AI 助理
备案控制台
开发者社区 开发与运维 文章 正文

SpringSecurity默认页面生成

2022-03-10 184
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《 阿里云开发者社区用户服务协议》和 《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写 侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
简介: SpringSecurity默认页面生成

SpringSecurity默认页面生成

springSecurity过滤器

  • DefaultLoginPageGeneratingFilter 生成默认的登录页面
  • DefaultLogoutPageGeneratingFilter 生成默认的注销页面

DefaultLoginPageGeneratingFilter

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest)req;
    HttpServletResponse response = (HttpServletResponse)res;
    boolean loginError = this.isErrorPage(request);
    boolean logoutSuccess = this.isLogoutSuccess(request);
    if (!this.isLoginUrlRequest(request) && !loginError && !logoutSuccess) {
        chain.doFilter(request, response);
    } else {
        String loginPageHtml = this.generateLoginPageHtml(request, loginError, logoutSuccess);
        response.setContentType("text/html;charset=UTF-8");
        response.setContentLength(loginPageHtml.getBytes(StandardCharsets.UTF_8).length);
        response.getWriter().write(loginPageHtml);
    }
}

private String generateLoginPageHtml(HttpServletRequest request, boolean loginError, boolean logoutSuccess) {
    String errorMsg = "Invalid credentials";
    if (loginError) {
        HttpSession session = request.getSession(false);
        if (session != null) {
            AuthenticationException ex = (AuthenticationException)session.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
            errorMsg = ex != null ? ex.getMessage() : "Invalid credentials";
        }
    }

    StringBuilder sb = new StringBuilder();
    sb.append("<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n    <meta name=\"description\" content=\"\">\n    <meta name=\"author\" content=\"\">\n    <title>Please sign in</title>\n    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n  </head>\n  <body>\n     <div class=\"container\">\n");
    String contextPath = request.getContextPath();
    if (this.formLoginEnabled) {
        sb.append("      <form class=\"form-signin\" method=\"post\" action=\"" + contextPath + this.authenticationUrl + "\">\n        <h2 class=\"form-signin-heading\">Please sign in</h2>\n" + createError(loginError, errorMsg) + createLogoutSuccess(logoutSuccess) + "        <p>\n          <label for=\"username\" class=\"sr-only\">Username</label>\n          <input type=\"text\" id=\"username\" name=\"" + this.usernameParameter + "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n        </p>\n        <p>\n          <label for=\"password\" class=\"sr-only\">Password</label>\n          <input type=\"password\" id=\"password\" name=\"" + this.passwordParameter + "\" class=\"form-control\" placeholder=\"Password\" required>\n        </p>\n" + this.createRememberMe(this.rememberMeParameter) + this.renderHiddenInputs(request) + "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n      </form>\n");
    }

    if (this.openIdEnabled) {
        sb.append("      <form name=\"oidf\" class=\"form-signin\" method=\"post\" action=\"" + contextPath + this.openIDauthenticationUrl + "\">\n        <h2 class=\"form-signin-heading\">Login with OpenID Identity</h2>\n" + createError(loginError, errorMsg) + createLogoutSuccess(logoutSuccess) + "        <p>\n          <label for=\"username\" class=\"sr-only\">Identity</label>\n          <input type=\"text\" id=\"username\" name=\"" + this.openIDusernameParameter + "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n        </p>\n" + this.createRememberMe(this.openIDrememberMeParameter) + this.renderHiddenInputs(request) + "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Sign in</button>\n      </form>\n");
    }

    Iterator var7;
    Entry relyingPartyUrlToName;
    String url;
    String partyName;
    if (this.oauth2LoginEnabled) {
        sb.append("<h2 class=\"form-signin-heading\">Login with OAuth 2.0</h2>");
        sb.append(createError(loginError, errorMsg));
        sb.append(createLogoutSuccess(logoutSuccess));
        sb.append("<table class=\"table table-striped\">\n");
        var7 = this.oauth2AuthenticationUrlToClientName.entrySet().iterator();

        while(var7.hasNext()) {
            relyingPartyUrlToName = (Entry)var7.next();
            sb.append(" <tr><td>");
            url = (String)relyingPartyUrlToName.getKey();
            sb.append("<a href=\"").append(contextPath).append(url).append("\">");
            partyName = HtmlUtils.htmlEscape((String)relyingPartyUrlToName.getValue());
            sb.append(partyName);
            sb.append("</a>");
            sb.append("</td></tr>\n");
        }

        sb.append("</table>\n");
    }

    if (this.saml2LoginEnabled) {
        sb.append("<h2 class=\"form-signin-heading\">Login with SAML 2.0</h2>");
        sb.append(createError(loginError, errorMsg));
        sb.append(createLogoutSuccess(logoutSuccess));
        sb.append("<table class=\"table table-striped\">\n");
        var7 = this.saml2AuthenticationUrlToProviderName.entrySet().iterator();

        while(var7.hasNext()) {
            relyingPartyUrlToName = (Entry)var7.next();
            sb.append(" <tr><td>");
            url = (String)relyingPartyUrlToName.getKey();
            sb.append("<a href=\"").append(contextPath).append(url).append("\">");
            partyName = HtmlUtils.htmlEscape((String)relyingPartyUrlToName.getValue());
            sb.append(partyName);
            sb.append("</a>");
            sb.append("</td></tr>\n");
        }

        sb.append("</table>\n");
    }

    sb.append("</div>\n");
    sb.append("</body></html>");
    return sb.toString();
}

(1) 在doFilter方法中 首先判断当前请求是否为登录出错请求,注销成功请求或者登录请求。如果这三个请求中的任意一个,就会在DefaultLoginPageGeneratingFilter中生成登录页面并返回,否则请求继续往下走,执行下一个过滤器。

  1. 如果当前请求为登录出错请求,注销成功请求或者登录请求,使用generateLoginPageHtml生成登录页面,如果有异常信息一同返回给前端
  2. 登录页面生成后通过HttpServletResponse将登录页面写回到前端,然后调用return方法跳出过滤器链。

DefaultLogoutPageGeneratingFilter

protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    if (this.matcher.matches(request)) {
        this.renderLogout(request, response);
    } else {
        filterChain.doFilter(request, response);
    }

}

private void renderLogout(HttpServletRequest request, HttpServletResponse response) throws IOException {
    String page = "<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n    <meta name=\"description\" content=\"\">\n    <meta name=\"author\" content=\"\">\n    <title>Confirm Log Out?</title>\n    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n    <link href=\"https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n  </head>\n  <body>\n     <div class=\"container\">\n      <form class=\"form-signin\" method=\"post\" action=\"" + request.getContextPath() + "/logout\">\n        <h2 class=\"form-signin-heading\">Are you sure you want to log out?</h2>\n" + this.renderHiddenInputs(request) + "        <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Log Out</button>\n      </form>\n    </div>\n  </body>\n</html>";
    response.setContentType("text/html;charset=UTF-8");
    response.getWriter().write(page);
}

请求到来之后,先判断是否注销请求/logout,如果是/logout请求,则渲染一个注销请求的页面,否则走下一个过滤器。

文章标签:
前端开发
周杰伦本人
目录
相关文章
瑶大头*^_^*
|
存储 应用服务中间件 容器
springmvc-页面跳转&表单标签&其他标签&tomcat控制台中文乱码问题
springmvc-页面跳转&表单标签&其他标签&tomcat控制台中文乱码问题
瑶大头*^_^*
57 0
亚丁号
|
7月前
|
XML Java 数据格式
IDEA 设置JSP启动页面/默认页面
IDEA 设置JSP启动页面/默认页面
亚丁号
199 0
飞翔的佩奇
|
7月前
springmvc请求转发和重定向的四种跳转方式
springmvc请求转发和重定向的四种跳转方式
飞翔的佩奇
88 0
从未止步..
|
前端开发 Java 程序员
SpringMVC实现对页面的访问和跳转~
SpringMVC实现对页面的访问和跳转~
从未止步..
101 0
玉面大蛟龙
SpringMVC学习(二):访问指定页面
SpringMVC学习(二):访问指定页面
玉面大蛟龙
81 0
SpringMVC学习(二):访问指定页面
前端歌谣
34tomcat设置默认页面
34tomcat设置默认页面
前端歌谣
93 0
34tomcat设置默认页面
AAAAAAAA
Servlet的配置 以及缺省servlet的概念,默认页面
Servlet的配置 以及缺省servlet的概念,默认页面
AAAAAAAA
327 0
Servlet的配置 以及缺省servlet的概念,默认页面
anny_4243
|
前端开发
前端 打开localhost:8080 不是当前页面原因
前端 打开localhost:8080 不是当前页面原因
anny_4243
244 0
学堂小助手
|
Java 数据安全/隐私保护 开发者
regist.jsp 页面回显,注册基本完成| 学习笔记
快速学习 regist.jsp 页面回显,注册基本完成
学堂小助手
303 0
regist.jsp 页面回显,注册基本完成| 学习笔记
划破天际
|
Java
解决springboot项目页面地址栏出现的jsessionId问题
在项目启动类中重写SpringBootServletInitializer类中的onStartup方法 亲自测试过在配置文件中配置server.servlet.session.tracking-modes=和server.
划破天际
3065 0