SpringSecurity使用json登錄

主要是重寫attemptAuthentication方法

導入依賴

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>

相關配置和代碼

1. application.properties配置密碼

   spring.security.user.name=admin
   spring.security.user.password=123
   

2. 創建自定義身份過濾類

3. 寫json登錄之前先看一下源碼，了解一下它是如何表單登錄的

   1. 在idea連按下shift鍵，搜索UsernamePasswordAuthenticationFilter類

      

   2. 進入后再按Ctrl+F12可以查看該類的所有方法

   

   3. 進入方法

   

   4. 我們只需要在request.getParameter（）那里重寫一下不就可以實現json登陸

   重寫attemptAuthentication(HttpServletRequestrequest,HttpServletResponseresponse)方法

   只需要復制父類的方法，多加一個判斷json的方法。就能同時支持key-value形式可json形式的參數了

   

public class MyAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        if(!request.getMethod().equals("POST")){
            throw new AuthenticationServiceException("Authentication method not supported" + request.getMethod());
        }
        //說明是以json的形式傳遞參數
        if (request.getContentType().equals(MediaType.APPLICATION_JSON_VALUE)) {
            String username = null;
            String password = null;
            //將傳入的json數據轉換成map再通過get("key")獲得
            try {
                Map<String,String> map =new ObjectMapper().readValue(request.getInputStream(),
                        Map.class);
                username = map.get("username");
                password = map.get("password");
            } catch (IOException e) {
                e.printStackTrace();
            }

            if (username == null) {

            }
            if (password == null) {

            }
            username = username.trim();
            UsernamePasswordAuthenticationToken authRequest =
                    new UsernamePasswordAuthenticationToken(username, password);
            setDetails(request, authRequest);

            return this.getAuthenticationManager().authenticate(authRequest);
        }

        return super.attemptAuthentication(request, response);
    }
}

創建SecurityConfig配置類

注：自定義的過濾類和security原來那個表單登陸過濾設置是分開的

體現在filter.setFilterProcessesUrl（）和loginProcessingUrl

因此表單登陸和json登陸的，successHandler判斷也要分開寫，

一會下面有效果圖也可以印證這一點

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginProcessingUrl("/doLogin")
                .permitAll()
                .and()
                .csrf().disable();
        //將自定義的過濾器加進來，第二參數表示加到usernamePasswordAuthenticationFilter所在的位置
        http.addFilterAt(myAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    }

    @Bean
    MyAuthenticationFilter myAuthenticationFilter() throws Exception{
        MyAuthenticationFilter filter = new MyAuthenticationFilter();
        filter.setAuthenticationManager(authenticationManagerBean());
        return filter;

    }
}

創建Controller

@RestController
public class HelloController {
    @GetMapping("/hello")
    public String hello(){
        return "hello security";
    }
}