springsecurity两套登陆规则是什么?springsecurity详解

TheDisguiser 2020-08-07 16:52:00 java常见问答 6155

小伙伴们了解springsecurity两套登陆规则吗?它们怎么实现呢?springsecurity中可能会需要用到,下面一起来看看吧。

实例:

<http name="admin" pattern="/admin/**" use-expressions="true"
entry-point-ref="adminAuthProcessingFilterEntryPoint"
access-denied-page="/admin/login">
    
<!-- 检测失效的sessionId,超时时定位到另外一个URL -->
<session-management invalid-session-url="/admin/login" />
<custom-filter ref="adminLoginFilter" position="FORM_LOGIN_FILTER" />
<!-- 增加一个自定义的filter,放在FILTER_SECURITY_INTERCEPTOR之前, 实现用户、角色、权限、资源的数据库管理。 -->
<custom-filter ref="adminCustomFilter" before="FILTER_SECURITY_INTERCEPTOR" />
</http> <
!--用户Token登录控制-- >
<http name="publisher" pattern="/publisher/**" use-expressions="true"
entry-point-ref="tokenAuthProcessingFilterEntryPoint"
access-denied-page="/publisher/login">
<!-- 检测失效的sessionId,超时时定位到另外一个URL -->
<session-management invalid-session-url="/publisher/login" />
<custom-filter ref="tokenLoginFilter" positon="FORM_LOGIN_FILTER" />
<!-- 增加一个自定义的filter,放在FILTER_SECURITY_INTERCEPTOR之前, 实现用户、角色、权限、资源的数据库管理。 -->
<custom-filter ref="tokenCustomFilter" before="FILTER_SECURITY_INTERCEPTOR" />
</http> <
!--<http use-expressions="true" entry-point-ref="authenticationProcessingFilterEntryPoint"> -->
<!-- <form-login login-page="/login" authentication-failure-url="/login?error=true" 
default-target-url="/login" /> -->
<!-- <intercept-url pattern="/admin/**" access="ROLE_USER" /> -->
<!-- "记住我"功能,采用持久化策略(将用户的登录信息存放在数据库表中) -->
<!-- <remember-me data-source-ref="dataSource" /> -->
<!-- 检测失效的sessionId,超时时定位到另外一个URL -->
<!-- <session-management invalid-session-url="/publisher/login" /> -->
<!-- <custom-filter ref="adminLoginFilter" position="FORM_LOGIN_FILTER" 
/> 增加一个自定义的filter,放在FILTER_SECURITY_INTERCEPTOR之前, 实现用户、角色、权限、资源的数据库管理。 <custom-filter 
ref="customFilter" before="FILTER_SECURITY_INTERCEPTOR" /> </http>-- >
<!-- 未登录的切入点 -->
<beans:bean id="adminAuthProcessingFilterEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/admin/login"></beans:property>
</beans:bean> <
beans: bean id = "tokenAuthProcessingFilterEntryPoint"
class = "org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
    <beans:property name="loginFormUrl" value="/publisher/login"></beans:property> <
    /beans:bean> <
    !--登录验证器-- >
    <beans:bean id="adminLoginFilter"
class="com.sportedu.server.security.admin.AdminUsernamePasswordAuthenticationFilter">
<!-- 处理登录 -->
<beans:property name="filterProcessesUrl" value="/j_spring_security_check" />
<beans:property name="authenticationSuccessHandler"
ref="loginAdminAuthenticationSuccessHandler" />
<beans:property name="authenticationFailureHandler"
ref="simpleAdminUrlAuthenticationFailureHandler" />
<beans:property name="authenticationManager" ref="adminauthenticationManager" />
</beans:bean> <
    !--登录成功页面跳转-- >
    <beans:bean id="loginAdminAuthenticationSuccessHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/jsp/admin/common/main.jsp" />
</beans:bean> <
    !--登录失败返回页面-- >
    <beans:bean id="simpleAdminUrlAuthenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/admin/login" />
</beans:bean> <
    beans: bean id = "tokenLoginFilter"
class = "com.sportedu.server.security.token.TokenUsernamePasswordAuthenticationFilter" >
    <!-- 处理登录 -->
<beans:property name="filterProcessesUrl" value="/j_spring_security_check" /> <
    beans: property name = "authenticationSuccessHandler"
ref = "loginPublisherAuthenticationSuccessHandler" / >
    <beans:property name="authenticationFailureHandler"
ref="simplePublisehrUrlAuthenticationFailureHandler" /> <
    beans: property name = "authenticationManager"
ref = "tokenauthenticationManager" / >
    </beans:bean> <
    !--登录成功页面跳转-- >
    <beans:bean id="loginPublisherAuthenticationSuccessHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/jsp/publisher/common/main.jsp" />
</beans:bean> <
    !--登录失败返回页面-- >
    <beans:bean id="simplePublisehrUrlAuthenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/publisher/login" />
</beans:bean> <
    !--一个自定义的filter, 必须包含authenticationManager, accessDecisionManager, securityMetadataSource三个属性。-- >
    <beans:bean id="adminCustomFilter"
class="com.sportedu.server.security.admin.AdminFilterSecurityInterceptor">
<beans:property name="authenticationManager" ref="adminauthenticationManager" />
<beans:property name="accessDecisionManager" ref="adminAccessDecisionManager" />
<beans:property name="securityMetadataSource" ref="adminSecurityMetadataSource" />
</beans:bean> <
    beans: bean id = "tokenCustomFilter"
class = "com.sportedu.server.security.token.TokenFilterSecurityInterceptor" >
    <beans:property name="authenticationManager" ref="tokenauthenticationManager" /> <
    beans: property name = "accessDecisionManager"
ref = "tokenAccessDecisionManager" / >
    <beans:property name="securityMetadataSource" ref="tokenSecurityMetadataSource" /> <
    /beans:bean> <
    !--注意能够为authentication - manager 设置alias别名-- >
    <authentication-manager alias="adminauthenticationManager">
<authentication-provider user-service-ref="adminDetailsService" />
</authentication-manager> <
    authentication - manager alias = "tokenauthenticationManager" >
    <authentication-provider user-service-ref="tokenDetailsService" /> <
    /authentication-manager> <
    !--自定义权限处理-- >
    <beans:bean name="adminDetailsService"
class="com.sportedu.server.security.admin.AdminUserDetailsService" /> <
    beans: bean name = "tokenDetailsService"
class = "com.sportedu.server.security.token.TokenUserDetailsService" / >
    <!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源。 -->
<beans:bean id="adminAccessDecisionManager"
class="com.sportedu.server.security.admin.AdminAccessDecisionManager">
</beans:bean> <
    beans: bean id = "tokenAccessDecisionManager"
class = "com.sportedu.server.security.token.TokenAccessDecisionManager" >
    </beans:bean> <
    !--资源源数据定义, 将所有的资源和权限对应关系建立起来, 即定义某一资源可以被哪些角色去访问。-- >
    <beans:bean id="adminSecurityMetadataSource"
class="com.sportedu.server.security.admin.AdminInvocationSecurityMetadataSourceService">
</beans:bean> <
    beans: bean id = "tokenSecurityMetadataSource"
class = "com.sportedu.server.security.token.TokenInvocationSecurityMetadataSourceService" >
    </beans:bean> <
    /beans:beans>

以上就是本篇文章的所有内容,关于java架构师如果小伙伴们还有想了解的知识可以关注我们了解详情。