接到一个需求, 要做一个免登录页面, 登录的时候要传递一个参数过来
当时的第一反应就是拦截器, 但以前没弄过这个, 如果搜索查询还是花了我不少时间, 现在这个问题已经解决, 对于这个问题, 值得记录一下
- /**
- * login 界面
- *
- * @param uc
- * @param model
- * @return
- */
- @RequestMapping(value = "/login", method = {
- RequestMethod.GET, RequestMethod.POST
- })
- public String login(@AuthenticationPrincipal final CurrentUser<User> uc, final Model model) {
- log.info("login---------------------------");
- return "login";
- }
首先 这就是登陆路径,@AuthenticationPrincipal 这个会自动拦截 post 的 login 请求, 实现自动校验登录, 所以要在登录之前, 写个拦截
在 SecurityConfiguration 配置页中, configure 这个方法会配置一些登录的东西
- protected void configure(final HttpSecurity http) throws Exception {
- http.csrf().disable();
- // 配置自定义过滤器在 security 的 UsernamePasswordAuthenticationFilter 过滤器之前 ------------------------------ 这个就是我说的要加的地方 加了这个就可以执行代码了 -------------------------------
- http.addFilterBefore(new MyFilter("/login", "/login?error"), UsernamePasswordAuthenticationFilter.class);
- http.headers().frameOptions().sameOrigin();// 设置同域名下 iframe 可用
- http.sessionManagement().enableSessionUrlRewriting(true);
- http.authorizeRequests().antMatchers("/******/**", LOGIN_URL).permitAll().antMatchers("/****/**")
- .hasRole("ADMIN").anyRequest().authenticated().and().exceptionHandling()
- .accessDeniedPage(ERROR_405_URL);
- http.formLogin().loginPage(LOGIN_URL).authenticationDetailsSource(authenticationDetailsSource)
- .defaultSuccessUrl("/main", true).failureUrl(LOGIN_URL + "?error")
- // .failureHandler(new UserLoginFailureHandler())
- .successHandler(new UserLoginSuccessHandler()).permitAll();
- http.logout().logoutRequestMatcher(new AntPathRequestMatcher(LOGOUT_URL)).logoutSuccessUrl(LOGIN_URL)
- .addLogoutHandler(new UserLogoutHandler());
- }
- }
------------------------------------------------------------------------------------------------------------------------------------------ 然后加入过滤类
- package com.ttrdtydrh.filter;
- import java.io.IOException;
- import java.util.Enumeration;
- import java.util.List;
- import javax.servlet.FilterChain;
- import javax.servlet.ServletException;
- import javax.servlet.ServletRequest;
- import javax.servlet.ServletResponse;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.core.AuthenticationException;
- import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
- import org.springframework.security.Web.authentication.SimpleUrlAuthenticationFailureHandler;
- import org.springframework.security.Web.util.matcher.RequestMatcher;
- /**
- * 此类用来拦截 账号是 rsh 登入来的账号
- * @author 1234567
- *
- */
- public class MyFilter extends AbstractAuthenticationProcessingFilter {
- // 拦截的 url
- private String processUrl;
- protected MyFilter(RequestMatcher requiresAuthenticationRequestMatcher) {
- super(requiresAuthenticationRequestMatcher);
- // TODO Auto-generated constructor stub
- }
- public MyFilter(String defaultFilterProcessesUrl,String failureUrl) {
- super(defaultFilterProcessesUrl);
- this.processUrl=defaultFilterProcessesUrl;
- setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(failureUrl));
- }
- @Override
- public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
- throws AuthenticationException, IOException, ServletException {
- // TODO Auto-generated method stub
- return null;
- }
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- HttpServletRequest req = (HttpServletRequest) request;
- HttpServletResponse res=(HttpServletResponse)response;
- if(processUrl.equals(req.getServletPath()) && "POST".equalsIgnoreCase(req.getMethod())){
- // 获取参数
- String query = req.getParameter("aush");//username=query
- if(query.equals("query")){
- String parameter = req.getParameter("sssss");
- System.out.println("-----------"+parameter+"--------------");
- HttpSession session = req.getSession(); // 记录
- session.setAttribute("dsfsdf", parameter);
- session.setAttribute("fafafa", parameter);
- }
- }
- chain.doFilter(request, response);
- }
- }
来源: http://www.bubuko.com/infodetail-3334273.html