SpringSecurity自定义成功失败处理器的示例代码

SpringSecurity自定义成功失败处理器的示例代码

1. 新建SpringBoot工程

2. 项目依赖

org.springframework.boot

spring-boot-starter-security

org.springframework.boot

spring-boot-starter-thymeleaf

org.springframework.boot

spring-boot-starter-web

org.springframework.boot

spring-boot-starter-tomcat

provided

org.projectlombok

lombok

org.springframework.boot

spring-boot-starter-test

3. 定义登录成功处理器

新建一个类实现AuthenticationSuccessHandler

重写onAuthenticationSuccess方法

package zw.springboot.controller;

import lombok.SneakyThrows;

import org.json.JSONObject;

import org.springframework.security.core.Authentication;

import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import org.springframework.stereotype.Component;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import java.io.PrintWriter;

/**

* @className LoginSuccessHandler

* @description 登录成功处理器

* @author 周威

* @date 2020-09-03 13:50

**/

@Component

public class LoginSuccessHandler implements AuthenticationSuccessHandler

{

@SneakyThrows

@Override

public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException

{

// 设置response缓冲区字符集

response.setCharacterEncoding("UTF-8");

// 定义一个JSONObject对象

JSONObject object = new JSONObject();

// 填写登录成功响应信息

object.put("code", 1);

object.put("msg", "登录成功");

// 设置响应头

response.setContentType("application/json;charset=utf-8");

// 获得打印输出流

PrintWriter pw = response.getWriter();

// 向客户端写入一个字符串

pw.print(object.toString());

// 关闭流资源

pw.close();

}

}

4. 定义登录失败处理器新建一个类实现AuthenticationFailureHandler接口重写onAuthenticationFailure方法

package zw.springboot.controller;

import lombok.SneakyThrows;

import org.json.JSONObject;

import org.springframework.security.core.AuthenticationException;

import org.springframework.security.web.authentication.AuthenticationFailureHandler;

import org.springframework.stereotype.Component;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import java.io.PrintWriter;

/**

* @className LoginErrorHandler

* @description 登录失败处理器

* @author 周威

* @date 2020-09-03 13:57

**/

@Component

public class LoginErrorHandler implements AuthenticationFailureHandler

{

@SneakyThrows

@Override

public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException) throws IOException, ServletException

{

// 设置response缓冲区字符集

response.setCharacterEncoding("UTF-8");

// 定义一个JSONObject对象

JSONObject object = new JSONObject();

// 填写登录失败响应信息

object.put("code", -1);

object.put("msg", "登录失败");

// 设置响应头

response.setContentType("application/json;charset=utf-8");

// 获得打印输出流

PrintWriter pw = response.getWriter();

// 向客户端写入一个字符串

pw.print(object.toString());

// 关闭流资源

pw.close();

}

}

5. 安全认证配置类

package zw.springboot.config;

import org.sphttp://ringframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.core.userdetails.User;

import org.springframework.security.core.userdetails.UserDetailsService;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.security.provisioning.InMemoryUserDetailsManager;

import org.springframework.security.web.authentication.AuthenticationFailureHandler;

import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

/**

* @className SpringSecurityConfig

* @description 安全人认证配置类

* @author 周威

* @date 2020-09-03 13:42

**/

@EnableWebSecurity

public class SpringSecurityConfig extends WebSecurityConfigurerAdapter

{

@Autowired

private AuthenticationSuccessHandler loginSuccessHandler;

@Autowired

private AuthenticationFailureHandler loginErrorHandler;

// 定义用户信息服务

@Bean

@Override

protected UserDetailsService userDetailsService()

{

InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();

// 模拟两个用户身份

manager.createUser(User.withUsername("admin").password(passwordEncoder().encode("123456")).authorities("p1").build());

manager.createUser(User.withUsername("user").password(passwordEncoder().encode("654321")).authorities("p2").build());

return manager;

}

// 定义密码加密器

@Bean

public PasswordEncoder passwordEncoder()

{

return new BCryptPasswordEncoder();

}

// 定义拦截机制

@Override

protected void configure(HttpSecurity http) throws Exception

{

http

.authorizeRequests()

// 设置哪些请求需要认证

.antMatchers("/**").authenticated()

.and()

// 启用表单登录认证

.formLogin()

// 指定登录成功处理器

.successHandler(loginSuccessHandler)

// 指定登录失败处理器

.failureHandler(loginErrorHandler);

}

}

6. 项目运行测试

7. 登录成功测试

8. 登录失败测试

总结

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。