这篇文章将为大家详细讲解有关springsecurity如何使用application/json接收数据,小编觉得挺实用的,因此分享给大家做个参考,希望大家阅读完这篇文章后可以有所收获。
spring security 使用 application/json 接收数据
不了解 security 的请看 security 的简单使用
https://blog.51cto.com/5013162/2404946
在使用 spring security 登录用户的时候 发现使用 application/josn 后台不能获取到数据
看 UsernamePasswordAuthenticationFilter 源码发现
//获取密码 protected String obtainPassword(HttpServletRequest request) { return request.getParameter(passwordParameter); } //获取用户名 protected String obtainUsername(HttpServletRequest request) { return request.getParameter(usernameParameter); }
是直接从request 获取的 不是从 requestBody 中获取的
那我们就只需要重写这两个方法从 requestBody 中获取参数
重写 UsernamePasswordAuthenticationFilter 类
public class UserAuthenticationFilter extends UsernamePasswordAuthenticationFilter { private ThreadLocal<Map<String,String>> threadLocal = new ThreadLocal<>(); @Override protected String obtainPassword(HttpServletRequest request) { String password = this.getBodyParams(request).get(super.SPRING_SECURITY_FORM_PASSWORD_KEY); if(!StringUtils.isEmpty(password)){ return password; } return super.obtainPassword(request); } @Override protected String obtainUsername(HttpServletRequest request) { String username = this.getBodyParams(request).get(super.SPRING_SECURITY_FORM_USERNAME_KEY); if(!StringUtils.isEmpty(username)){ return username; } return super.obtainUsername(request); } /** * 获取body参数 body中的参数只能获取一次 * @param request * @return */ private Map<String,String> getBodyParams(HttpServletRequest request){ Map<String,String> bodyParams = threadLocal.get(); if(bodyParams==null) { ObjectMapper objectMapper = new ObjectMapper(); try (InputStream is = request.getInputStream()) { bodyParams = objectMapper.readValue(is, Map.class); } catch (IOException e) { } if(bodyParams==null) bodyParams = new HashMap<>(); threadLocal.set(bodyParams); } return bodyParams; } } 自定义 SecurityConfig 类 @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserDetailServiceImpl userDetailService; @Autowired LoginSuccessHandler loginSuccessHandler; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { //自定义用户验证和加密方式 auth.userDetailsService(userDetailService).passwordEncoder(new BCryptPasswordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin() // 定义当需要用户登录时候,转到的登录页面。 // .loginPage("/login.html") //自定义登录页面 // .loginProcessingUrl("/login") //自定义登录接口地址 // .successHandler(loginSuccessHandler) .and() // 定义哪些URL需要被保护、哪些不需要被保护 .authorizeRequests().antMatchers("/login").permitAll() //不需要保护的URL .anyRequest() // 任何请求,登录后可以访问 .authenticated() .and() .logout().logoutSuccessUrl("/login").permitAll() // 登出 .and() .csrf().disable(); //配置自定义过滤器 增加post json 支持 http.addFilterAt(UserAuthenticationFilterBean(), UsernamePasswordAuthenticationFilter.class); } private UserAuthenticationFilter UserAuthenticationFilterBean() throws Exception { UserAuthenticationFilter userAuthenticationFilter = new UserAuthenticationFilter(); userAuthenticationFilter.setAuthenticationManager(super.authenticationManager()); userAuthenticationFilter.setAuthenticationSuccessHandler(loginSuccessHandler); return userAuthenticationFilter; } }
登录成功处理类
LoginSuccessHandler.class
@Component public class LoginSuccessHandler implements AuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { httpServletResponse.setContentType("application/json;charset=UTF-8"); httpServletResponse.getWriter().write(authentication.getName()); } }
用户校验处理类
@Component public class UserDetailServiceImpl implements UserDetailsService { /** * 用户校验 * @param s * @return * @throws UsernameNotFoundException */ @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { Collection<GrantedAuthority> collection = new ArrayList<>();//权限集合 String password = new BCryptPasswordEncoder().encode("123456"); User user = new User(s,password,collection); return user; } }
改造完成 支持 post application/json 同时也支持 post form-data/x-www-form-urlencoded
都可以获取到传入的参数
关于“springsecurity如何使用application/json接收数据”这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,使各位可以学到更多知识,如果觉得文章不错,请把它分享出去让更多的人看到。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。