springboot+security integration (2)

springboot+security integration (2)

Description springboot version 2.0.3
source code address: click to jump

series

Immediately after the previous article, security helped us complete the login verification in the previous article. If we want to add a verification code to log in or other custom verification, there is no way, so this article explains how to implement this function .

##1. Implement a custom login verification class

Inherit the UsernamePasswordAuthenticationFilter class to extend login verification, the code is as follows:

public class MyUsernamePasswordAuthentication extends UsernamePasswordAuthenticationFilter{

	private Logger log = LoggerFactory.getLogger(this.getClass());

	@Override
	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
			throws AuthenticationException {
		//AuthenticationException 
		log.info(" ");
       //
		return super.attemptAuthentication(request, response);
	}

	@Override
	public void setAuthenticationManager(AuthenticationManager authenticationManager) {
		//TODO Auto-generated method stub
		super.setAuthenticationManager(authenticationManager);
	}
}
 

## . Configure custom login to security After
writing a custom login filter, the configure Bean is modified as follows:

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
		.csrf()//
		.disable()//
       //
		.authorizeRequests()//
			.antMatchers("/public/**").permitAll()//
           .antMatchers("/user/**").permitAll()
           .antMatchers("/login").permitAll()//
			.antMatchers(HttpMethod.GET, "/user").hasAuthority("getAllUser")//
			.antMatchers(HttpMethod.GET, "/user").hasAnyAuthority("1","2")//
			//hasRole(),hasAnyRole()
			.anyRequest().authenticated()
		.and()
       //
		.exceptionHandling()
            .authenticationEntryPoint(myAuthenticationEntryPoint)//
			.accessDeniedHandler(myAccessDeniedHandler)//
		.and()
       //
        .addFilterBefore(myUsernamePasswordAuthentication(),UsernamePasswordAuthenticationFilter.class)
        .rememberMe()//
            .rememberMeServices(rememberMeServices())
            .key("INTERNAL_SECRET_KEY")
//       usernamepasswordauthenticationFilter formLogin() 
//       .and()
//		.formLogin()
//			.loginPage("/public/unlogin")//, authenticationentrypoint 
//			.loginProcessingUrl("/public/login")//api
//           .successForwardUrl("/success")
//           .failureForwardUrl("/failed")
//           .usernameParameter("id")
//           .passwordParameter("password")
//			.failureHandler(myAuthFailedHandle)//
//			.successHandler(myAuthSuccessHandle)//
//           .usernameParameter("id")
		.and()
		.logout()//
			.logoutUrl("/public/logout")
            .logoutSuccessUrl("public/logoutSuccess")
			.logoutSuccessHandler(myLogoutSuccessHandle);
	}
 

Then write Bean, the code is as follows:

@Bean
public MyUsernamePasswordAuthentication myUsernamePasswordAuthentication(){
    MyUsernamePasswordAuthentication myUsernamePasswordAuthentication = new MyUsernamePasswordAuthentication();
    myUsernamePasswordAuthentication.setAuthenticationFailureHandler(myAuthFailedHandle);//
    myUsernamePasswordAuthentication.setAuthenticationSuccessHandler(myAuthSuccessHandle);//
    myUsernamePasswordAuthentication.setFilterProcessesUrl("/public/login");
    myUsernamePasswordAuthentication.setRememberMeServices(rememberMeServices());//
    myUsernamePasswordAuthentication.setUsernameParameter("id");
    myUsernamePasswordAuthentication.setPasswordParameter("password");
    return myUsernamePasswordAuthentication;
}
 

carry out.

This article was originally published at: www.tapme.top/blog/detail...