不了解 security 的请看 security 的简单使用
https://blog.51cto.com/5013162/2404946
在使用 spring security 登录用户的时候 发现使用 application/josn 后台不能获取到数据
看 UsernamePasswordAuthenticationFilter 源码发现
- // 获取密码
- protected String obtainPassword(HttpServletRequest request) {
- return request.getParameter(passwordParameter);
- }
- // 获取用户名
- protected String obtainUsername(HttpServletRequest request) {
- return request.getParameter(usernameParameter);
- }
是直接从 request 获取的 不是从 requestBody 中获取的
那我们就只需要重写这两个方法从 requestBody 中获取参数
重写 UsernamePasswordAuthenticationFilter 类
- public class UserAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
- private ThreadLocal<Map<String,String>> threadLocal = new ThreadLocal<>();
- @Override
- protected String obtainPassword(HttpServletRequest request) {
- String password = this.getBodyParams(request).get(super.SPRING_SECURITY_FORM_PASSWORD_KEY);
- if(!StringUtils.isEmpty(password)){
- return password;
- }
- return super.obtainPassword(request);
- }
- @Override
- protected String obtainUsername(HttpServletRequest request) {
- String username = this.getBodyParams(request).get(super.SPRING_SECURITY_FORM_USERNAME_KEY);
- if(!StringUtils.isEmpty(username)){
- return username;
- }
- return super.obtainUsername(request);
- }
- /**
- * 获取 body 参数 body 中的参数只能获取一次
- * @param request
- * @return
- */
- private Map<String,String> getBodyParams(HttpServletRequest request){
- Map<String,String> bodyParams = threadLocal.get();
- if(bodyParams==null) {
- ObjectMapper objectMapper = new ObjectMapper();
- try (InputStream is = request.getInputStream()) {
- bodyParams = objectMapper.readValue(is, Map.class);
- } catch (IOException e) {
- }
- if(bodyParams==null) bodyParams = new HashMap<>();
- threadLocal.set(bodyParams);
- }
- return bodyParams;
- }
- }
自定义 SecurityConfig 类
- @Configuration
- public class SecurityConfig extends webSecurityConfigurerAdapter {
- @Autowired
- UserDetailServiceImpl userDetailService;
- @Autowired
- LoginSuccessHandler loginSuccessHandler;
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- // 自定义用户验证和加密方式
- auth.userDetailsService(userDetailService).passwordEncoder(new BCryptPasswordEncoder());
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.formLogin() // 定义当需要用户登录时候, 转到的登录页面.
- // .loginPage("/login.html") // 自定义登录页面
- // .loginProcessingUrl("/login") // 自定义登录接口地址
- // .successHandler(loginSuccessHandler)
- .and()
- // 定义哪些 URL 需要被保护, 哪些不需要被保护
- .authorizeRequests().antMatchers("/login").permitAll() // 不需要保护的 URL
- .anyRequest() // 任何请求, 登录后可以访问
- .authenticated()
- .and()
- .logout().logoutSuccessUrl("/login").permitAll() // 登出
- .and()
- .csrf().disable();
- // 配置自定义过滤器 增加 post JSON 支持
- http.addFilterAt(UserAuthenticationFilterBean(), UsernamePasswordAuthenticationFilter.class);
- }
- private UserAuthenticationFilter UserAuthenticationFilterBean() throws Exception {
- UserAuthenticationFilter userAuthenticationFilter = new UserAuthenticationFilter();
- userAuthenticationFilter.setAuthenticationManager(super.authenticationManager());
- userAuthenticationFilter.setAuthenticationSuccessHandler(loginSuccessHandler);
- return userAuthenticationFilter;
- }
- }
登录成功处理类
- LoginSuccessHandler.class
- @Component
- public class LoginSuccessHandler implements AuthenticationSuccessHandler {
- @Override
- public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
- httpServletResponse.setContentType("application/json;charset=UTF-8");
- httpServletResponse.getWriter().write(authentication.getName());
- }
- }
用户校验处理类
- @Component
- public class UserDetailServiceImpl implements UserDetailsService {
- /**
- * 用户校验
- * @param s
- * @return
- * @throws UsernameNotFoundException
- */
- @Override
- public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
- Collection<GrantedAuthority> collection = new ArrayList<>();// 权限集合
- String password = new BCryptPasswordEncoder().encode("123456");
- User user = new User(s,password,collection);
- return user;
- }
- }
改造完成 支持 post application/JSON 同时也支持 post form-data/x-www-form-urlencoded
都可以获取到传入的参数
来源: http://www.bubuko.com/infodetail-3091149.html