true") || paramValue.equalsIgnoreCase("on")
  32.                     || paramValue.equalsIgnoreCase("yes") || paramValue.equals("1")) {
  33.                 return true;
  34.             }
  35.         }
  36.         if (logger.isDebugEnabled()) {
  37.             logger.debug("Did not send remember-me cookie (principal did not set parameter '"
  38.                     + parameter + "')");
  39.         }
  40.  
  41.         return false;
  42.     }
  43.  
  44.     public boolean isAlwaysRemember() {
  45.         return alwaysRemember;
  46.     }
  47.  
  48.     @Override
  49.     public void setAlwaysRemember(boolean alwaysRemember) {
  50.         this.alwaysRemember = alwaysRemember;
  51.     }
  52. }

4.3 配置应用

  1. package com.bjpowenrode.config;
  2.  
  3. import com.bjpowenrode.filter.LoginFilter;
  4. import com.bjpowenrode.service.MyPersistentTokenBasedRememberMeServices;
  5. import com.fasterxml.jackson.databind.ObjectMapper;
  6. import org.springframework.context.annotation.Bean;
  7. import org.springframework.context.annotation.Configuration;
  8. import org.springframework.http.HttpMethod;
  9. import org.springframework.http.HttpStatus;
  10. import org.springframework.http.MediaType;
  11. import org.springframework.security.authentication.AuthenticationManager;
  12. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  13. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  14. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  15. import org.springframework.security.core.userdetails.User;
  16. import org.springframework.security.core.userdetails.UserDetailsService;
  17. import org.springframework.security.provisioning.InMemoryUserDetailsManager;
  18. import org.springframework.security.web.authentication.RememberMeServices;
  19. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
  20. import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
  21. import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
  22. import org.springframework.security.web.util.matcher.OrRequestMatcher;
  23.  
  24. import java.util.HashMap;
  25. import java.util.Map;
  26. import java.util.UUID;
  27.  
  28. /**
  29.  * @author 千城丶Y
  30.  * @className : WebSecurityConfig
  32.  * @date : 2022/9/3 14:47
  33.  * @Description TODO 安全认证类
  34.  */
  35. @Configuration(proxyBeanMethods = true) // 这里如果是 false 则每次使用bean 时都会新建
  36. public class WebSecurityConfig  extends WebSecurityConfigurerAdapter {
  37.  
  38.     /**
  39.      * 自定义数据源
  40.      */
  41.     @Override
  42.     @Bean
  43.     public UserDetailsService userDetailsService(){
  44.         InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager();
  45.         inMemoryUserDetailsManager.createUser(User.withUsername("zs").password("{noop}123").roles("admin").build());
  46.         return inMemoryUserDetailsManager;
  47.     }
  48.  
  49.     @Override
  50.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  51.         auth.userDetailsService(userDetailsService());
  52.     }
  53.  
  54.     /**
  55.      * 暴露本地AuthenticationManagerBuilder
  56.      */
  57.     @Bean
  58.     @Override
  59.     public AuthenticationManager authenticationManagerBean() throws Exception {
  60.         return super.authenticationManagerBean();
  61.     }
  62.  
  63.     /**
  64.      * 导入自定义Filter
  65.      */
  66.     @Bean
  67.     public LoginFilter loginFilter () throws Exception {
  68.         LoginFilter loginFilter = new LoginFilter();
  69.         loginFilter.setUsernameParameter("userName");
  70.         loginFilter.setPasswordParameter("pwd");
  71.         loginFilter.setFilterProcessesUrl("/doLogin");
  72.  
  73.         loginFilter.setAuthenticationManager(authenticationManagerBean());
  74.         loginFilter.setRememberMeServices(rememberMeServices()); // 设置 认证成功时使用自定义rememberMeService 认证成功后 生成cookie 的
  75.         loginFilter.setAuthenticationSuccessHandler(
  76.                 (request,response,authentication)->{
  77.                     Map<String,Object> result = new HashMap<>(3);
  78.                     result.put("msg","登录成功!");
  79.                     result.put("code",200);
  80.                     result.put("authen",authentication);
  81.  
  82.                     ObjectMapper objectMapper = new ObjectMapper();
  83.                     String json = objectMapper.writeValueAsString(result);
  84.                     response.setStatus(HttpStatus.OK.value());
  85.                     response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
  86.                     response.getWriter().println(json);
  87.  
  88.                 }
  89.         );
  90.         loginFilter.setAuthenticationFailureHandler((request,response,authentication)->{
  91.             Map<String,Object> result = new HashMap<>(3);
  92.             result.put("msg","登录失败!");
  93.             result.put("code",500);
  94.             result.put("authen",authentication);
  95.  
  96.             ObjectMapper objectMapper = new ObjectMapper();
  97.             String json = objectMapper.writeValueAsString(result);
  98.             response.setStatus(HttpStatus.NO_CONTENT.value());
  99.             response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
  100.             response.getWriter().println(json);
  101.  
  102.         });
  103.         return loginFilter ;
  104.     }
  105.  
  106.     /**
  107.      * 自定义安全
  108.      */
  109.     @Override
  110.     protected void configure(HttpSecurity http) throws Exception {
  111.         http.authorizeRequests()
  112.                 .mvcMatchers("/doLogin").permitAll()
  113.                 .anyRequest().authenticated()
  114.                 .and()
  115.                 .exceptionHandling()
  116.                 .authenticationEntryPoint((request,response,exception)->{
  117.                     Map<String,Object> result = new HashMap<>(3);
  118.                     result.put("msg","未登录!");
  119.                     result.put("code",401);
  120.                     result.put("error",exception.getMessage());
  121.  
  122.                     ObjectMapper objectMapper = new ObjectMapper();
  123.                     String json = objectMapper.writeValueAsString(result);
  124.                     response.setStatus(HttpStatus.EXPECTATION_FAILED.value());
  125.                     response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
  126.                     response.getWriter().println(json);
  127.                 })
  128.                 .and()
  129.                 .formLogin()
  130.                 .usernameParameter("userName")
  131.                 .passwordParameter("pwd")
  132.                 .loginProcessingUrl("/doLogin")
  133.                 .successHandler((request,response,authentication)->{
  134.                     Map<String,Object> result = new HashMap<>(3);
  135.                     result.put("msg","登录成功!");
  136.                     result.put("code",200);
  137.                     result.put("authen",authentication);
  138.  
  139.                     ObjectMapper objectMapper = new ObjectMapper();
  140.                     String json = objectMapper.writeValueAsString(result);
  141.                     response.setStatus(HttpStatus.OK.value());
  142.                     response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
  143.                     response.getWriter().println(json);
  144.  
  145.                 })
  146.                 .failureHandler((request,response,authentication)->{
  147.                     Map<String,Object> result = new HashMap<>(3);
  148.                     result.put("msg","登录失败!");
  149.                     result.put("code",500);
  150.                     result.put("authen",authentication);
  151.  
  152.                     ObjectMapper objectMapper = new ObjectMapper();
  153.                     String json = objectMapper.writeValueAsString(result);
  154.                     response.setStatus(HttpStatus.NO_CONTENT.value());
  155.                     response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
  156.                     response.getWriter().println(json);
  157.  
  158.                 })
  159.                 .and()
  160.                 .rememberMe()
  161.                 .rememberMeServices(rememberMeServices()) // 设置自动登录时使用rememberService
  162.                 .and()
  163.                 .logout()
  164.                 .logoutRequestMatcher(new OrRequestMatcher(
  165.                         new AntPathRequestMatcher("/logout", HttpMethod.GET.name()),
  166.                         new AntPathRequestMatcher("/logout",HttpMethod.POST.name())
  167.                 ))
  168.                 .logoutSuccessHandler((res,resp,authentication)->{
  169.                     Map<String,Object> rs = new HashMap<>();
  170.                     rs.put("msg","退出登录成功");
  171.                     rs.put("用户信息",authentication);
  172.                     resp.setStatus(HttpStatus.OK.value());
  173.                     String json = new ObjectMapper().writeValueAsString(rs);
  174.  
  175.                     resp.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
  176.  
  177.                     resp.getWriter().println(json);
  178.                 })
  179.                 .and()
  180.                 .csrf()
  181.                 .disable();
  182.  
  183.         // 替换掉这个Filter
  184.         http.addFilterAt(loginFilter(), UsernamePasswordAuthenticationFilter.class);
  185.     }
  186.  
  187.     /**
  188.      * 引入自定义RememberMeService
  189.      */
  190.     @Bean
  191.     public RememberMeServices rememberMeServices(){
  192.         // 这个 如果是用内存的话不能new 需要让他是对象 才可以,不然数据会不一致
  193.         MyPersistentTokenBasedRememberMeServices myPersistentTokenBasedRememberMeServices = new MyPersistentTokenBasedRememberMeServices(UUID.randomUUID().toString(),userDetailsService(),new InMemoryTokenRepositoryImpl());
  194.         return myPersistentTokenBasedRememberMeServices;
  195.     }
  196. }
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/凡人多烦事01/article/detail/67668
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号