当前位置: 代码网 > it编程>编程语言>Java > springsecurity6配置自定义路径身份认证的实现

springsecurity6配置自定义路径身份认证的实现

2025年03月14日 Java 我要评论
spring security 6 作为最新版本,引入了许多新特性和改进,例如对 spring framework 6 的支持、新的默认密码编码器、更简洁的配置方式等。springsecurity6配

spring security 6 作为最新版本,引入了许多新特性和改进,例如对 spring framework 6 的支持、新的默认密码编码器、更简洁的配置方式等。

springsecurity6配置自定义路径身份认证 .anyrequest().authenticated()替换成
.anyrequest().access(new customauthorizationmanager(myservice))

customauthorizationmanager

package com.example.springscuritydemo.config;

import com.example.springscuritydemo.service.myservice;
import jakarta.servlet.http.httpservletrequest;
import org.springframework.security.authorization.authorizationdecision;
import org.springframework.security.authorization.authorizationmanager;
import org.springframework.security.core.authentication;
import org.springframework.security.web.access.intercept.requestauthorizationcontext;

import java.util.function.supplier;

public class customauthorizationmanager implements authorizationmanager<requestauthorizationcontext> {

    private final myservice myservice;

    public customauthorizationmanager(myservice myservice) {
        this.myservice = myservice;
    }

    @override
    public authorizationdecision check(supplier<authentication> authentication, requestauthorizationcontext context) {
        httpservletrequest request = context.getrequest();
        authentication auth = authentication.get();
        if (auth == null) {
            return new authorizationdecision(false);
        }
        return new authorizationdecision(myservice.haspermission(request, auth));
    }
}

myservice

package com.example.springscuritydemo.service;

import jakarta.servlet.http.httpservletrequest;
import org.springframework.security.core.authentication;

public interface myservice {
    boolean haspermission(httpservletrequest request, authentication authentication);
}

myserviceimpl

package com.example.springscuritydemo.service.impl;

import com.example.springscuritydemo.service.myservice;
import jakarta.servlet.http.httpservletrequest;
import org.springframework.security.core.authentication;
import org.springframework.security.core.grantedauthority;
import org.springframework.security.core.authority.simplegrantedauthority;
import org.springframework.security.core.userdetails.userdetails;
import org.springframework.stereotype.service;

import java.util.collection;
@service
public class myserviceimpl implements myservice {
    @override
    public boolean haspermission(httpservletrequest request, authentication authentication) {
        object obj = authentication.getprincipal();
        if (obj instanceof userdetails) {
            userdetails userdetails = (userdetails) obj;
            collection<? extends grantedauthority> authorities = userdetails.getauthorities();
            boolean contains = authorities.contains(new simplegrantedauthority(request.getrequesturi()));
            return contains;
        }
        return false;
    }
}


package com.example.springscuritydemo.config;

import com.example.springscuritydemo.handle.myaccessdeniedhandler;
import com.example.springscuritydemo.handle.myauthenticationsuccesshandler;
import com.example.springscuritydemo.service.myservice;
import org.springframework.beans.factory.annotation.autowired;
import org.springframework.context.annotation.bean;
import org.springframework.context.annotation.configuration;
import org.springframework.security.config.annotation.web.builders.httpsecurity;
import org.springframework.security.config.annotation.web.configuration.enablewebsecurity;
import org.springframework.security.crypto.bcrypt.bcryptpasswordencoder;
import org.springframework.security.crypto.password.passwordencoder;
import org.springframework.security.web.securityfilterchain;
import org.springframework.security.web.access.expression.webexpressionauthorizationmanager;

@enablewebsecurity
@configuration
public class securityconfig{
    @autowired
    private myaccessdeniedhandler myaccessdeniedhandler;
//    @autowired
//    private myauthenticationfailurehandler myauthenticationfailurehandler;
    private final myservice myservice;

    public securityconfig(myservice myservice) {
        this.myservice = myservice;
    }
    @bean
    public passwordencoder passwordencoder() {
        return new bcryptpasswordencoder();
    }
    @bean
    securityfilterchain securityfilterchain(httpsecurity http) throws exception {

        return  http
                .formlogin(formlogin -> formlogin.loginpage("/login.html")

                        .loginprocessingurl("/login")
                        //.successforwardurl("/tomain")
                        .successhandler(new myauthenticationsuccesshandler("/main.html"))
                         .failureurl("/toerror")
                        //.failurehandler(new myauthenticationfailurehandler("/error.html"))

                )
                .authorizehttprequests(auth -> auth.requestmatchers("/toerror","/login.html","/error.html").permitall()
                                //需要认证才能访问,是security的认证。不是jwt的认证登录后访问
                                
                        .requestmatchers("/js/**","/css/**","/img/**").permitall()

                        .requestmatchers("main1.html")
                        .access(new webexpressionauthorizationmanager("isauthenticated() and hasipaddress('192.168.10.6')"))

                        //其他路径需要身份认证
//                        .anyrequest().authenticated()
                                .anyrequest().access(new customauthorizationmanager(myservice))
                )
                .csrf(httpsecuritycsrfconfigurer -> httpsecuritycsrfconfigurer.disable())
                // 构建并返回安全过滤链
                .build();
    }

}

到此这篇关于springsecurity6配置自定义路径身份认证的实现的文章就介绍到这了,更多相关springsecurity6自定义路径身份认证内容请搜索代码网以前的文章或继续浏览下面的相关文章希望大家以后多多支持代码网! 

(0)

相关文章:

版权声明:本文内容由互联网用户贡献,该文观点仅代表作者本人。本站仅提供信息存储服务,不拥有所有权,不承担相关法律责任。 如发现本站有涉嫌抄袭侵权/违法违规的内容, 请发送邮件至 2386932994@qq.com 举报,一经查实将立刻删除。

发表评论

验证码:
最近更新的文章
推荐阅读
大家感兴趣的文章
Copyright © 2017-2025  代码网 保留所有权利. 粤ICP备2024248653号
站长QQ:2386932994 | 联系邮箱:2386932994@qq.com