編集履歴

質問編集履歴

実装の修正

2020/08/18 13:05

投稿

Linkey

スコア77

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -180,7 +180,7 @@
 			.successHandler(new AppAuthenticationSuccessHandler())
-			.usernameParameter("user")
+			.usernameParameter("name")
 			.passwordParameter("password")

実装の修正

2020/08/18 13:05

投稿

Linkey

スコア77

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -202,7 +202,7 @@
-//	private static final Logger logger = LoggerFactory.getLogger("dm_log");
+//	private static final Logger logger = LoggerFactory.getLogger("test_log");
 	private SessionRegistry sessionRegistry;

実装の追加

2020/08/18 13:03

投稿

Linkey

スコア77

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -316,6 +316,48 @@
+AppAuthenticationProvider.java
+```Java
+public class AppAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
+	@Override
+	protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
+			throws AuthenticationException {
+		System.out.println("ユーザー名：" + username);
+		System.out.println("パスワード：" + authentication.getCredentials().toString());
+        // 動作確認のため一旦、例外をスローする
+		throw new AuthenticationException("ログインに失敗") {
+			/**
+			 *
+			 */
+			private static final long serialVersionUID = 1L;
+		};
+    }
+}
+```
 pom.xml
 ```xml

実装の追加

2020/08/18 12:57

投稿

Linkey

スコア77

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -224,8 +224,6 @@
 	public FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException {
-		// logger.debug("Portal Firewall Check [IN]");
 		System.out.println("検知したリクエストURL:" + request.getRequestURL());

実装の追加

2020/08/18 12:51

投稿

Linkey

スコア77

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -194,6 +194,130 @@
+AppHttpFirewall.java
+```java
+public class AppHttpFirewall extends StrictHttpFirewall {
+//	private static final Logger logger = LoggerFactory.getLogger("dm_log");
+	private SessionRegistry sessionRegistry;
+	public AppHttpFirewall(SessionRegistry sessionRegistry) {
+		super();
+		this.sessionRegistry = sessionRegistry;
+		return;
+	}
+	@Override
+	public FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException {
+		// logger.debug("Portal Firewall Check [IN]");
+		System.out.println("検知したリクエストURL:" + request.getRequestURL());
+		String userId = "";
+		String cookieCerfToken = null;
+		String userAgent = request.getHeader("user-agent");
+		Cookie csrfToken = WebUtils.getCookie(request, "_csrf");
+		if(Objects.nonNull(csrfToken)) {
+			cookieCerfToken = csrfToken.getValue();
+		}
+		// セッションレジストリーからユーザー情報を取得しユーザIDを取得する
+		SessionInformation sessionInfo = sessionRegistry.getSessionInformation(request.getSession().getId());
+		if(Objects.nonNull(sessionInfo)) {
+			Object principal = sessionInfo.getPrincipal();
+			if(principal instanceof UserDetails) {
+				DMUser user = (DMUser) principal;
+				userId = user.getUser().getUserId();
+			}
+		}
+		try {
+			return super.getFirewalledRequest(request);
+		} catch (RequestRejectedException e) {
+			// 認証情報をクリアする
+			SecurityContextHolder.clearContext();
+			request.getSession().invalidate();
+			// logger.error("リクエストURL不正")
+			return new FirewalledRequest(request) {
+				@Override
+				public void reset() {
+					return;
+				}
+			};
+		}
+	}
+	@Override
+	public HttpServletResponse getFirewalledResponse(HttpServletResponse response) {
+		// TODO 自動生成されたメソッド・スタブ
+		return super.getFirewalledResponse(response);
+	}
+}
+```
 pom.xml
 ```xml

プログラム実装内容の修正

2020/08/18 12:50

投稿

Linkey

スコア77

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -178,7 +178,7 @@
 			.failureHandler(new AppAuthenticationFailureHandler()) //認証失敗時
-			.successHandler(new AppAuthenticationSuccessHandler(dmCryptoConfigurtion))
+			.successHandler(new AppAuthenticationSuccessHandler())
 			.usernameParameter("user")

クラスを追加

2020/08/18 00:37

投稿

Linkey

スコア77

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -122,6 +122,78 @@
+AppSecurityConfig.java
+```Java
+@Configuration
+@EnableWebSecurity
+public class AppSecurityConfig  extends WebSecurityConfigurerAdapter {
+	@Override
+	public void configure(WebSecurity web) throws Exception {
+		web.ignoring().antMatchers("/css/**", "/js/**");
+		web.httpFirewall(new AppHttpFirewall(sessionRegistry));
+	}
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http.sessionManagement()
+			.maximumSessions(1)
+			.maxSessionsPreventsLogin(true)
+			.sessionRegistry(sessionRegistry())
+		.and()
+		.sessionFixation().newSession();
+		http.authorizeRequests()
+			.mvcMatchers(HttpMethod.GET, "/").permitAll()
+			.mvcMatchers(HttpMethod.POST, "/register", "/authenticate").permitAll()
+			.anyRequest().authenticated();
+		http.formLogin()
+			.loginProcessingUrl("/authenticate") //　ログイン処理URL
+			.failureHandler(new AppAuthenticationFailureHandler()) //認証失敗時
+			.successHandler(new AppAuthenticationSuccessHandler(dmCryptoConfigurtion))
+			.usernameParameter("user")
+			.passwordParameter("password")
+			.permitAll();
+        }
+}
+```
 pom.xml
 ```xml