我有一个使用Spring Security的SpringBoot应用程序,但我想在身份验证方面进行自定义,但不是授权。我已经成功登录,但我不知道在哪里放置我的注销操作。 以下是我的一些代码: 1. 控制器:
@RequestMapping(value={"/login"}, method=RequestMethod.GET)
public ModelAndView login(){
return new ModelAndView("pages/login");
}
WebSecurityConfig
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private @Autowired CustomAuthenticationProvider authenticationManager; @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest() .authenticated() .and() .formLogin() .usernameParameter("username") .passwordParameter("password") .failureUrl("/login?error") .defaultSuccessUrl("/") .loginPage("/login") .permitAll() .and() .logout() .logoutRequestMatcher( new AntPathRequestMatcher("/login?logout") ).logoutSuccessUrl("/login").permitAll() .and() .csrf().disable(); } @Autowired @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider( authenticationManager ); } @Bean protected AuthenticationProvider getServicesAuthenticationProvider() { //stackoverflow.com/questions/22453550/custom-authentication-provider-not-being-called/22457561#22457561 return new CustomAuthenticationProvider(); } @Override public void configure(WebSecurity web) throws Exception { web.ignoring() .antMatchers("/**/*.css") .antMatchers("/**/*.js") .antMatchers("/**/*.jpg") .antMatchers("/**/*.png") .antMatchers("/**/*.gif") .antMatchers("/resources/**"); } public PasswordEncoder passwordEncoder(){ PasswordEncoder encoder = NoOpPasswordEncoder.getInstance(); return encoder; } }
CustomAuthenticationProvider
@Component public class CustomAuthenticationProvider implements AuthenticationProvider{ private static Logger logger = Logger.getLogger(CustomAuthenticationProvider.class); private @Autowired UAMSLogin uamsLogin; private Map<String, Boolean> userLoggedIn = new HashMap<String, Boolean>(); @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getPrincipal() + ""; String password = authentication.getCredentials() + ""; logger.info("authenticating...."); if(username.equals("")|| username==null || password.equals("")|| password==null){ logger.fatal("username or password cannot be empty!"); return null; } else if(userLoggedIn.containsKey(username)){ UsernamePasswordAuthenticationToken a = new UsernamePasswordAuthenticationToken(username, password); return a; } try { if (uamsLogin.loginUams(username, password)) { logger.info("authentication success"); UamsSession sessionInfo = uamsLogin.getUams(); logger.info("authentication success"); String role = "USER"; userLoggedIn.put(username, true); UsernamePasswordAuthenticationToken a = new UsernamePasswordAuthenticationToken(username, password); return a; } } catch (Exception e) { // TODO Auto-generated catch block logger.info("authentication failed"); e.printStackTrace(); throw new BadCredentialsException("1000"); } return null; } @Override public boolean supports(Class<?> authentication) { return authentication.equals(UsernamePasswordAuthenticationToken.class); } }
UAMSLogin:
@Component public class UAMSLogin implements Serializable { private static Logger logger = Logger.getLogger(UAMSLogin.class); private static final long serialVersionUID = 1L; private static boolean isConnected = false; private UamsSession session; @Value("${UAMS.SEC_SRV_CONN}") private String UAMS_SERVER_CONNECTION; @Value("${UAMS.CSM_SERVER_URL}") private String UAMS_CSM_SERVER_URL; @Value("${amdocs.ticketapplicationid}") private String amdocs_ticketapplicationid; @Value("${amdocs.ticketparam}") private String amdocs_ticketparam; public UAMSLogin(){ } // Login with UAMS public boolean loginUams(String username, String password) throws Exception { logger.info("loginUams with " + username + "/" + password); session = this.createSession(); logger.info("create session success: "+session.toString()); String ticket=null; logger.info("UamsSystem version: "+UamsSystem.getVersionString()); try { session.ensureSession(username, password); ticket = session.getTicket(); if (ticket != null && ticket !="") { logger.info("login success : " + session.getTicket()); isConnected = true; return true; } else { logger.info("login failed: ticket is NULL"); return false; } } catch (Exception e) { logger.info("login failed: ", e); return false; } } protected UamsSession createSession() throws Exception { UamsSession session = new UamsSession(ReadConfig.readInputStream()); logger.info("UAMS_SERVER_CONNECTION: "+UAMS_SERVER_CONNECTION); logger.info("UAMS_CSM_SERVER_URL: "+UAMS_CSM_SERVER_URL); logger.info("amdocs_ticketapplicationid: "+amdocs_ticketapplicationid); logger.info("amdocs_ticketparam: "+amdocs_ticketparam); session.setSecurityUrl(UAMS_SERVER_CONNECTION); session.setProviderUrl(UAMS_CSM_SERVER_URL); session.setApplicationId(amdocs_ticketapplicationid); session.setParam(amdocs_ticketparam); return session; } public static boolean isConnected() { return isConnected; } public UamsSession getUams(){ return session; } }
从我使用的UAMS中,可以看出我正在验证这个用户是否有效。我仍然不知道如何记住每个会话,因此你可以看到有脏代码HashMap containsKey
。更重要的是,如果我调用session.logout(username);
,我应该在哪里调用??
UAMS是我们公司使用的一个jar包。
如果您认为这个问题不清楚,我很抱歉,请问一下。 非常感谢您的任何帮助。
UAMSLogin
类中进行一些自定义注销吗?如何实现? - Shofwan