spring security实现传参

最新推荐文章于 2023-05-05 22:27:02 发布
原创 最新推荐文章于 2023-05-05 22:27:02 发布 · 5.2k 阅读 · 5 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#spring security #登陆验证 #传递参数

本文介绍了如何在使用Spring Security 3.1.2进行登录验证时,扩展UsernamePasswordAuthenticationFilter以传递额外参数,如验证码和初始页面URL。通过重写过滤器、失败和成功处理器,以及相关配置,实现了登录后能直接跳转回最初打开的页面,提高了用户体验。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

      本人现在开发的项目中用到了spring security3.1.2来实现登陆验证,但默认的过滤器UsernamePasswordAuthenticationFilter只能传递两个参数j_username和j_password,如果要传递验证码或首次打开的页面URL参数,只能重写UsernamePasswordAuthenticationFilter。

     对于不了解spring security3.1的童鞋,请先阅读本人写的另一篇博客Spring Security权限管理,下面将在这篇博客的基础上,添加一个功能:传递登陆之前的页面URL。公司现在做的项目,如果没有登陆或会话超时,都要求重新登陆,登陆之后会直接跳转到首页,而不是跳转到原来打开的页面,这很恶心。于是本人决心对项目进行改造,使得可以传递最后打开页面的URL,登陆之后直接跳转到这个URL去。

1.重写UsernamePasswordAuthenticationFilter

package com.web.filter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.util.Assert;

/**
 * 验证登陆用户名和密码的拦截器,记录最后登陆页面
 * @author brushli
 * @date 2014-10-30
 */
public class MyUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";
    public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
    public static final String SPRING_SECURITY_FORM_LAST_LOGIN_URL_KEY = "lastLoginUrl";
    public static final String SPRING_SECURITY_SPLIT = ",";

    /**
     * @deprecated If you want to retain the username, cache it in a customized {@code AuthenticationFailureHandler}
     */
    @Deprecated
    public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";

    private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
    private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
    private String lastLoginUrlParameter = SPRING_SECURITY_FORM_LAST_LOGIN_URL_KEY;
    private String split = SPRING_SECURITY_SPLIT;
    private boolean postOnly = true;

    //~ Constructors ===================================================================================================

    public MyUsernamePasswordAuthenticationFilter() {
        super("/j_spring_security_check");
    }

    //~ Methods ========================================================================================================

    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        if (postOnly && !request.getMethod().equals("POST")) {
//            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
        }

        String username = obtainUsername(request);
        String password = obtainPassword(request);
        String lastLoginUrl = obtainLastLoginUrl(request);

        if (username == null) {
            username = "";
        }

        if (password == null) {
            password = "";
        }
        
        if (lastLoginUrl == null) {
        	lastLoginUrl = "";
        }

        username = username.trim();
        username = username + SPRING_SECURITY_SPLIT + lastLoginUrl;

        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);

        // Allow subclasses to set the "details" property
        setDetails(request, authRequest);

        return this.getAuthenticationManager().authenticate(authRequest);
    }

    /**
     * Enables subclasses to override the composition of the password, such as by including additional values
     * and a separator.<p>This might be used for example if a postcode/zipcode was required in addition to the
     * password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The
     * <code>AuthenticationDao</code> will need to generate the expected password in a corresponding manner.</p>
     *
     * @param request so that request attributes can be retrieved
     *
     * @return the password that will be presented in the <code>Authentication</code> request token to the
     *         <code>AuthenticationManager</code>
     */
    protected String obtainPassword(HttpServletRequest request) {
        return request.getParameter(passwordParameter);
    }

    /**
     * Enables subclasses to override the composition of the username, such as by including additional values
     * and a separator.
     *
     * @param request so that request attributes can be retrieved
     *
     * @return the username that will be presented in the <code>Authentication</code> request token to the
     *         <code>AuthenticationManager</code>
     */
    protected String obtainUsername(HttpServletRequest request) {
        return request.getParameter(usernameParameter);
    }
    
    protected String obtainLastLoginUrl(HttpServletRequest request) {
        return request.getParameter(lastLoginUrlParameter);
    }

    /**
     * Provided so that subclasses may configure what is put into the authentication request's details
     * property.
     *
     * @param request that an authentication request is being created for
     * @param authRequest the authentication request object that should have its details set
     */
    protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
    }

    /**
     * Sets the parameter name which will be used to obtain the username from the login request.
     *
     * @param usernameParameter the parameter name. Defaults to "j_username".
     */
    public void setUsernameParameter(String usernameParameter) {
        Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
        this.usernameParameter = usernameParameter;
    }

    /**
     * Sets the parameter name which will be used to obtain the password from the login request..
     *
     * @param passwordParameter the parameter name. Defaults to "j_password".
     */
    public void setPasswordParameter(String passwordParameter) {
        Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
        this.passwordParameter = passwordParameter;
    }

    /**
     * Defines whether only HTTP POST requests will be allowed by this filter.
     * If set to true, and an authentication request is received which is not a POST request, an exception will
     * be raised immediately and authentication will not be attempted. The <tt>unsuccessfulAuthentication()</tt> method
     * will be called as if handling a failed authentication.
     * <p>
     * Defaults to <tt>true</tt> but may be overridden by subclasses.
     */
    public void setPostOnly(boolean postOnly) {
        this.postOnly = postOnly;
    }

    public final String getUsernameParameter() {
        return usernameParameter;
    }

    public final String getPasswordParameter() {
        return passwordParameter;
    }

	public String getLastLoginUrlParameter() {
		return lastLoginUrlParameter;
	}

	public void setLastLoginUrlParameter(String lastLoginUrlParameter) {
		Assert.hasText(lastLoginUrlParameter, "lastLoginUrl Parameter must not be empty or null");
		this.lastLoginUrlParameter = lastLoginUrlParameter;
	}

	public String getSplit() {
		return split;
	}

	/**
	 * The string to separate username and lastLoginUrl 
	 * @param split
	 */
	public void setSplit(String split) {
		this.split = split;
	}
}

2.修改AuthenticationFailHandlerImpl

package com.service.impl;
 
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

public class AuthenticationFailHandlerImpl extends SimpleUrlAuthenticationFailureHandler implements AuthenticationFailureHandler {

	/**
	 * 登录时密码或账号不正确时的操作
	 */
	@Override
	public void onAuthenticationFailure(HttpServletRequest request,
			HttpServletResponse response, AuthenticationException exception)
			throws IOException, ServletException {
		String lastLoginUrl = request.getParameter("lastLoginUrl");
		if(lastLoginUrl == null){
			lastLoginUrl = "";
		}
		
		lastLoginUrl = lastLoginUrl.replace("?", "%3F");
		lastLoginUrl = lastLoginUrl.replace("&", "%26");
		logger.info("lastLoginUrl=" + lastLoginUrl);
		response.sendRedirect(request.getContextPath() + "/login.jsp?result=0&lastLoginUrl="+lastLoginUrl);
		return;
	}

}

3.修改AuthenticationSuccessHandlerImpl

package com.service.impl;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import com.bean.UserLoginDetails;

/**
 * Authentication Handler for redirect the original inputed URL after login system.
 */
public class AuthenticationSuccessHandlerImpl extends SimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

	/**
	 * 登录时通过密码验证后进行的操作
	 */
	@Override
	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
		//查询当前登录用户有权限的功能
		if(!SecurityContextHolder.getContext().getAuthentication().getPrincipal().equals("anonymousUser")){
			UserLoginDetails userDetails = (UserLoginDetails) authentication.getPrincipal();
			HttpSession session = request.getSession();
			session.setAttribute("userDetails", userDetails);
			
			logger.info("lastLoginUrl=" + userDetails.getLastLoginUrl());
			if(userDetails.getLastLoginUrl() != null && !"".equals(userDetails.getLastLoginUrl().trim())){
				response.sendRedirect(userDetails.getLastLoginUrl());
			}else{
				response.sendRedirect(request.getContextPath() + "/myPage/myPage.jsp");
			}
		}
		return;
	}
}

4.修改WebUserDetailsService

package com.service.impl;

import java.util.HashSet;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import com.bean.Role;
import com.bean.User;
import com.bean.UserLoginDetails;
import com.service.UserService;
import com.web.filter.MyUsernamePasswordAuthenticationFilter;

/**
 * 用户登录是准备阶段的业务逻辑
 */
public class WebUserDetailsService implements UserDetailsService {
	protected static final Logger logger = LoggerFactory.getLogger(WebUserDetailsService.class);
	
	private UserService userService;

	public void setUserService(UserService userService) {
		this.userService = userService;
	}

	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		boolean accountNonExpired = true;  
        boolean credentialsNonExpired = true;  
        boolean accountNonLocked = true;
        boolean enabled = true;
        
        String[] usernameLastLoginUrl = username.split(MyUsernamePasswordAuthenticationFilter.SPRING_SECURITY_SPLIT);
		String lastLoginUrl = "";
		if(usernameLastLoginUrl.length == 1){
			username = usernameLastLoginUrl[0];
		}else if(usernameLastLoginUrl.length == 2){
			username = usernameLastLoginUrl[0];
			lastLoginUrl = usernameLastLoginUrl[1];
		}
		
        User user = null;
        try {
			user = userService.getUserByUsername(username);
		} catch (Exception e) {
			e.printStackTrace();
		}
        
        if(user == null){
			throw new UsernameNotFoundException("User account : " + username + " not found!");
		}
        
        //封装该用户具有什么角色
        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>(); 
        if(user.getRoles() != null && !user.getRoles().isEmpty()){
        	for(Role role : user.getRoles()){
        		GrantedAuthority ga = new SimpleGrantedAuthority(role.getName());
        		authorities.add(ga);       
        	}
        }
        
        UserLoginDetails userLoginDetails =  new UserLoginDetails(user.getUsername(), user.getPassword(), authorities, 
        		accountNonExpired, accountNonLocked, credentialsNonExpired, enabled, lastLoginUrl);

        return userLoginDetails;
	}
}

5.修改UserLoginDetails

package com.bean;

import java.util.Collection;
import java.util.Set;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

public class UserLoginDetails implements UserDetails {

	private static final long serialVersionUID = 1L;
	
	private String username;
	private String password;
	private Set<GrantedAuthority> authorities = null;
	private boolean accountNonExpired = false;			//账号未过期
    private boolean accountNonLocked = false;			//账号未锁定
    private boolean credentialsNonExpired = false;		//证书未过期
    private boolean enabled = false;					//是否可用 
    private final String lastLoginUrl;					//最后登陆的页面
    
    public UserLoginDetails(String username, String password, Set<GrantedAuthority> authorities, boolean accountNonExpired, 
    		boolean accountNonLocked, boolean credentialsNonExpired, boolean enabled, String lastLoginUrl){
    	this.username = username;
    	this.password = password;
    	this.authorities = authorities;
    	this.accountNonExpired = accountNonExpired;
    	this.accountNonLocked = accountNonLocked;
    	this.credentialsNonExpired = credentialsNonExpired;
    	this.enabled = enabled;
    	this.lastLoginUrl = lastLoginUrl;
    }
    
	public Collection<? extends GrantedAuthority> getAuthorities() {
		return authorities;
	}
	public String getPassword() {
		return password;
	}
	public String getUsername() {
		return username;
	}
	public boolean isAccountNonExpired() {
		return accountNonExpired;
	}
	public boolean isAccountNonLocked() {
		return accountNonLocked;
	}
	public boolean isCredentialsNonExpired() {
		return credentialsNonExpired;
	}
	public boolean isEnabled() {
		return enabled;
	}

	public String getLastLoginUrl() {
		return lastLoginUrl;
	}
	
}

6.修改配置文件

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xsi:schemaLocation="http://www.springframework.org/schema/security 
			http://www.springframework.org/schema/security/spring-security-3.1.xsd
			http://www.springframework.org/schema/beans 
	   		http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	   		http://www.springframework.org/schema/context 
	   		http://www.springframework.org/schema/context/spring-context-3.0.xsd">
	
	<!-- 访问login.jsp页面不需要权限验证  -->
	<http pattern="/login.jsp" security="none"/>

	<!-- This is where we configure Spring-Security  -->
	<!-- <http auto-config="true" use-expressions="true"> -->
	<http auto-config="false" use-expressions="true" access-denied-page="/deny.jsp" entry-point-ref="authenticationEntryPoint">
		<intercept-url pattern="/admin/**" access="hasRole('admin')"/><!-- 用户只有拥有角色admin才能访问/admin目录下面的资源 -->
		<intercept-url pattern="/myPage/**"	access="hasAnyRole('admin', 'myRole')"/><!-- 用户拥有角色admin,myRole中的任意一个就能访问/myPage目录下面的资源 -->
		
		<!-- <form-login
				login-page="/login.jsp"
				authentication-failure-url="/deny.jsp" 
				default-target-url="/index.jsp" 
				authentication-success-handler-ref="authenticationSuccessHandlerImpl"
				authentication-failure-handler-ref="authenticationFailHandlerImpl"
		/> -->
		
		<!-- 
	    	配置自定义的Filter,并且将其放在FORM_LOGIN_FILTER节点,就会替换掉原来的FORM_LOGIN_FILTER节点  
	    	设置auto-config="false",不然会报已经存在同样的过滤器错误,同时还要删除<form-login>
	   	-->
		<custom-filter ref="loginProcessFilter" position ="FORM_LOGIN_FILTER" />
				
		<logout invalidate-session="true" logout-success-url="/login.jsp" />
				
         <!-- 增加一个自定义的filter,放在FILTER_SECURITY_INTERCEPTOR之前,  实现用户、角色、权限、资源的数据库管理。  -->  
        <custom-filter ref="securityFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
        
	</http>
	
	<beans:bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">  
		<beans:property name="loginFormUrl" value="/login.jsp"></beans:property>  
	</beans:bean>
	
	<beans:bean id="loginProcessFilter" class="com.web.filter.MyUsernamePasswordAuthenticationFilter">
		<beans:property name="authenticationManager" ref="authenticationManagerService"></beans:property>
		<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandlerImpl"></beans:property>
		<beans:property name="authenticationFailureHandler" ref="authenticationFailHandlerImpl"></beans:property>
	</beans:bean>
	
	<beans:bean id="securityFilter" class="com.filter.SecurityInterceptorFilter">  
		<beans:property name="authenticationManager" ref="authenticationManagerService"/>  
		<beans:property name="accessDecisionManager" ref="accessDecisionManagerService"/>  
		<beans:property name="securityMetadataSource" ref="securityMetadataSourceService"/>  
	</beans:bean>
	
	
	<beans:bean id="securityMetadataSourceService" class="com.service.impl.SecurityMetadataSourceService" init-method="loadAllResources">
	    <beans:property name="userService" ref="userService"/>
	</beans:bean>
	
	<!-- Declare an authentication-manager to use a custom userDetailsService -->
	<authentication-manager alias="authenticationManagerService">
		<authentication-provider user-service-ref="webUserDetailsService">	
		    <password-encoder hash="md5" />
		</authentication-provider>
	</authentication-manager>
	
	<beans:bean id="accessDecisionManagerService" class="com.service.impl.AccessDecisionManagerService" /> 
	
</beans:beans>

7.程序运行结果

我们打开首页:http://localhost:8082/springSecurity/index.jsp

程序会自动跳转到登陆页面:http://localhost:8082/springSecurity/login.jsp?lastLoginUrl=/springSecurity/index.jsp

后面会附带首页的URL,输入正确的用户名和密码后,就会自动跳转到首页

7.项目的代码结构

8.项目源代码下载

包括整个项目的源代码和MYSQL建库脚本

http://download.youkuaiyun.com/detail/brushli/7865697

 

SpringSecurity记住我以及参数传递
m0_46388866的博客
02-09 391
SpringSecurity记住我以及参数传递 记住我其实原理非常简单就是通过设置一个cookie就可以了。然后参数传递,就是以防我们的前端页面不同,和name设置与原来的login页面不一样而做的事情。只需要在后面链式编程加上一点东西就能改变。 代码 //没有默认权限就自动跳到登录页面,最后的处理还是要交给login http.formLogin().loginPage("/toLogin").usernameParameter("user").passwordParameter("p
SpringSecurity之自动登录
xkshihaoren的博客
11-29 525
1 散列加密方案 在spring security中加入自动登录功能: @Autowired private MyUserDetailsService userDetailsService; protected void configure(HttpSecurity http){ http...... .formLogin() .and() .rememberMe()...
springSecurity 实现传参
11-04
springSecurity 实现登陆验证传参,包括源代码和MYSQL的建库脚本。 传参的功能可以实现记录登陆之前打开的页面,登陆之后自动跳转到之前打开的页面。
SpringSecurity登录JSON传参
qq_40068304的博客
03-22 1027
1.自定义相关过滤器继承UsernamePasswordAuthenticationFilter,只需要将这个过滤器替换掉即可。 import cn.hutool.json.JSONUtil; import com.fasterxml.jackson.databind.ObjectMapper; import com.gla.common.lang.Result; import com.gla.entity.User; import com.gla.service.UserService; import
Spring Security04--前后端分离--JSON传参
fengxianaa的博客
05-11 831
spring Security
springsecurity应用之支持URL传参登陆
快马扬鞭须努力!
01-06 958
springsecurity应用之支持URL传参登陆 项目中使用了spring security来做登陆的安全控制。按照官方文档弄好了。但是最近项目中又出来一个新需求,另外一个系统的用户, 需要用这样的模式来登录本系统: http://url?username=test&password=test&returnurl=url 在别人的系统中,直接通过这三个参数,到我们的系统来查看某页面...
Spring Security第二篇】身份认证Authentication
m0_46638350的博客
05-05 1847
SecurityContextHolder中包含了SecurityContext对象,SecurityContext中包含了Authentication对象。验证,具体验证流程如下。
Spring Security)实战干货二:标准登录表单,除用户名密码外增添其他字段
希克的博客
08-20 803
在很多的登录场景中,用户名和密码不是仅有的用于登录认证授权的字段,会有各类的情况。比如:学校系统登录时需要加选学生或老师身份,多组织系统登录时需要选择组织(域)等等。这篇文章描述用SS实现这类场景登录。
Spring Security 后端接受多个参数
u011267841的博客
03-10 5663
有时候,我们用到Spring Security验证框架的时候需要用到多个参数,因为默认提供了2个参数username和password,加入我们需要curLoginType这个参数怎么设置 1.重写UsernamePasswordAuthenticationToken这个类,由于这个类已经有spring封装,我们把源代码改一下,重新命名为MyAuthenticationToken,代码如下: ...
SpringSecurity 下 Session 使用
Earth_Programer的博客
04-12 3185
在之前的几章里面,我们分别做了快速入门、自定义表单登录、自定义手机登录。他们有一个共同点,就是目前我们与客户端之间的交互都依赖于 Session。那么本章我们就带大家来了解一下 SpringSecurity 下 Session 的使用与设置。 Session 是什么? Session 中文意思为会议,在计算机中,尤其在网络应用中称为会话控制。 Session直接翻译成中文比较困难,一般都译成时域...
spring-security简单使用与集成redis共享session(一)
王坤的博客
07-07 2032
一、搭建springboot项目 二、编写基础代码 1.Auth权限实体类 public class Auth implements Serializable { private static final long serialVersionUID = 1L; /** * 大模块code,例如咨询类功能 */ private String resourceCode; /** * 细化功能,例如查询咨询列表 */ p
Spring Security 使用JSON格式参数登录的两种方式
BASK2311的博客
11-21 811
通过前面几篇文章的分析,我们已经知道了登录参数的提取在过滤器中提取的,因此我们只需要模仿过滤器重写一个过滤器,替代原有的过滤器即可。的源代码如下:接下来就是将我们自定义的 LoginFilter 过滤器代替默认的。当我们替换了之后,原本在 SecurityConfig#configure 方法中关于 form 表单的配置就会失效,那些失效的属性,都可以在配置 LoginFilter 实例的时候配置;还需要记得配置,否则启动时会报错。
微服务项目SpringSecurity使用Redis共享session问题
eggplantttttt的博客
04-27 567
因为SpringSecurity登录成功后的session信息存在SecurityContextHolder里,所以登录成功后访问首页向另一个模块发送请求时读不到登录信息,导致被弹回登录也界面。
SpringSecurity自定义登录表单传参
赵士杰——成功并非一蹴而就,而是在持之以恒的努力中逐渐实现。
12-19 657
相信有不少同学再刚接触 SpringSeccurity ,进行自定义登录页面时,当输入正确的用户名密码后但是提交一直提交不到登录逻辑的现象,那么有可能就是你的前台登录表单中设置的参数值名不对。 下面是一个非常简单的登录表单。我已经将两个参数值的 name 设置为 username和 password。
spring中如何实现参数隐式传递_Spring Security OAuth2 Demo —— 隐式授权模式(Implicit)...
weixin_39893042的博客
12-24 423
本文可以转载,但请注明出处https://www.cnblogs.com/hellxz/p/oauth2_impilit_pattern.html写在前面在文章OAuth 2.0 概念及授权流程梳理 中我们谈到OAuth 2.0的概念与流程,上一篇文章Spring Security OAuth2 Demo —— 授权码模式简单演示了OAuth2的授权码模式流程,本文继续整理隐式授权模式相关内容写文...
SpringSecurity认证授权内部方法调用值传递及扩展
qq_35884229的博客
03-24 216
java url 授权,Spring Security OAuth2 - 向授权URL添加参数
weixin_32287801的博客
03-13 851
我需要在OAuth2授权网址中添加参数 . 我不确定应该如何将它添加到AuthorizationCodeResourceDetails bean?问题是我想通过登录或从客户端站点注册来启动用户旅程 . 客户端将发送OAuth请求,在授权服务器上,我将显示注册表单或登录表单,以便用户继续其旅程 .默认流只有以下参数/ oauth / authorize?client_id = []&redirect...
关于使SpringSecurity登录参数使用requestBody后引发的一系列问题及解决
c_z_z的博客
06-12 1297
使用SpringSecurity前后端分离,使登录参数支持RequestBody后,单点登录功能失效,最终通过调试源码找到解决办法
spring security相关知识点总结
热门推荐
意田天的博客
11-02 1万+
springSecurity手动登录 springSecurity 每种认证方式都要写一大推类 1.要写Token封装认证信息 2.要写UserDetailsService的实现获取用户信息 3.要写provider调用UserDetailsService并且告诉AuthenticationManager他能认证哪种token 4.要写filter去拦截用户请求,获取用户提交的表单数据,交给AuthenticationManager选择一个provider去认证 5.把filter与provide
掌握Spring Security传参技术实现登陆验证与页面跳转
### Spring Security 实现传参知识点 #### 概述 Spring Security 是一个功能强大且可高度定制的身份验证和访问控制框架,广泛应用于企业级Java Web应用的安全领域。实现登录验证传参功能是Spring Security核心...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值