springsecurity6配置自定義路徑身份認(rèn)證的實現(xiàn)
Spring Security 6 作為最新版本,引入了許多新特性和改進(jìn),例如對 Spring Framework 6 的支持、新的默認(rèn)密碼編碼器、更簡潔的配置方式等。
springsecurity6配置自定義路徑身份認(rèn)證 .anyRequest().authenticated()替換成
.anyRequest().access(new CustomAuthorizationManager(myService))
CustomAuthorizationManager
package com.example.springscuritydemo.config; import com.example.springscuritydemo.service.MyService; import jakarta.servlet.http.HttpServletRequest; import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.Authentication; import org.springframework.security.web.access.intercept.RequestAuthorizationContext; import java.util.function.Supplier; public class CustomAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> { private final MyService myService; public CustomAuthorizationManager(MyService myService) { this.myService = myService; } @Override public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext context) { HttpServletRequest request = context.getRequest(); Authentication auth = authentication.get(); if (auth == null) { return new AuthorizationDecision(false); } return new AuthorizationDecision(myService.hasPermission(request, auth)); } }
MyService
package com.example.springscuritydemo.service; import jakarta.servlet.http.HttpServletRequest; import org.springframework.security.core.Authentication; public interface MyService { boolean hasPermission(HttpServletRequest request, Authentication authentication); }
MyServiceImpl
package com.example.springscuritydemo.service.impl; import com.example.springscuritydemo.service.MyService; import jakarta.servlet.http.HttpServletRequest; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Service; import java.util.Collection; @Service public class MyserviceImpl implements MyService { @Override public boolean hasPermission(HttpServletRequest request, Authentication authentication) { Object obj = authentication.getPrincipal(); if (obj instanceof UserDetails) { UserDetails userDetails = (UserDetails) obj; Collection<? extends GrantedAuthority> authorities = userDetails.getAuthorities(); boolean contains = authorities.contains(new SimpleGrantedAuthority(request.getRequestURI())); return contains; } return false; } }
package com.example.springscuritydemo.config; import com.example.springscuritydemo.handle.MyAccessDeniedHandler; import com.example.springscuritydemo.handle.MyAuthenticationSuccessHandler; import com.example.springscuritydemo.service.MyService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.expression.WebExpressionAuthorizationManager; @EnableWebSecurity @Configuration public class SecurityConfig{ @Autowired private MyAccessDeniedHandler myAccessDeniedHandler; // @Autowired // private MyAuthenticationFailureHandler myAuthenticationFailureHandler; private final MyService myService; public SecurityConfig(MyService myService) { this.myService = myService; } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http .formLogin(formLogin -> formLogin.loginPage("/login.html") .loginProcessingUrl("/login") //.successForwardUrl("/toMain") .successHandler(new MyAuthenticationSuccessHandler("/main.html")) .failureUrl("/toError") //.failureHandler(new MyAuthenticationFailureHandler("/error.html")) ) .authorizeHttpRequests(auth -> auth.requestMatchers("/toError","/login.html","/error.html").permitAll() //需要認(rèn)證才能訪問,是security的認(rèn)證。不是jwt的認(rèn)證登錄后訪問 .requestMatchers("/js/**","/css/**","/img/**").permitAll() .requestMatchers("main1.html") .access(new WebExpressionAuthorizationManager("isAuthenticated() and hasIpAddress('192.168.10.6')")) //其他路徑需要身份認(rèn)證 // .anyRequest().authenticated() .anyRequest().access(new CustomAuthorizationManager(myService)) ) .csrf(httpSecurityCsrfConfigurer -> httpSecurityCsrfConfigurer.disable()) // 構(gòu)建并返回安全過濾鏈 .build(); } }
到此這篇關(guān)于springsecurity6配置自定義路徑身份認(rèn)證的實現(xiàn)的文章就介紹到這了,更多相關(guān)springsecurity6自定義路徑身份認(rèn)證內(nèi)容請搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家!
相關(guān)文章
java+socket實現(xiàn)簡易局域網(wǎng)聊天室
這篇文章主要為大家詳細(xì)介紹了java+socket實現(xiàn)簡易局域網(wǎng)聊天室,文中示例代碼介紹的非常詳細(xì),具有一定的參考價值,感興趣的小伙伴們可以參考一下2022-05-05淺談spring和spring MVC的區(qū)別與關(guān)系
下面小編就為大家?guī)硪黄獪\談spring和spring MVC的區(qū)別與關(guān)系。小編覺得挺不錯的,現(xiàn)在就分享給大家,也給大家做個參考。一起跟隨小編過來看看吧2017-04-04idea創(chuàng)建springboot項目(版本只能選擇17和21)的解決方法
idea2023創(chuàng)建spring boot項目時,java版本無法選擇11,本文主要介紹了idea創(chuàng)建springboot項目(版本只能選擇17和21),下面就來介紹一下解決方法,感興趣的可以了解一下2024-01-01Java中File、Base64、MultipartFile之間相互轉(zhuǎn)換的代碼詳解
File、Base64和MultipartFile都是在編程中常用的類或者數(shù)據(jù)類型,用于處理文件和數(shù)據(jù)的存儲、傳輸和轉(zhuǎn)換等操作,本文將給大家介紹了Java中File、Base64、MultipartFile之間相互轉(zhuǎn)換,文中有詳細(xì)的代碼示例供大家參考,需要的朋友可以參考下2024-04-04