CN115913762A - Dynamic URL authentication method based on SpringSecurity - Google Patents
Dynamic URL authentication method based on SpringSecurity Download PDFInfo
- Publication number
- CN115913762A CN115913762A CN202211602528.7A CN202211602528A CN115913762A CN 115913762 A CN115913762 A CN 115913762A CN 202211602528 A CN202211602528 A CN 202211602528A CN 115913762 A CN115913762 A CN 115913762A
- Authority
- CN
- China
- Prior art keywords
- authentication
- information
- role
- authority
- url
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a dynamic URL authentication method based on SpringSecurity, which marks an interface needing authentication by creating an authority annotation PrivilegeDefinition; scanning all RequestMappingInfo information marked with permission code annotation PrivilegDefinition in all controllers to generate permission codes for role authorization; the login authentication is passed and the role information authorized by the user is stored in the authentication information; the method can realize that the Filter InvociationSecurityMetadataSource interface returns all role information with the current UR access authority, realize that the Access decision Voter interface self-defines an access authority voter, judge the role of login authentication information and the role with the URL authority in a voting mode, and realize dynamic authentication. The method is convenient to operate and maintain later, can realize quick authentication, authorization, attack protection and the like, can effectively ensure the safety and maintainability of the system, and has strong practicability and high popularization.
Description
Technical Field
The invention relates to a dynamic URL authentication method based on SpringSecurity, belonging to the technical field of network information security.
Background
At present, with the rapid development of internet technology, network application has been deepened into the aspect of people's life, and information security maintenance has also become an important component in internet technology. The application has serious security holes, which may cause the private data of the user to be stolen by attackers, and threatens the information and property security of enterprises and individuals. The Spring security is used as a lightweight security management framework based on Spring, and the core of the framework is that all requests entering a system are intercepted through a group of filter chains, whether the requests have resource access authority is checked, the purpose of security access control is achieved, and functions of authentication, authorization, attack protection and the like are rapidly achieved.
However, in the conventional spring security authentication mode, the right code needs to be hard-coded, the authentication cannot be dynamically authenticated according to the URL, the authentication function is inconvenient to apply in various systems, the conventional right code is hard-coded, and the post-maintenance is inconvenient and easy to miss or make mistakes.
Disclosure of Invention
In view of this, the present invention provides a dynamic URL authentication method based on SpringSecurity, which can overcome the defects of the prior art.
The purpose of the invention is realized by the following technical scheme:
a dynamic URL authentication method based on SpringSecurity comprises the following steps:
s1, creating an authority annotation PrivilegeFefination to label an interface needing authentication;
s2, scanning all RequestMappingInfo information marked with permission code annotation PrivilegeFfinition in all controllers to generate permission codes to authorize roles;
s3, the login authentication is passed and the role information authorized by the user is stored in the authentication information;
s4, establishing a Filter InvociationSecurityMetadataSource interface, and returning all role information with current UR access authority;
s5, voting a role containing login authentication information and a role with URL authority through an Access precision Voter interface custom access authority voter;
s6, if the vote is passed, the authentication is passed and the access is allowed;
if the voting is not passed, the access is refused, and the abnormal system of the current system is converted and returned to the front end for display.
In the step S1, URL generation permission code information in the HandlerMapping information that needs to be authenticated in all controllers is marked.
In the foregoing step S2, by scanning the RequestMappingInfo information labeled with the PrivilegeDefinition annotation in all controllers, the URL is obtained from the RequestMappingInfo information and converted into the authority code information to authorize the role of the user.
In the step S3, after the user provides the user name and password and passes the authentication, the role information of the user is loaded and stored in the authentication information, and it is subsequently determined whether the user has the right to access the protected resource.
In the foregoing step S4, interface creation is performed through Collection < ConfigAttribute > getAttributes > throws IllegalArgumentException, a requested URL is obtained from the Object parameter, and all role codes that have permission for the URL are queried from the database and packaged into a ConfigAttribute set for return.
A set of ConfigAttribute objects is created by Collection < ConfigAttribute >, and if the secure object is not supported by the current securitymeatasource object, an exception illegalargmentexception is thrown.
In the step S5, the user is responsible for voting the authorization decision, and obtains the existing role code from the authentication information; the authorization result includes approval, abstinence and objection, and under the condition that a plurality of rules may exist in the current access, each accessdecisionVoter casts the vote thereof, and finally, the AccessDecisionManager counts all voters for voting to make the final authorization decision.
In the step S6, when the user is denied the exception thrown when accessing the protected URL, the page request is processed in the AccessDeniedHandler default by Spring, and the page request is converted according to the exception system of the current system and then returned to the front end for presentation.
Compared with the prior art, the dynamic URL authentication method based on spring security disclosed by the invention is used for solving the problems that the authentication method needs to be subjected to hard coding authority codes under the existing spring security authentication mode and cannot be dynamically authenticated according to the URL, and marks an interface needing authentication by creating an authority annotation PrivilegeFefination; scanning all RequestMappingInfo information marked with permission code annotation PrivilegDefinition in all controllers to generate permission codes for role authorization; the login authentication is passed and the role information authorized by the user is stored in the authentication information; the method can realize that the Filter InvociationSecurityMetadataSource interface returns all role information with the current UR access authority, realize that the Access decision Voter interface self-defines an access authority voter, judge the role of login authentication information and the role with the URL authority in a voting mode, and realize dynamic authentication. The method is convenient to operate and maintain later, can realize quick authentication, authorization, attack protection and the like, can effectively ensure the safety and maintainability of the system, and has strong practicability and high popularization.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims thereof.
Drawings
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail with reference to the accompanying drawings, in which:
FIG. 1 is a block flow diagram of the present invention.
Detailed Description
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be understood that the preferred embodiments are illustrative of the invention only and are not limiting upon the scope of the invention.
As shown in fig. 1, a dynamic URL authentication method based on SpringSecurity specifically includes the following steps:
s1, creating an authority annotation PrivilegeFefination to label an interface needing authentication;
s2, scanning all RequestMappingInfo information marked with permission code annotation PrivilegeFfinition in all controllers to generate permission codes to authorize roles;
s3, the login authentication is passed and the role information authorized by the user is stored in the authentication information;
s4, creating a Filter InvocationSecurityMetadataSource interface, and returning all role information with current UR access authority;
s5, voting a role containing login authentication information and a role with URL authority through an access precision Voter interface user-defined access authority voter;
s6, if the vote is passed, the authentication is passed and the access is allowed;
if the vote is not passed, the access is refused, and the abnormal system of the current system is converted and returned to the front end for display.
In step S1, generating authority code information by labeling URLs in the handlemapping information that needs to be authenticated in all controllers.
In step S2, by scanning the RequestMappingInfo information labeled with the PrivilegeDefinition annotation in all controllers, the URL is obtained from the RequestMappingInfo information and converted into the authority code information to authorize the role of the user.
In step S3, after the user provides the user name and password and passes the authentication, the role information of the user is loaded and stored in the authentication information, and it is subsequently determined whether the user has the right to access the protected resource.
In step S4, interface creation is performed through Collection < ConfigAttribute > getAttributes (Object) through (LegeImagementException), according to the requested URL obtained from the Object parameter, all the role codes having authority to the URL are queried from the database and packaged into a configAttribute set for returning.
A set of ConfigAttribute objects is created by Collection < ConfigAttribute >, and if the security object is not supported by the current SecurityMetadataSource object, an exception ilegalargumentexception is thrown.
In step S5, it is responsible for voting the authorization decision, and obtaining the existing role code from the authentication information. The authorization results are three in total, namely consent, disclaimer and objection. Under the condition that a plurality of rules may exist in the current access, each accessdecisionVoter throws its own ticket, and finally, after all voters are voted by the AccessDecisionManager, the final authorization decision is made.
In step S6, the user is rejected to throw out an exception when accessing the protected URL, makes a page request process in the AccessDeniedHandler that is default for Spring, and returns to the front end for presentation after conversion according to the exception system of the current system.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and any simple modification, equivalent change and modification made to the above embodiment according to the technical spirit of the present invention without departing from the technical spirit of the present invention are within the scope of the present invention.
Claims (8)
1. A dynamic URL authentication method based on SpringSecurity is characterized by comprising the following steps:
s1, creating an authority annotation PrivilegeFefination to label an interface needing authentication;
s2, scanning all RequestMappingInfo information marked with authority code annotation PrivilegeDefinition in all controllers to generate authority codes for role authorization;
s3, the login authentication is passed and the role information authorized by the user is stored in the authentication information;
s4, creating a Filter InvocationSecurityMetadataSource interface, and returning all role information with current UR access authority;
s5, voting a role containing login authentication information and a role with URL authority through an Access precision Voter interface custom access authority voter;
s6, if the vote is passed, the authentication is passed and the access is allowed;
if the vote is not passed, the access is refused, and the abnormal system of the current system is converted and returned to the front end for display.
2. The SpringSecurity-based dynamic URL authentication method according to claim 1, wherein: in step S1, all URLs in Handlermapping information needing authentication in a Controller are marked to generate authority code information.
3. The dynamic URL authentication method based on SpringSecurability according to claim 1, wherein: in step S2, by scanning the RequestMappingInfo information labeled with the PrivilegeDefinition annotation in all controllers, the URL is obtained from the RequestMappingInfo and converted into the authority code information to authorize the role of the user.
4. The SpringSecurity-based dynamic URL authentication method according to claim 1, wherein: in step S3, after the user provides the user name and the password passes the authentication, the role information of the user is loaded and stored in the authentication information, and whether the user has the authority to access the protected resource is judged subsequently.
5. The SpringSecurity-based dynamic URL authentication method according to claim 1, wherein: in step S4, an interface is created through Collection < ConfigAttribute > getAttributes > throws illegalargementexception, and according to the URL of the request obtained from the Object parameter, all the role codes having authority to the URL are queried from the database and packaged into a ConfigAttribute set for returning.
6. The SpringSecurity-based dynamic URL authentication method according to claim 5, wherein: a set of ConfigAttribute objects is created from Collection < ConfigAttribute >, and if the security object is not supported by the current SecurityMetadataSource object, an exception illegamentexception is thrown.
7. The SpringSecurity-based dynamic URL authentication method according to claim 1, wherein: step S5, voting is carried out on the authorization decision, and the existing role code is obtained from the authentication information; the authorization result includes approval, abstinence and objection, and under the condition that a plurality of rules may exist in the current access, each accessdecisionVoter casts the vote thereof, and finally, the AccessDecisionManager counts all voters for voting to make the final authorization decision.
8. The SpringSecurity-based dynamic URL authentication method according to claim 1, wherein: in step S6, when the user is denied the exception thrown out when accessing the protected URL, the page request is processed in the AccessDeniedHandler that is default for Spring, and the page request is converted according to the exception system of the current system and then returned to the front end for presentation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211602528.7A CN115913762A (en) | 2022-12-14 | 2022-12-14 | Dynamic URL authentication method based on SpringSecurity |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211602528.7A CN115913762A (en) | 2022-12-14 | 2022-12-14 | Dynamic URL authentication method based on SpringSecurity |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115913762A true CN115913762A (en) | 2023-04-04 |
Family
ID=86496116
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211602528.7A Pending CN115913762A (en) | 2022-12-14 | 2022-12-14 | Dynamic URL authentication method based on SpringSecurity |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115913762A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116167028A (en) * | 2023-04-21 | 2023-05-26 | 云筑信息科技(成都)有限公司 | Authority authentication method |
-
2022
- 2022-12-14 CN CN202211602528.7A patent/CN115913762A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116167028A (en) * | 2023-04-21 | 2023-05-26 | 云筑信息科技(成都)有限公司 | Authority authentication method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210314312A1 (en) | System and method for transferring device identifying information | |
US10754826B2 (en) | Techniques for securely sharing files from a cloud storage | |
CN110149328B (en) | Interface authentication method, device, equipment and computer readable storage medium | |
US8490154B2 (en) | Method and system for authentication by defining a demanded level of security | |
CN101286845B (en) | Control system for access between domains based on roles | |
US20080052527A1 (en) | method and system for authenticating and validating identities based on multi-modal biometric templates and special codes in a substantially anonymous process | |
US20080290988A1 (en) | Systems and methods for controlling access within a system of networked and non-networked processor-based systems | |
CN102457377A (en) | Role-based web remote authentication and authorization method and system thereof | |
CN105933245B (en) | Safe and trusted access method in software defined network | |
CN106534199A (en) | Distributed system authentication and permission management platform based on XACML and SAML under big data environment | |
CN107026825A (en) | A kind of method and system for accessing big data system | |
CN102571873B (en) | Bidirectional security audit method and device in distributed system | |
CN111797418B (en) | Online service control method and device, service terminal, server and storage medium | |
CN106101054A (en) | The single-point logging method of a kind of multisystem and centralized management system | |
CN102571874B (en) | On-line audit method and device in distributed system | |
CN115913762A (en) | Dynamic URL authentication method based on SpringSecurity | |
CN114021109A (en) | System and method for realizing identity authentication and access management of workshop-level industrial control system in tobacco industry | |
CN115130122A (en) | Big data security protection method and system | |
CN116455668A (en) | User trust measurement method and system in zero trust network environment | |
CN107395577B (en) | Large-scale electric power enterprise salary safety coefficient | |
CN104994086B (en) | A kind of control method and device of data-base cluster permission | |
US7523488B2 (en) | Method for performing data access transformation with request authorization processing | |
CN109495514A (en) | Role access control system and method based on edge terminal | |
CN216122450U (en) | Power grid safety audit system | |
CN112966235B (en) | Big data component access control method and system of intelligent education platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication |