在SpringSecurity中定義一個匿名訪問權限,實現未登錄用戶可以訪問默寫頁面
1 <http use-expressions="false" entry-point-ref="casProcessingFilterEntryPoint"> 2 <intercept-url pattern="/cart/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 3 <intercept-url pattern="/**" access="ROLE_USER"/> 4 <custom-filter position="CAS_FILTER" ref="casAuthenticationFilter" /> 5 <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/> 6 <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/> 7 </http>
就是在第2行添加的內容。此處的意思是所有的/cart/**目錄下的都可以訪問,並且用戶名統一為annonymousUser
結合SpringSecurity的匿名用戶未登錄訪問和登錄訪問的判斷
下方代碼目的是用來獲取當前用戶的訪問用戶名
1、如果已登錄返回用戶的登錄id
2、未登錄為當前用戶創建一個UUID存入Cookie中並返回該Cookie的UUID
/** * 准備方法獲取cookie中的uuid,如果cookie中沒有uuid生成uuid並保存到cookie中 */ public String getUuid(){ String uuid = CookieUtil.getCookieValue(request, "uuid","utf-8"); //從cookie中獲取的uuid為null或者有具體的值 if(uuid == null || uuid.equals("")){ uuid = UUID.randomUUID().toString(); //XXXX-XXXX-XXXXXXXXX //將生成的uuid存入cookie中 CookieUtil.setCookie(request, response, "uuid", uuid,48*60*60, "utf-8"); } return uuid; } public String getUserID{ String userId = SecurityContextHolder.getContext().getAuthentication().getName(); //從springSecurity獲取當前用戶 //判斷是否登錄,如果未登錄,返回UUID,如果已登錄返回用戶登錄名 if("anonymousUser".equals(userId)){ userId = getUuid(); //cookie中獲取uuid作為唯一key值 } return userId; }