Bowen series
JavaWeb-SpringSecurity custom landing page portal
demand
The request, determine whether the request ends with html, html is redirected to a landing page is the end, not the end in html on the need for authentication
First we modify a custom landing page access path / require in SecurityConfig.java the configure () method, open SpringSecurity identity / require authentication request
protected void the configure (HttpSecurity HTTP) throws Exception { // form validation (authentication) http.formLogin () // custom landing page .loginPage ( "/ The require" ) // If the URL is loginPage, it comes with SpringSecurity filter to process the request .loginProcessingUrl ( "/ LoginPage" ) .and() // request authorization .authorizeRequests () // when accessing our URL, we do not need to provinces certification, can immediately access .antMatchers ( "/ login.html", "/ The require" ) .permitAll () // all requests have been intercepted, jump to (/ login request) .anyRequest () // all we need authentication .authenticated () // SpringSecurity protection mechanisms .and () csrf () disable ( )..; }
Creating a user-initiated request SecurityController.java in the controller layer
@RequestMapping("/require") public String require() { // whether the request is determined before ending in html // If it is redirected to the login page // If not, we let him authentication return null; }
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
package com.Gary.GaryRESTful.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; // Web application security adapter @Configuration public class SecurityConfig the extends WebSecurityConfigurerAdapter { // tell what SpringSecurity password encrypted @Bean public PasswordEncoder PasswordEncoder () { return new BCryptPasswordEncoder(); } protected void the configure (HttpSecurity HTTP) throws Exception { // form validation (authentication) http.formLogin () // custom landing page .loginPage ( "/ The require" ) // If the URL is loginPage, it comes with SpringSecurity filter to process the request .loginProcessingUrl ( "/ LoginPage" ) .and() // request authorization .authorizeRequests () // when accessing our URL, we do not need to provinces certification, can immediately access .antMatchers ( "/ login.html", "/ The require" ) .permitAll () // all requests have been intercepted, jump to (/ login request) .anyRequest () // all we need authentication .authenticated () // SpringSecurity protection mechanisms .and () csrf () disable ( )..; } }
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
package com.Gary.GaryRESTful.controller; import org.springframework.web.bind.annotation.RequestMapping; public class SecurityController { @RequestMapping("require") public String require() { // whether the request is determined before ending in html // If it is redirected to the login page // If not, we let him authentication return null; } }
Demand complete coding phase SecurityController.java
// get before forwarding the request to jump to Private RequestCache requestCache = new new HttpSessionRequestCache (); private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); @RequestMapping("/require") //返回的状态码(401) @ResponseStatus(code=HttpStatus.UNAUTHORIZED) public String require(HttpServletRequest request , HttpServletResponse response) throws IOException { // get previous request SavedRequest savedRequest = requestCache.getRequest (Request, Response); IF (! SavedRequest = null ) { // Our request is initiated before the jump url String url = savedRequest.getRedirectUrl (); // request before a determination on whether to end html IF (StringUtils.endsWithIgnoreCase (url, ".html" )) { // If it is redirected to the login page redirectStrategy.sendRedirect (Request, the Response, "/login.html" ); } } // If not, we let him authentication return new new String ( "requires authentication" ); }
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
package com.Gary.GaryRESTful.controller; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.http.HttpStatus; import org.springframework.security.web.DefaultRedirectStrategy; import org.springframework.security.web.RedirectStrategy; import org.springframework.security.web.savedrequest.HttpSessionRequestCache; import org.springframework.security.web.savedrequest.RequestCache; import org.springframework.security.web.savedrequest.SavedRequest; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseStatus; public class SecurityController { // get before forwarding the request to jump to Private RequestCache requestCache = new new HttpSessionRequestCache (); private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); @RequestMapping("require") //返回的状态码(401) @ResponseStatus(code=HttpStatus.UNAUTHORIZED) public String require(HttpServletRequest request , HttpServletResponse response) throws IOException { // get previous request SavedRequest savedRequest = requestCache.getRequest (Request, Response); IF (! SavedRequest = null ) { // Our request is initiated before the jump url String url = savedRequest.getRedirectUrl (); // request before a determination on whether to end html IF (StringUtils.endsWithIgnoreCase (url, ".html" )) { // If it is redirected to the login page redirectStrategy.sendRedirect (Request, the Response, "/login.html" ); } } // If not, we let him authentication return new new String ( "requires authentication" ); } }
Testing phase
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Insert title here</title> </head> <body> < H1 > Gary landing page </ h1 > < form Action = "/ the LoginPage" Method, = "POST" > username: <input type="text" name="username"> <br> password: <input type="password" name="password"> <br> <input type="submit"> </form> </body> </html>
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
package com.Gary.GaryRESTful.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; // Web application security adapter @Configuration public class SecurityConfig the extends WebSecurityConfigurerAdapter { // tell what SpringSecurity password encrypted @Bean public PasswordEncoder PasswordEncoder () { return new BCryptPasswordEncoder(); } protected void the configure (HttpSecurity HTTP) throws Exception { // form validation (authentication) http.formLogin () // custom landing page .loginPage ( "/ The require" ) // If the URL is loginPage, it comes with SpringSecurity filter to process the request .loginProcessingUrl ( "/ LoginPage" ) .and() // request authorization .authorizeRequests () // when accessing our URL, we do not need to provinces certification, can immediately access .antMatchers ( "/ login.html", "/ The require" ) .permitAll () // all requests have been intercepted, jump to (/ login request) .anyRequest () // all we need authentication .authenticated () // SpringSecurity protection mechanisms .and () csrf () disable ( )..; } }
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
package com.Gary.GaryRESTful.controller; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.http.HttpStatus; import org.springframework.security.web.DefaultRedirectStrategy; import org.springframework.security.web.RedirectStrategy; import org.springframework.security.web.savedrequest.HttpSessionRequestCache; import org.springframework.security.web.savedrequest.RequestCache; import org.springframework.security.web.savedrequest.SavedRequest; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseStatus; public class SecurityController { // get before forwarding the request to jump to Private RequestCache requestCache = new new HttpSessionRequestCache (); // can be used for redirected Private RedirectStrategy redirectStrategy = new new DefaultRedirectStrategy (); @RequestMapping("/require") //返回的状态码(401) @ResponseStatus(code=HttpStatus.UNAUTHORIZED) public String require(HttpServletRequest request , HttpServletResponse response) throws IOException { // get previous request SavedRequest savedRequest = requestCache.getRequest (Request, Response); IF (! SavedRequest = null ) { // Our request is initiated before the jump url String url = savedRequest.getRedirectUrl (); // request before a determination on whether to end html IF (StringUtils.endsWithIgnoreCase (url, ".html" )) { // If it is redirected to the login page redirectStrategy.sendRedirect (Request, the Response, "/login.html" ); } } // If not, we let him authentication return new new String ( "requires authentication" ); } }