展开
拓展 关闭
订阅号推广码
GitHub
视频
公告栏 关闭

权限认证(一):手机短信验证

  • 认证成功和认证失败的处理(初始化)
@Component("customAuthenticationSuccessHandler")
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
MengxueguResult result = MengxueguResult.ok("认证成功");
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(result.toJsonString());
}
}
@Component("customAuthenticationFailureHandler")
public class CustomAuthenticationFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
MengxueguResult result = MengxueguResult.build(HttpStatus.UNAUTHORIZED.value(), exception.getMessage());
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(result.toJsonString());
}
}
  • 图形验证码
@Component("customAuthenticationSuccessHandler")
public class CustomAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
SecurityProperties securityProperties;
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
if(LoginResponseType.JSON.equals(
securityProperties.getAuthentication().getLoginType())) {
// 认证成功后,响应JSON字符串
MengxueguResult result = MengxueguResult.ok("认证成功");
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(result.toJsonString());
}else {
//重定向到上次请求的地址上,引发跳转到认证页面的地址
logger.info("authentication: " + JSON.toJSONString(authentication));
super.onAuthenticationSuccess(request, response, authentication);
}
}
}
@Component("customAuthenticationFailureHandler")
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Autowired
SecurityProperties securityProperties;
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
if(LoginResponseType.JSON.equals(securityProperties.getAuthentication().getLoginType())) {
// 认证失败响应JSON字符串,
MengxueguResult result = MengxueguResult.build(HttpStatus.UNAUTHORIZED.value(), exception.getMessage());
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(result.toJsonString());
}else {
// 重写向回认证页面,注意加上 ?error
super.setDefaultFailureUrl(securityProperties.getAuthentication().getLoginPage()+"?error");
super.onAuthenticationFailure(request, response, exception);
}
}
}
  • 6-13 手机短信认证失败的处理
@Component("customAuthenticationFailureHandler")
//public class CustomAuthenticationFailureHandler implements AuthenticationFailureHandler {
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Autowired
SecurityProperties securityProperties;
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
if(LoginResponseType.JSON.equals(securityProperties.getAuthentication().getLoginType())) {
// 认证失败响应JSON字符串,
MengxueguResult result = MengxueguResult.build(HttpStatus.UNAUTHORIZED.value(), exception.getMessage());
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(result.toJsonString());
}else {
// 重写向回认证页面,注意加上 ?error
// super.setDefaultFailureUrl(securityProperties.getAuthentication().getLoginPage()+"?error");
// 获取上一次请求路径
String referer = request.getHeader("Referer");
logger.info("referer:" + referer);
String lastUrl = StringUtils.substringBefore(referer,"?");
logger.info("上一次请求的路径 :" + lastUrl);
super.setDefaultFailureUrl(lastUrl+"?error");
super.onAuthenticationFailure(request, response, exception);
}
}
}
  • 6-14 手机短信认证记住我功能
# 向MobileAuthenticationFilter注入RememberMeServices实例
smsCodeAuthenticationFilter.setRememberMeServices( http.getSharedObject(RememberMeServices.class));
# 前端添加
<input name="remember-me" type="checkbox" id="remember">记住我
# 在MobileUserDetailsService中返回的User对象中的username属性不应该设置手机号mobile,而应该设置这个手机号所对应的那个用户名
return new User("meng", "", true, true, true, true, AuthorityUtils.commaSeparatedStringToAuthorityList("ADMIN"));
  • 6-15 获取用户认证信息
import org.springframework.security.core.Authentication;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import java.util.Map;
@Controller
public class MainController {
@RequestMapping({"/index", "/", ""})
public String index(Map<String, Object> map) {
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if(principal != null && principal instanceof UserDetails) {
UserDetails userDetails = (UserDetails)principal;
String username = userDetails.getUsername();
map.put("username", username);
}
return "index";// resources/templates/index.html
}
@RequestMapping("/user/info")
@ResponseBody
public Object userInfo(Authentication authentication) {
return authentication.getPrincipal();
}
@RequestMapping("/user/info2")
@ResponseBody
public Object userInfo2(@AuthenticationPrincipal UserDetails userDetails) {
return userDetails;
}
}
  • 6-16 实现路径可配置
# yml中配置
mengxuegu:
security:
authentication:
imageCodeUrl: /code/image # 获取图形验证码地址
mobileCodeUrl: /code/mobile # 发送手机验证码地址
mobilePage: /mobile/page # 前往手机登录页面
tokenValiditySeconds: 604800 # 记住我功能有效时长
# 默认配置
@Data
public class AuthenticationProperties {
private String loginPage = "/login/page";
private String loginProcessingUrl = "/login/form";
private String usernameParameter = "name";
private String passwordParameter = "pwd";
private String[] staticPaths = {"/dist/**", "/modules/**", "/plugins/**"};
private LoginResponseType loginType = LoginResponseType.REDIRECT;
private String imageCodeUrl = "/code/image";
private String mobileCodeUrl = "/code/mobile";
private String mobilePage = "/mobile/page";
private Integer tokenValiditySeconds = 60*60*24*7;
}
# 在SpringSecurityConfig配置类中使用
posted @   DogLeftover  阅读(40)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构
· 提示词工程——AI应用必不可少的技术
· 字符编码:从基础到乱码解决
· 地球OL攻略 —— 某应届生求职总结
点击右上角即可分享
微信分享提示