CN115913762A - Dynamic URL authentication method based on SpringSecurity - Google Patents

Dynamic URL authentication method based on SpringSecurity Download PDF

Info

Publication number
CN115913762A
CN115913762A CN202211602528.7A CN202211602528A CN115913762A CN 115913762 A CN115913762 A CN 115913762A CN 202211602528 A CN202211602528 A CN 202211602528A CN 115913762 A CN115913762 A CN 115913762A
Authority
CN
China
Prior art keywords
authentication
information
role
authority
url
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211602528.7A
Other languages
Chinese (zh)
Inventor
李建州
王兴华
杨兴海
杨兴荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shijihengtong Technology Co ltd
Original Assignee
Shijihengtong Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shijihengtong Technology Co ltd filed Critical Shijihengtong Technology Co ltd
Priority to CN202211602528.7A priority Critical patent/CN115913762A/en
Publication of CN115913762A publication Critical patent/CN115913762A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a dynamic URL authentication method based on SpringSecurity, which marks an interface needing authentication by creating an authority annotation PrivilegeDefinition; scanning all RequestMappingInfo information marked with permission code annotation PrivilegDefinition in all controllers to generate permission codes for role authorization; the login authentication is passed and the role information authorized by the user is stored in the authentication information; the method can realize that the Filter InvociationSecurityMetadataSource interface returns all role information with the current UR access authority, realize that the Access decision Voter interface self-defines an access authority voter, judge the role of login authentication information and the role with the URL authority in a voting mode, and realize dynamic authentication. The method is convenient to operate and maintain later, can realize quick authentication, authorization, attack protection and the like, can effectively ensure the safety and maintainability of the system, and has strong practicability and high popularization.

Description

Dynamic URL authentication method based on SpringSecurity
Technical Field
The invention relates to a dynamic URL authentication method based on SpringSecurity, belonging to the technical field of network information security.
Background
At present, with the rapid development of internet technology, network application has been deepened into the aspect of people's life, and information security maintenance has also become an important component in internet technology. The application has serious security holes, which may cause the private data of the user to be stolen by attackers, and threatens the information and property security of enterprises and individuals. The Spring security is used as a lightweight security management framework based on Spring, and the core of the framework is that all requests entering a system are intercepted through a group of filter chains, whether the requests have resource access authority is checked, the purpose of security access control is achieved, and functions of authentication, authorization, attack protection and the like are rapidly achieved.
However, in the conventional spring security authentication mode, the right code needs to be hard-coded, the authentication cannot be dynamically authenticated according to the URL, the authentication function is inconvenient to apply in various systems, the conventional right code is hard-coded, and the post-maintenance is inconvenient and easy to miss or make mistakes.
Disclosure of Invention
In view of this, the present invention provides a dynamic URL authentication method based on SpringSecurity, which can overcome the defects of the prior art.
The purpose of the invention is realized by the following technical scheme:
a dynamic URL authentication method based on SpringSecurity comprises the following steps:
s1, creating an authority annotation PrivilegeFefination to label an interface needing authentication;
s2, scanning all RequestMappingInfo information marked with permission code annotation PrivilegeFfinition in all controllers to generate permission codes to authorize roles;
s3, the login authentication is passed and the role information authorized by the user is stored in the authentication information;
s4, establishing a Filter InvociationSecurityMetadataSource interface, and returning all role information with current UR access authority;
s5, voting a role containing login authentication information and a role with URL authority through an Access precision Voter interface custom access authority voter;
s6, if the vote is passed, the authentication is passed and the access is allowed;
if the voting is not passed, the access is refused, and the abnormal system of the current system is converted and returned to the front end for display.
In the step S1, URL generation permission code information in the HandlerMapping information that needs to be authenticated in all controllers is marked.
In the foregoing step S2, by scanning the RequestMappingInfo information labeled with the PrivilegeDefinition annotation in all controllers, the URL is obtained from the RequestMappingInfo information and converted into the authority code information to authorize the role of the user.
In the step S3, after the user provides the user name and password and passes the authentication, the role information of the user is loaded and stored in the authentication information, and it is subsequently determined whether the user has the right to access the protected resource.
In the foregoing step S4, interface creation is performed through Collection < ConfigAttribute > getAttributes > throws IllegalArgumentException, a requested URL is obtained from the Object parameter, and all role codes that have permission for the URL are queried from the database and packaged into a ConfigAttribute set for return.
A set of ConfigAttribute objects is created by Collection < ConfigAttribute >, and if the secure object is not supported by the current securitymeatasource object, an exception illegalargmentexception is thrown.
In the step S5, the user is responsible for voting the authorization decision, and obtains the existing role code from the authentication information; the authorization result includes approval, abstinence and objection, and under the condition that a plurality of rules may exist in the current access, each accessdecisionVoter casts the vote thereof, and finally, the AccessDecisionManager counts all voters for voting to make the final authorization decision.
In the step S6, when the user is denied the exception thrown when accessing the protected URL, the page request is processed in the AccessDeniedHandler default by Spring, and the page request is converted according to the exception system of the current system and then returned to the front end for presentation.
Compared with the prior art, the dynamic URL authentication method based on spring security disclosed by the invention is used for solving the problems that the authentication method needs to be subjected to hard coding authority codes under the existing spring security authentication mode and cannot be dynamically authenticated according to the URL, and marks an interface needing authentication by creating an authority annotation PrivilegeFefination; scanning all RequestMappingInfo information marked with permission code annotation PrivilegDefinition in all controllers to generate permission codes for role authorization; the login authentication is passed and the role information authorized by the user is stored in the authentication information; the method can realize that the Filter InvociationSecurityMetadataSource interface returns all role information with the current UR access authority, realize that the Access decision Voter interface self-defines an access authority voter, judge the role of login authentication information and the role with the URL authority in a voting mode, and realize dynamic authentication. The method is convenient to operate and maintain later, can realize quick authentication, authorization, attack protection and the like, can effectively ensure the safety and maintainability of the system, and has strong practicability and high popularization.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims thereof.
Drawings
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail with reference to the accompanying drawings, in which:
FIG. 1 is a block flow diagram of the present invention.
Detailed Description
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be understood that the preferred embodiments are illustrative of the invention only and are not limiting upon the scope of the invention.
As shown in fig. 1, a dynamic URL authentication method based on SpringSecurity specifically includes the following steps:
s1, creating an authority annotation PrivilegeFefination to label an interface needing authentication;
s2, scanning all RequestMappingInfo information marked with permission code annotation PrivilegeFfinition in all controllers to generate permission codes to authorize roles;
s3, the login authentication is passed and the role information authorized by the user is stored in the authentication information;
s4, creating a Filter InvocationSecurityMetadataSource interface, and returning all role information with current UR access authority;
s5, voting a role containing login authentication information and a role with URL authority through an access precision Voter interface user-defined access authority voter;
s6, if the vote is passed, the authentication is passed and the access is allowed;
if the vote is not passed, the access is refused, and the abnormal system of the current system is converted and returned to the front end for display.
In step S1, generating authority code information by labeling URLs in the handlemapping information that needs to be authenticated in all controllers.
In step S2, by scanning the RequestMappingInfo information labeled with the PrivilegeDefinition annotation in all controllers, the URL is obtained from the RequestMappingInfo information and converted into the authority code information to authorize the role of the user.
In step S3, after the user provides the user name and password and passes the authentication, the role information of the user is loaded and stored in the authentication information, and it is subsequently determined whether the user has the right to access the protected resource.
In step S4, interface creation is performed through Collection < ConfigAttribute > getAttributes (Object) through (LegeImagementException), according to the requested URL obtained from the Object parameter, all the role codes having authority to the URL are queried from the database and packaged into a configAttribute set for returning.
A set of ConfigAttribute objects is created by Collection < ConfigAttribute >, and if the security object is not supported by the current SecurityMetadataSource object, an exception ilegalargumentexception is thrown.
In step S5, it is responsible for voting the authorization decision, and obtaining the existing role code from the authentication information. The authorization results are three in total, namely consent, disclaimer and objection. Under the condition that a plurality of rules may exist in the current access, each accessdecisionVoter throws its own ticket, and finally, after all voters are voted by the AccessDecisionManager, the final authorization decision is made.
In step S6, the user is rejected to throw out an exception when accessing the protected URL, makes a page request process in the AccessDeniedHandler that is default for Spring, and returns to the front end for presentation after conversion according to the exception system of the current system.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and any simple modification, equivalent change and modification made to the above embodiment according to the technical spirit of the present invention without departing from the technical spirit of the present invention are within the scope of the present invention.

Claims (8)

1. A dynamic URL authentication method based on SpringSecurity is characterized by comprising the following steps:
s1, creating an authority annotation PrivilegeFefination to label an interface needing authentication;
s2, scanning all RequestMappingInfo information marked with authority code annotation PrivilegeDefinition in all controllers to generate authority codes for role authorization;
s3, the login authentication is passed and the role information authorized by the user is stored in the authentication information;
s4, creating a Filter InvocationSecurityMetadataSource interface, and returning all role information with current UR access authority;
s5, voting a role containing login authentication information and a role with URL authority through an Access precision Voter interface custom access authority voter;
s6, if the vote is passed, the authentication is passed and the access is allowed;
if the vote is not passed, the access is refused, and the abnormal system of the current system is converted and returned to the front end for display.
2. The SpringSecurity-based dynamic URL authentication method according to claim 1, wherein: in step S1, all URLs in Handlermapping information needing authentication in a Controller are marked to generate authority code information.
3. The dynamic URL authentication method based on SpringSecurability according to claim 1, wherein: in step S2, by scanning the RequestMappingInfo information labeled with the PrivilegeDefinition annotation in all controllers, the URL is obtained from the RequestMappingInfo and converted into the authority code information to authorize the role of the user.
4. The SpringSecurity-based dynamic URL authentication method according to claim 1, wherein: in step S3, after the user provides the user name and the password passes the authentication, the role information of the user is loaded and stored in the authentication information, and whether the user has the authority to access the protected resource is judged subsequently.
5. The SpringSecurity-based dynamic URL authentication method according to claim 1, wherein: in step S4, an interface is created through Collection < ConfigAttribute > getAttributes > throws illegalargementexception, and according to the URL of the request obtained from the Object parameter, all the role codes having authority to the URL are queried from the database and packaged into a ConfigAttribute set for returning.
6. The SpringSecurity-based dynamic URL authentication method according to claim 5, wherein: a set of ConfigAttribute objects is created from Collection < ConfigAttribute >, and if the security object is not supported by the current SecurityMetadataSource object, an exception illegamentexception is thrown.
7. The SpringSecurity-based dynamic URL authentication method according to claim 1, wherein: step S5, voting is carried out on the authorization decision, and the existing role code is obtained from the authentication information; the authorization result includes approval, abstinence and objection, and under the condition that a plurality of rules may exist in the current access, each accessdecisionVoter casts the vote thereof, and finally, the AccessDecisionManager counts all voters for voting to make the final authorization decision.
8. The SpringSecurity-based dynamic URL authentication method according to claim 1, wherein: in step S6, when the user is denied the exception thrown out when accessing the protected URL, the page request is processed in the AccessDeniedHandler that is default for Spring, and the page request is converted according to the exception system of the current system and then returned to the front end for presentation.
CN202211602528.7A 2022-12-14 2022-12-14 Dynamic URL authentication method based on SpringSecurity Pending CN115913762A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211602528.7A CN115913762A (en) 2022-12-14 2022-12-14 Dynamic URL authentication method based on SpringSecurity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211602528.7A CN115913762A (en) 2022-12-14 2022-12-14 Dynamic URL authentication method based on SpringSecurity

Publications (1)

Publication Number Publication Date
CN115913762A true CN115913762A (en) 2023-04-04

Family

ID=86496116

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211602528.7A Pending CN115913762A (en) 2022-12-14 2022-12-14 Dynamic URL authentication method based on SpringSecurity

Country Status (1)

Country Link
CN (1) CN115913762A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116167028A (en) * 2023-04-21 2023-05-26 云筑信息科技(成都)有限公司 Authority authentication method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116167028A (en) * 2023-04-21 2023-05-26 云筑信息科技(成都)有限公司 Authority authentication method

Similar Documents

Publication Publication Date Title
US20210314312A1 (en) System and method for transferring device identifying information
US10754826B2 (en) Techniques for securely sharing files from a cloud storage
CN110149328B (en) Interface authentication method, device, equipment and computer readable storage medium
US8490154B2 (en) Method and system for authentication by defining a demanded level of security
CN101286845B (en) Control system for access between domains based on roles
US20080052527A1 (en) method and system for authenticating and validating identities based on multi-modal biometric templates and special codes in a substantially anonymous process
US20080290988A1 (en) Systems and methods for controlling access within a system of networked and non-networked processor-based systems
CN102457377A (en) Role-based web remote authentication and authorization method and system thereof
CN105933245B (en) Safe and trusted access method in software defined network
CN106534199A (en) Distributed system authentication and permission management platform based on XACML and SAML under big data environment
CN107026825A (en) A kind of method and system for accessing big data system
CN102571873B (en) Bidirectional security audit method and device in distributed system
CN111797418B (en) Online service control method and device, service terminal, server and storage medium
CN106101054A (en) The single-point logging method of a kind of multisystem and centralized management system
CN102571874B (en) On-line audit method and device in distributed system
CN115913762A (en) Dynamic URL authentication method based on SpringSecurity
CN114021109A (en) System and method for realizing identity authentication and access management of workshop-level industrial control system in tobacco industry
CN115130122A (en) Big data security protection method and system
CN116455668A (en) User trust measurement method and system in zero trust network environment
CN107395577B (en) Large-scale electric power enterprise salary safety coefficient
CN104994086B (en) A kind of control method and device of data-base cluster permission
US7523488B2 (en) Method for performing data access transformation with request authorization processing
CN109495514A (en) Role access control system and method based on edge terminal
CN216122450U (en) Power grid safety audit system
CN112966235B (en) Big data component access control method and system of intelligent education platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication