主要是重寫attemptAuthentication方法

導(dǎo)入依賴

<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency>

相關(guān)配置和代碼

application.properties配置密碼

spring.security.user.name=adminspring.security.user.password=123

創(chuàng)建自定義身份過(guò)濾類

寫json登錄之前先看一下源碼，了解一下它是如何表單登錄的

在idea連按下shift鍵，搜索UsernamePasswordAuthenticationFilter類

進(jìn)入后再按Ctrl+F12可以查看該類的所有方法

進(jìn)入方法

我們只需要在request.getParameter（）那里重寫一下不就可以實(shí)現(xiàn)json登陸

重寫attemptAuthentication(HttpServletRequestrequest,HttpServletResponseresponse)方法

只需要復(fù)制父類的方法，多加一個(gè)判斷json的方法。就能同時(shí)支持key-value形式可json形式的參數(shù)了

public class MyAuthenticationFilter extends UsernamePasswordAuthenticationFilter { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { if(!request.getMethod().equals('POST')){ throw new AuthenticationServiceException('Authentication method not supported' + request.getMethod()); } //說(shuō)明是以json的形式傳遞參數(shù) if (request.getContentType().equals(MediaType.APPLICATION_JSON_VALUE)) { String username = null; String password = null; //將傳入的json數(shù)據(jù)轉(zhuǎn)換成map再通過(guò)get('key')獲得 try {Map<String,String> map =new ObjectMapper().readValue(request.getInputStream(), Map.class);username = map.get('username');password = map.get('password'); } catch (IOException e) {e.printStackTrace(); } if (username == null) { } if (password == null) { } username = username.trim(); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password); setDetails(request, authRequest); return this.getAuthenticationManager().authenticate(authRequest); } return super.attemptAuthentication(request, response); }}

創(chuàng)建SecurityConfig配置類

注：自定義的過(guò)濾類和security原來(lái)那個(gè)表單登陸過(guò)濾設(shè)置是分開的

體現(xiàn)在filter.setFilterProcessesUrl（）和loginProcessingUrl

因此表單登陸和json登陸的，successHandler判斷也要分開寫，

一會(huì)下面有效果圖也可以印證這一點(diǎn)

@Configurationpublic class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginProcessingUrl('/doLogin').permitAll().and().csrf().disable(); //將自定義的過(guò)濾器加進(jìn)來(lái)，第二參數(shù)表示加到usernamePasswordAuthenticationFilter所在的位置 http.addFilterAt(myAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); } @Bean MyAuthenticationFilter myAuthenticationFilter() throws Exception{ MyAuthenticationFilter filter = new MyAuthenticationFilter(); filter.setAuthenticationManager(authenticationManagerBean()); return filter; }}

創(chuàng)建Controller

@RestControllerpublic class HelloController { @GetMapping('/hello') public String hello(){ return 'hello security'; }}

以上就是本文的全部?jī)?nèi)容，希望對(duì)大家的學(xué)習(xí)有所幫助，也希望大家多多支持好吧啦網(wǎng)。