• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

春季安全-从入门到精通-自定义登录成功/失败全球资源定位器(统一资源定位器)


Recommended Posts

要想调到项目外部的链接该如何做

1 源码解析

一、点击successForwardUrl

vwm2ivc1zyf2912.png

二、在FormLoginConfigurer里面发现 用successHandler()这个方法做的跳转

jzri1gt1dag2913.png

三、点进ForwardAuthenticationSuccessHandler 发现 其实现了AuthenticationSuccessHandler这个接口

rerrqnfckrt2914.png

四、点击failureForwardUrl 也类似 也实现了 AuthenticationSuccessHandler

r2f20tperuk2915.png

2 自定义 成功失败的跳转方式

包com。mangoubiubiu。安全。配置;

导入组织。spring框架。安全。核心。authenticationexception

导入组织。spring框架。安全。网络。正宗的。authenticationfailurehandler

导入org。spring框架。安全。网络。util。urlutils

导入org。spring框架。util。断言;

导入javax。servlet。servlet异常;

导入javax。servlet。http。http servlet请求;

导入javax。servlet。http。http servlet响应;

导入Java。io。io异常;

公共类错误处理程序实现AuthenticationFailureHandler {

私有最终字符串转发Url

公共错误处理程序(字符串转发Url) {

断言。为真(urlutils。isvalidredirecturl(转发url),()- {

return ''' forwardUrl ' '不是有效的转发URL ';

});

这个。转发URL=转发URL;

}

@覆盖

public void onAuthenticationFailure(http servlet请求请求,HttpServletResponse响应,身份验证异常异常)引发IOException,ServletException {

回应。发送重定向(转发URL);

}

}

包com。mangoubiubiu。安全。配置;

导入龙目岛。外部人员。SLF 4j。SLF 4j;

导入org。spring框架。缓存。注释。可缓存;

导入org。spring框架。安全。核心。真实性;

导入org.springfram

ework.security.core.AuthenticationException; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.util.UrlUtils; import org.springframework.stereotype.Component; import org.springframework.util.Assert; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @Slf4j public class SuccessHandler implements AuthenticationSuccessHandler { private final String redictUrl; public SuccessHandler(String redictUrl) { Assert.isTrue(UrlUtils.isValidRedirectUrl(redictUrl), () -> { return "'" + redictUrl + "' is not a valid forward URL"; }); this.redictUrl = redictUrl; } @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { log.info("---------------->authentication.getAuthorities()+{}",authentication.getAuthorities()); //基于安全考虑 凭证不会显示 会显示null log.info("---------------->authentication.getCredentials()+{}",authentication.getCredentials()); log.info("---------------->authentication.getDetails()+{}",authentication.getDetails()); log.info("---------------->authentication.getPrincipal()+{}",authentication.getPrincipal()); log.info("---------------->authentication.isAuthenticated()+{}",authentication.isAuthenticated()); response.sendRedirect(redictUrl); } }

配置类修改

yd4wam2byoi2916.png

package com.mangoubiubiu.security.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
/**
 * SecurityConfig 配置类
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
            //表单登录
            http.formLogin()
                    .loginProcessingUrl("/login")
                    .loginPage("/login.html")
                  // .successForwardUrl("/main")
                   //.failureForwardUrl("/toError")
                    .successHandler((AuthenticationSuccessHandler) new SuccessHandler("https://www.cnblogs.com/mangoubiubiu/"))
                    .failureHandler(new ErrorHandler("https://www.baidu.com/"))
                    //自定义登录用户名参数
                    .usernameParameter("user")
                    .passwordParameter("pwd");
            //所有请求都必须被认证(登录)
            http.authorizeRequests()
                    //放行登录页面
                    .antMatchers("/login.html","/error.html").permitAll()
                    //所有请求都必须被认证(登录)
                    .anyRequest().authenticated();
            //关闭 csrf 跨站请求伪造
            http.csrf().disable();
    }
    @Bean
    public PasswordEncoder pw(){
        return new BCryptPasswordEncoder();
    }
}

 

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now