Spring security4 sample code for adding verification code

Java

Spring security is a large module. This article only involves the authentication of custom parameters. The default authentication parameters of spring security are username and password, which are generally not enough. Due to too long time, some forget, there may be a little omission. All right, no nonsense. Javaconfig is used for spring and spring security configuration, and the version is 4.2.1 5,4.0. 4 general idea: customize entrypoint, add custom parameters, extend authenticationtoken and authenticationprovider for verification.

First define entrypoint:

Next is token, and validcode is the verification code parameter:

Continue processingfilter,

Three parameters are defined respectively to receive the parameters from the login form. The construction method gives the URL of login and the required post method

The next step is authentication. Before the user name and password are authenticated, only the authentication code is authenticated

The following is a tool class of validatecodehandle and validatecodeerrorexception:

Here, you need to inherit authenticationexception to indicate that it is a security authentication failure. Only in this way can you follow the subsequent failure process

Next comes the provider:

As like as two peas, the supports method specifies the use of custom token. The additionalAuthenticationChecks method is exactly the same as the parent class logic. I just changed the information returned by the exception.

Next is the handler that handles authentication success and authentication failure

Finally, the most important security config:

The first is an encrypted bean, and customerservice is a simple query user

The next step is frontendwebsecurityconfigureadapter. The configure method is rewritten. First disable CSRF and start authorization requests (), where "/ user / login" and "/ user / logout" allow permission verification. Other requests need login authentication, and then addfilterbefore(), Before adding my customized myvalidcodeprocessingfilter to the default usernamepasswordauthenticationfilter of security, that is, first authenticate my customized parameters, and then formlogin(), configure the login URL and logout URL. Both login and logout URLs need controller mapping, that is, write your own controller. Next is the bean display declaration of authenticationprovider, AuthenticationManager, processingfilter, authenticationfailurehandler, authenticationsuccesshandler and entrypoint.

Here is login jsp

Validcodeerrorexception is thrown when the verification code fails. Because it inherits the authenticationexception, the authenticationfailurehandler will be triggered when the security encounters the authenticationexception during verification. The bean above declares that the authentication failure will jump to the login URL, so login In the JSP, ${spring_security_last_exception. Message} throws an exception message when obtaining my authentication, which can friendly prompt the user.

The whole custom security verification process is over

The above is the whole content of this article. I hope it will be helpful to your study, and I hope you can support programming tips.

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>