This article has participated in the call for good writing activities, click to view: back end, big front end double track submission, 20,000 yuan prize pool waiting for you to challenge

Default page generation

SpringSecurity filter

  • DefaultLoginPageGeneratingFilter generate the default login page

  • DefaultLogoutPageGeneratingFilter generated the logout page by default

DefaultLoginPageGeneratingFilter

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest)req;
    HttpServletResponse response = (HttpServletResponse)res;
    boolean loginError = this.isErrorPage(request);
    boolean logoutSuccess = this.isLogoutSuccess(request);
    if (!this.isLoginUrlRequest(request) && ! loginError && ! logoutSuccess) { chain.doFilter(request, response); }else {
        String loginPageHtml = this.generateLoginPageHtml(request, loginError, logoutSuccess);
        response.setContentType("text/html; charset=UTF-8"); response.setContentLength(loginPageHtml.getBytes(StandardCharsets.UTF_8).length); response.getWriter().write(loginPageHtml); }}private String generateLoginPageHtml(HttpServletRequest request, boolean loginError, boolean logoutSuccess) {
    String errorMsg = "Invalid credentials";
    if (loginError) {
        HttpSession session = request.getSession(false);
        if(session ! =null) {
            AuthenticationException ex = (AuthenticationException)session.getAttribute("SPRING_SECURITY_LAST_EXCEPTION"); errorMsg = ex ! =null ? ex.getMessage() : "Invalid credentials";
        }
    }

    StringBuilder sb = new StringBuilder();
    sb.append("
      \n\n \n 
      \n 
      \n 
      \n 
      \n Please Sign in < / title > \ n < link href = \ \ "https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" Anonymous crossorigin = \ '\ "> \ n < link href = \ \" https://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n </head>\n \n 
      

       \n"
      
);
    String contextPath = request.getContextPath();
    if (this.formLoginEnabled) {
        sb.append("  + contextPath + this.authenticationUrl + "\">\n \n" + createError(loginError, errorMsg) + createLogoutSuccess(logoutSuccess) + " 
\n \n 
 + this.usernameParameter + "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n 
\n 
\n \n 
 + this.passwordParameter + "\" class=\"form-control\" placeholder=\"Password\" required>\n 
\n" + this.createRememberMe(this.rememberMeParameter) + this.renderHiddenInputs(request) + " \n \n");
    }

    if (this.openIdEnabled) {
        sb.append("  + contextPath + this.openIDauthenticationUrl + "\">\n \n" + createError(loginError, errorMsg) + createLogoutSuccess(logoutSuccess) + " 
\n \n 
 + this.openIDusernameParameter + "\" class=\"form-control\" placeholder=\"Username\" required autofocus>\n 
\n" + this.createRememberMe(this.openIDrememberMeParameter) + this.renderHiddenInputs(request) + " \n \n");
    }

    Iterator var7;
    Entry relyingPartyUrlToName;
    String url;
    String partyName;
    if (this.oauth2LoginEnabled) {
        sb.append("<h2 class=\"form-signin-heading\">Login with OAuth 2.0</h2>");
        sb.append(createError(loginError, errorMsg));
        sb.append(createLogoutSuccess(logoutSuccess));
        sb.append("<table class=\"table table-striped\">\n");
        var7 = this.oauth2AuthenticationUrlToClientName.entrySet().iterator();

        while(var7.hasNext()) {
            relyingPartyUrlToName = (Entry)var7.next();
            sb.append(" <tr><td>");
            url = (String)relyingPartyUrlToName.getKey();
            sb.append("<a href=\"").append(contextPath).append(url).append("\" >");
            partyName = HtmlUtils.htmlEscape((String)relyingPartyUrlToName.getValue());
            sb.append(partyName);
            sb.append("</a>");
            sb.append("</td></tr>\n");
        }

        sb.append("</table>\n");
    }

    if (this.saml2LoginEnabled) {
        sb.append("<h2 class=\"form-signin-heading\">Login with SAML 2.0</h2>");
        sb.append(createError(loginError, errorMsg));
        sb.append(createLogoutSuccess(logoutSuccess));
        sb.append("<table class=\"table table-striped\">\n");
        var7 = this.saml2AuthenticationUrlToProviderName.entrySet().iterator();

        while(var7.hasNext()) {
            relyingPartyUrlToName = (Entry)var7.next();
            sb.append(" <tr><td>");
            url = (String)relyingPartyUrlToName.getKey();
            sb.append("<a href=\"").append(contextPath).append(url).append("\" >");
            partyName = HtmlUtils.htmlEscape((String)relyingPartyUrlToName.getValue());
            sb.append(partyName);
            sb.append("</a>");
            sb.append("</td></tr>\n");
        }

        sb.append("</table>\n");
    }

    sb.append("</div>\n");
    sb.append("</body></html>");
    return sb.toString();
}
Copy the code

(1) In the doFilter method, first determine whether the current request is a login error request, a successful logout request or a login request. If any one of these three request, will be generated in the DefaultLoginPageGeneratingFilter login page and returns, otherwise the request continues to go down, execution of a filter.

  1. If the current request is a login error request, logout success request, or login request, generateLoginPageHtml is used to generate a login page. If any exception information is returned to the front end
  2. After the login page is generated, it is written back to the front end via HttpServletResponse, and the return method is called to jump out of the filter chain.

DefaultLogoutPageGeneratingFilter

protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    if (this.matcher.matches(request)) {
        this.renderLogout(request, response);
    } else{ filterChain.doFilter(request, response); }}private void renderLogout(HttpServletRequest request, HttpServletResponse response) throws IOException {
    String page = "
      \n\n \n 
      \n 
      \n 
      \n 
      \n Confirm Log Out? < / title > \ n < link href = "https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel = \ "stylesheet \" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n 
       \ n \n \n 
      

       \n 
      
 + request.getContextPath() + "/logout\">\n \n" + this.renderHiddenInputs(request) + " \n \n \n \n";
    response.setContentType("text/html; charset=UTF-8");
    response.getWriter().write(page);
}
Copy the code

After the request is logged, it will determine whether to logout the request /logout. If so, it will render a page of the logout request; otherwise, it will go to the next filter.