-1
我想在我的java代碼中編寫一些腳本,我需要登錄用戶,做一些像真實用戶可以從web客戶端和每個人登出的東西。如何在Spring Security中的Java代碼中登錄用戶?
這是如何在春季安全工作? 我該怎麼辦? 我的意思是如何模仿真實的用戶認證,會話,角色和權限?
非常感謝!
A
回答
1
過一段時間後,我發現的解決方案:
@Component
public class AuthorityUtils {
//org.springframework.security.authentication.AuthenticationManager
@Autowired
private AuthenticationManager authenticationManager;
public void loginDirectly(String email, String password) {
UsernamePasswordAuthenticationToken loginToken = new UsernamePasswordAuthenticationToken(email, password);
Authentication authenticatedUser = authenticationManager.authenticate(loginToken);
SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
}
}
0
請試試這個例子:
創建Spring Security Java Configuration。
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("customUserDetailsService")
UserDetailsService userDetailsService;
@Autowired
PersistentTokenRepository tokenRepository;
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
auth.authenticationProvider(authenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/list")
.access("hasRole('USER') or hasRole('ADMIN') or hasRole('DBA')")
.antMatchers("/newuser/**", "/delete-user-*").access("hasRole('ADMIN')").antMatchers("/edit-user-*")
.access("hasRole('ADMIN') or hasRole('DBA')").and().formLogin().loginPage("/login")
.loginProcessingUrl("/login").usernameParameter("ssoId").passwordParameter("password").and()
.rememberMe().rememberMeParameter("remember-me").tokenRepository(tokenRepository)
.tokenValiditySeconds(86400).and().csrf().and().exceptionHandling().accessDeniedPage("/Access_Denied");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Bean
public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices() {
PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
"remember-me", userDetailsService, tokenRepository);
return tokenBasedservice;
}
@Bean
public AuthenticationTrustResolver getAuthenticationTrustResolver() {
return new AuthenticationTrustResolverImpl();
}
}
的Spring Security帶有兩個執行PersistentTokenRepository的:JdbcTokenRepositoryImpl和InMemoryTokenRepositoryImpl最好。
@Repository("tokenRepositoryDao")
@Transactional
public class HibernateTokenRepositoryImpl extends AbstractDao<String, PersistentLogin>
implements PersistentTokenRepository {
static final Logger logger = LoggerFactory.getLogger(HibernateTokenRepositoryImpl.class);
@Override
public void createNewToken(PersistentRememberMeToken token) {
logger.info("Creating Token for user : {}", token.getUsername());
PersistentLogin persistentLogin = new PersistentLogin();
persistentLogin.setUsername(token.getUsername());
persistentLogin.setSeries(token.getSeries());
persistentLogin.setToken(token.getTokenValue());
persistentLogin.setLast_used(token.getDate());
persist(persistentLogin);
}
@Override
public PersistentRememberMeToken getTokenForSeries(String seriesId) {
logger.info("Fetch Token if any for seriesId : {}", seriesId);
try {
Criteria crit = createEntityCriteria();
crit.add(Restrictions.eq("series", seriesId));
PersistentLogin persistentLogin = (PersistentLogin) crit.uniqueResult();
return new PersistentRememberMeToken(persistentLogin.getUsername(), persistentLogin.getSeries(),
persistentLogin.getToken(), persistentLogin.getLast_used());
} catch (Exception e) {
logger.info("Token not found...");
return null;
}
}
@Override
public void removeUserTokens(String username) {
logger.info("Removing Token if any for user : {}", username);
Criteria crit = createEntityCriteria();
crit.add(Restrictions.eq("username", username));
PersistentLogin persistentLogin = (PersistentLogin) crit.uniqueResult();
if (persistentLogin != null) {
logger.info("rememberMe was selected");
delete(persistentLogin);
}
}
@Override
public void updateToken(String seriesId, String tokenValue, Date lastUsed) {
logger.info("Updating Token for seriesId : {}", seriesId);
PersistentLogin persistentLogin = getByKey(seriesId);
persistentLogin.setToken(tokenValue);
persistentLogin.setLast_used(lastUsed);
update(persistentLogin);
}
}
以上實現使用Entity [PersistentLogin]映射到persistent_logins表,如下所示是實體本身。
@Entity
@Table(name="PERSISTENT_LOGINS")
public class PersistentLogin implements Serializable{
@Id
private String series;
@Column(name="USERNAME", unique=true, nullable=false)
private String username;
@Column(name="TOKEN", unique=true, nullable=false)
private String token;
@Temporal(TemporalType.TIMESTAMP)
private Date last_used;
public String getSeries() {
return series;
}
public void setSeries(String series) {
this.series = series;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getToken() {
return token;
}
public void setToken(String token) {
this.token = token;
}
public Date getLast_used() {
return last_used;
}
public void setLast_used(Date last_used) {
this.last_used = last_used;
}
}
這個UserDetailsService實現,在安全配置中使用如下圖所示:
@Service("customUserDetailsService")
public class CustomUserDetailsService implements UserDetailsService{
static final Logger logger = LoggerFactory.getLogger(CustomUserDetailsService.class);
@Autowired
private UserService userService;
@Transactional(readOnly=true)
public UserDetails loadUserByUsername(String ssoId)
throws UsernameNotFoundException {
User user = userService.findBySSO(ssoId);
logger.info("User : {}", user);
if(user==null){
logger.info("User not found");
throw new UsernameNotFoundException("Username not found");
}
return new org.springframework.security.core.userdetails.User(user.getSsoId(), user.getPassword(),
true, true, true, true, getGrantedAuthorities(user));
}
private List<GrantedAuthority> getGrantedAuthorities(User user){
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for(UserProfile userProfile : user.getUserProfiles()){
logger.info("UserProfile : {}", userProfile);
authorities.add(new SimpleGrantedAuthority("ROLE_"+userProfile.getType()));
}
logger.info("authorities : {}", authorities);
return authorities;
}
}
最後,註冊使用下述初始化類應用戰爭springSecurityFilter。
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
相關問題
- 1. 使用Spring Security登錄登錄時的用戶代理信息
- 2. 如何在spring-security中註銷所有登錄的用戶?
- 3. 使用Java和Angular2的Spring Security登錄
- 4. 如何使用Spring Security在Java代碼中檢查「hasRole」?
- 5. 模擬Grails Spring Security登錄用戶
- 6. SpringMVC 3 Spring Security創建用戶登錄
- 7. Spring Security多個登錄用戶失敗
- 8. 如何定製Grails Spring Security REST登錄響應HTTP代碼
- 9. Facebook登錄Spring Security
- 10. Spring Security登錄表
- 11. Spring Security Servlet登錄
- 12. 如何在Spring Security 4中登錄和登出?
- 13. 無法在Spring Security中登錄
- 14. Grails spring security在用戶域中保存登錄時間
- 15. 使用spring security和ajax登錄處理無效用戶/密碼
- 16. Java中spring-security的替代品(spring)
- 17. 如何檢查用戶是否使用spring-security登錄?
- 18. Spring Security中的其他參數登錄
- 19. Spring Security中的程序化登錄2
- 20. Spring Security Ldap,僅登錄指定組中的用戶
- 21. sitemesh + spring security:顯示主裝飾頁面中的登錄用戶!
- 22. Spring Security java配置和登錄表單
- 23. Spring Security的登錄頁
- 24. Spring Security登錄驗證碼集成
- 25. Spring Security - 如何在JSP中呈現剩餘的登錄嘗試
- 26. Facebook登錄後(javascript sdk) - 如何在Spring-Security中創建用戶會話?
- 27. Spring Security如何區分多個登錄用戶
- 28. Spring Security 3.1 - 如何識別用戶已經登錄或不是?
- 29. Spring Boot + Spring Security使用AngularJS登錄
- 30. Spring Security:自定義用戶代碼
份額白衣我們烏爾知識或者如果u有更好的想法..而不是否決不需要任何理由! – FuSsA
如果你問我,我還沒有投票。 說實話,我剛剛看到,開始工作,並投了票 作出詳細迴應。我也不知道,爲什麼有人投票否決了這個問題。至少有兩個人最喜歡這個問題。 – DamienMiheev
我知道這不是你......;) – FuSsA