接到一個需求,要做一個免登錄頁面,登錄的時候要傳遞一個參數過來
當時的第一反應就是攔截器,但以前沒弄過這個,如果搜索查詢還是花了我不少時間,現在這個問題已經解決,對於這個問題,值得記錄一下
/**
* login界面
*
* @param uc
* @param model
* @return
*/
@RequestMapping(value = "/login", method = { RequestMethod.GET, RequestMethod.POST })
public String login(@AuthenticationPrincipal final CurrentUser<User> uc, final Model model) {
log.info("login---------------------------");
return "login";
}
首先 這就是登陸路徑,@AuthenticationPrincipal這個會自動攔截post的login請求,實現自動校驗登錄,所以要在登錄之前,寫個攔截
在 SecurityConfiguration 配置頁中, configure 這個方法會配置一些登錄的東西
protected void configure(final HttpSecurity http) throws Exception {
http.csrf().disable();
//配置自定義過濾器在security的UsernamePasswordAuthenticationFilter過濾器之前 ------------------------------ 這個就是我說的要加的地方 加了這個就可以執行代碼了 -------------------------------
http.addFilterBefore(new MyFilter("/login", "/login?error"), UsernamePasswordAuthenticationFilter.class);
http.headers().frameOptions().sameOrigin();// 設置同域名下iframe可用
http.sessionManagement().enableSessionUrlRewriting(true);
http.authorizeRequests().antMatchers("/******/**", LOGIN_URL).permitAll().antMatchers("/****/**")
.hasRole("ADMIN").anyRequest().authenticated().and().exceptionHandling()
.accessDeniedPage(ERROR_405_URL);
http.formLogin().loginPage(LOGIN_URL).authenticationDetailsSource(authenticationDetailsSource)
.defaultSuccessUrl("/main", true).failureUrl(LOGIN_URL + "?error")
// .failureHandler(new UserLoginFailureHandler())
.successHandler(new UserLoginSuccessHandler()).permitAll();
http.logout().logoutRequestMatcher(new AntPathRequestMatcher(LOGOUT_URL)).logoutSuccessUrl(LOGIN_URL)
.addLogoutHandler(new UserLogoutHandler());
}
}
------------------------------------------------------------------------------------------------------------------------------------------ 然后加入過濾類
package com.ttrdtydrh.filter;
import java.io.IOException;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.util.matcher.RequestMatcher;
/**
* 此類用來攔截 賬號是rsh登入來的賬號
* @author 1234567
*
*/
public class MyFilter extends AbstractAuthenticationProcessingFilter {
//攔截的url
private String processUrl;
protected MyFilter(RequestMatcher requiresAuthenticationRequestMatcher) {
super(requiresAuthenticationRequestMatcher);
// TODO Auto-generated constructor stub
}
public MyFilter(String defaultFilterProcessesUrl,String failureUrl) {
super(defaultFilterProcessesUrl);
this.processUrl=defaultFilterProcessesUrl;
setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(failureUrl));
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException, ServletException {
// TODO Auto-generated method stub
return null;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res=(HttpServletResponse)response;
if(processUrl.equals(req.getServletPath()) && "POST".equalsIgnoreCase(req.getMethod())){
//獲取參數
String query = req.getParameter("aush");//username=query
if(query.equals("query")){
String parameter = req.getParameter("sssss");
System.out.println("----------- "+parameter+" --------------");
HttpSession session = req.getSession(); // 記錄
session.setAttribute("dsfsdf", parameter);
session.setAttribute("fafafa", parameter);
}
}
chain.doFilter(request, response);
}
}