(Company project record)------spring security login related knowledge

Others 2022-04-22 00:24:26 views: 0

       Looking at the login of the company's project earlier, I feel that even the basic page --> controller does not know what the process is. Later, I learned that the company login uses springSecurity. Today I will roughly record it here.

-------------------------General idea---------------------- -------

"Implement AuthenticationProvider, custom parameter validation

Overall process:
1. When a user logs in, they first go through a custom passcard_filter filter, which inherits AbstractAuthenticationProcessingFilter and binds the processor required for login failure and success (used by jumping pages)
2. Execute the attemptAuthentication method, you can obtain the parameters passed by the login page through the request, implement your own logic, and set the corresponding parameters to the implementation class of AbstractAuthenticationToken
3. After the authentication logic is completed, call this.getAuthenticationManager().authenticate(token); method to execute the supports method of the implementation class of AuthenticationProvider
4. If it returns true, continue to execute the authenticate method
5. In the authenticate method, you can first obtain user information according to the user name, and then you can use custom parameters and user information for logical verification, such as password verification
6. After the custom verification is passed, get the user permission and set it to the User, which is used for springSecurity to do permission verification
7. After this.getAuthenticationManager().authenticate(token) method is executed, Authentication will be returned. If it is not empty, it means that the authentication has passed.
8. After the verification is passed, custom logic operations can be implemented, such as recording cookie information
9. After the execution of the attemptAuthentication method is completed, the corresponding authorization verification is performed by springSecuriy, and whether it is successful will jump to the interface set by the corresponding processor.

---------------------- Specific implementation (according to the above process) -------------------

1.web.xml Inside securtiy.xml


2. A bunch of filter chains are configured in securtiy.xml (no login verification is required, configuration exceptions; all other requests will be intercepted by this filter)


3.JyAuthenticationFilter(AbstractAuthenticationProcessingFilter)

4. The specific authentication and checking permissions are also implemented by us, and return UserDetails.


5. The attemptAuthentication method finally returns an Authentication.


6. Check whether the login succeeds or fails through Authentication, and then call the corresponding handler.



Note: Record the visited url before login verification. After successful login, you can set to jump to the previous visit page in the successful login process.


Reference blog: https://blog.csdn.net/bao19901210/article/details/52574340 (thanks)


Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324695658&siteId=291194637
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com