1.新建配置类:SecurityCoreConfig->SecurityProperties>BrowserProperties:
/**
* 使SecurityProperties及子属性配置类配置生效
* @author zhaohaibin
*/
@Configuration
@EnableConfigurationProperties(SecurityProperties.class)
public class SecurityCoreConfig {
}
/**
* security基础属性配置类
* @author zhaohaibin
*/
@Data
@ConfigurationProperties(prefix = "demo.security")
public class SecurityProperties {
private BrowserProperties browser = new BrowserProperties();
}
/**
* 浏览器属性配置类
* @author zhaohaibin
*/
@Data
public class BrowserProperties {
/**
* 默认登录页
*/
private String loginPage = "/login.html";
}
2.新建跳转控制器:
/**
* 控制页面跳转/信息返回
* @author zhaohaibin
*/
@RestController
@Slf4j
public class BrowserSecurityController {
// 获取请求信息
private RequestCache requestCache = new HttpSessionRequestCache();
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Autowired
private SecurityProperties securityProperties;
@RequestMapping("/authentication/require")
@ResponseStatus(code = HttpStatus.UNAUTHORIZED)
public SimpleResponse requireAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException {
SavedRequest savedRequest = requestCache.getRequest(request, response);
if (null != savedRequest) {
String targetUrl = savedRequest.getRedirectUrl();
log.info("引发跳转的请求是:" + targetUrl);
// 是html请求,跳转
if (StringUtils.endsWithIgnoreCase(targetUrl, ".html")) {
// 跳转到用户自定义配置登录页(demoLogin)
redirectStrategy.sendRedirect(request, response, securityProperties.getBrowser().getLoginPage());
}
}
// 否则返回401未认证
return new SimpleResponse("访问的服务需要身份认证,请引导用户到登录页");
}
}
SimpleResponse:
/**
* 用于简单封装返回信息
*/
@Data
public class SimpleResponse {
public SimpleResponse(Object content) {
this.content = content;
}
private Object content;
}
3.更新WebSecurityConfig跳转代码
@Override
protected void configure(HttpSecurity http) throws Exception {
// 默认/表单登录方式
// http.httpBasic()
http.formLogin()
// 自定义登录页面
.loginPage("/authentication/require")
.loginProcessingUrl("/authentication/form")
.and()
// 对任何请求授权
.authorizeRequests()
// 匹配页面授权所有权限
.antMatchers(
// API
"/swagger-ui.html",
// 默认登录页
"/authentication/require",
// 自定义登录页(demoLogin)
securityProperties.getBrowser().getLoginPage()).permitAll()
// 任何请求
.anyRequest()
// 都需要被认证
.authenticated()
.and()
// 请求伪造防护功能关闭
.csrf().disable();
}
4.新建测试配置登录页面:
5.配置并启动:
# security 默认登录页面配置
demo:
security:
browser:
loginPage: "/demoLogin.html"
问题排查:
暂无