Shulou(Shulou.com)06/03 Report--

This article will explain in detail how springsecurity uses application/json to receive data. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

Spring security uses application/json to receive data

For those who don't know security, please see the simple use of security.

Https://blog.51cto.com/5013162/2404946

When logging in to a user using spring security, it is found that the data cannot be obtained by using application/josn backend.

Look at the UsernamePasswordAuthenticationFilter source code to discover

/ / get password protected String obtainPassword (HttpServletRequest request) {return request.getParameter (passwordParameter);} / / get username protected String obtainUsername (HttpServletRequest request) {return request.getParameter (usernameParameter);}

It was obtained directly from request, not from requestBody.

Then we just need to override these two methods to get parameters from requestBody.

Override the UsernamePasswordAuthenticationFilter class

Public class UserAuthenticationFilter extends UsernamePasswordAuthenticationFilter {private ThreadLocal threadLocal = new ThreadLocal (); @ Override protected String obtainPassword (HttpServletRequest request) {String password = this.getBodyParams (request) .get (super.SPRING_SECURITY_FORM_PASSWORD_KEY); if (! StringUtils.isEmpty (password)) {return password;} return super.obtainPassword (request) } @ Override protected String obtainUsername (HttpServletRequest request) {String username = this.getBodyParams (request) .get (super.SPRING_SECURITY_FORM_USERNAME_KEY); if (! StringUtils.isEmpty (username)) {return username;} return super.obtainUsername (request) } / * the parameter in the body parameter body can only be obtained once * @ param request * @ return * / private Map getBodyParams (HttpServletRequest request) {Map bodyParams= threadLocal.get (); if (bodyParams==null) {ObjectMapper objectMapper = new ObjectMapper () Try (InputStream is = request.getInputStream ()) {bodyParams= objectMapper.readValue (is, Map.class);} catch (IOException e) {} if (bodyParams==null) bodyParams= new HashMap (); threadLocal.set (bodyParams) } return bodyParams;}} Custom SecurityConfig class @ Configurationpublic class SecurityConfig extends WebSecurityConfigurerAdapter {@ Autowired UserDetailServiceImpl userDetailService; @ Autowired LoginSuccessHandler loginSuccessHandler; @ Override protected void configure (AuthenticationManagerBuilder auth) throws Exception {/ / Custom user authentication and encryption method auth.userDetailsService (userDetailService) .passwordEncoder (new BCryptPasswordEncoder ()) } @ Override protected void configure (HttpSecurity http) throws Exception {http.formLogin () / / defines the login page to go to when the user is required to log in. / / .loginPage ("/ login.html") / / Custom login page / / .loginProcessingUrl ("/ login") / / Custom login interface address / / .loginHandler (loginSuccessHandler) .and () / / define which logins need to be protected, Which do not need to be protected .authorizeRequests (). AntMatchers ("/ login") .permitAll () / / URL .anyRequest () / any request that does not need protection After logging in, you can visit .authenticated () .and () .logout () .logoutSuccessUrl ("/ login") .permitAll () / logout .and () .csrf () .disable () / / add post json to support http.addFilterAt (UserAuthenticationFilterBean (), UsernamePasswordAuthenticationFilter.class);} private UserAuthenticationFilter UserAuthenticationFilterBean () throws Exception {UserAuthenticationFilter userAuthenticationFilter = new UserAuthenticationFilter (); userAuthenticationFilter.setAuthenticationManager (super.authenticationManager ()); userAuthenticationFilter.setAuthenticationSuccessHandler (loginSuccessHandler); return userAuthenticationFilter;}}

Log in to the successful processing class

LoginSuccessHandler.class

@ Componentpublic class LoginSuccessHandler implements AuthenticationSuccessHandler {@ Override public void onAuthenticationSuccess (HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {httpServletResponse.setContentType ("application/json;charset=UTF-8"); httpServletResponse.getWriter () .write (authentication.getName ());}}

User check processing class

@ Componentpublic class UserDetailServiceImpl implements UserDetailsService {/ * user verification * @ param s * @ return * @ throws UsernameNotFoundException * / @ Override public UserDetails loadUserByUsername (String s) throws UsernameNotFoundException {Collection collection = new ArrayList (); / / permission set String password = new BCryptPasswordEncoder () .encode ("123456") User user = new User (return user; password); return user;}

The transformation is completed to support post application/json as well as post form-data/x-www-form-urlencoded.

You can get the parameters passed in.

This is the end of the article on "how springsecurity uses application/json to receive data". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.