1. I found some other people's methods on the Internet, and found that none of them achieved my effect. It seems that I can only write it myself. 2. The
effect I want is that I send a post login request in postman and return a jsessionId. I can use this jsessionId Initiated another request again. I used some methods mentioned by others on the Internet but failed to achieve it. Maybe I did it wrong. Today, I implemented a method myself, recorded it, and it is also convenient for those who need to use this function, reducing the time it takes to search.
3. Let me talk about my environment, spring-boot-starter-parent uses 3.0.6, introduce spring-boot-starter-web, spring-boot-starter-security 4. My securityconfig configuration is as follows
:
@Bean
SecurityFilterChain configure(HttpSecurity http) throws Exception {
http.addFilterAt(CustomFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeHttpRequests(authoriz -> authoriz.requestMatchers("/login").permitAll()
.anyRequest().authenticated());
http .csrf().disable();
return http.build();
}
5. You need to customize a filter, the code is as follows:
```java
@Service
public class CustomFilter extends AbstractAuthenticationProcessingFilter implements InitializingBean {
@Resource
CustomUserDetailsService customUserDetailsService;
public CustomFilter() {
super(new AntPathRequestMatcher("/login", "POST"));
}
@Override
public void afterPropertiesSet() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(customUserDetailsService);
ProviderManager providerManager = new ProviderManager(daoAuthenticationProvider);
setAuthenticationManager(providerManager);
setSecurityContextRepository(new HttpSessionSecurityContextRepository());
setSessionAuthenticationStrategy(new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()));
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException{
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
request.getParameter("username"), request.getParameter("password"));
this.authenticationDetailsSource.buildDetails(request);
return this.getAuthenticationManager().authenticate(authRequest);
}
}
The above code explains, I put this filter into the spring container, in order to use its JPA function, that is, to introduce the service CustomUserDetailsService, this service is to check my custom user table, I don't want to write too much Too much code and text, so you are not willing to read this article. If you are using the user table that comes with the framework, you can remove daoAuthenticationProvider.setUserDetailsService(customUserDetailsService);
6. The key code is the last three lines (3 set methods) in the afterPropertiesSet() method
. 7. You need to add " /" request processing, I use the RestController annotation, as follows:
@GetMapping("/")
public ResponseBody home(){
ResponseBody responseBody = new ResponseBody();
responseBody.setMsg("登陆成功!");
responseBody.setCode("200");
responseBody.setData(null);
return responseBody;
}
According to this configuration on it.