SpringSecurity 登陆验证 success 和 fail 的处理


<pre name="code" class="html"><http auto-config="true" use-expressions="true">
<form-login

	      login-page="/login"
		  authentication-success-handler-ref="customAuthenticationSuccessHandler"
		  authentication-failure-handler-ref="authenticationFailureHandler"
		  username-parameter="username"
		  password-parameter="password" />


	<logout invalidate-session="true" logout-success-url="/login?logOutMsg=1" logout-url="/j_spring_security_logout" delete-cookies="JSESSIONID" />
	<session-management invalid-session-url="/login?logOutMsg=1">
		<concurrency-control max-sessions="1" expired-url="/login?sessionInvalid=1" />
	</session-management>
	 
	</http>
	
	<beans:bean id="authenticationFailureHandler" class="com.tang.UsernameStoringUrlAuthenticationFailureHandler" >
		<beans:property name="defaultFailureUrl" value="/login?loginError=1"/>
	</beans:bean>
	
	<beans:bean id="customAuthenticationSuccessHandler" class="com.tang.service.CustomAuthenticationSuccessHandler"></beans:bean>




<pre name="code" class="java">public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {  
	
	private static final Logger logger = LoggerFactory.getLogger(CustomAuthenticationSuccessHandler.class);
  
    @Override  
    public void onAuthenticationSuccess(HttpServletRequest request,  
                                        HttpServletResponse reponse,  
                                        Authentication authentication)  
            throws IOException, ServletException {  
         //这里可以做success的处理
                    //do some logic here if you want something to be done whenever  
        //the user successfully logs in.  
    	 
        request.getSession(true).setAttribute("SPRING_SECURITY_FROM_LOGIN_SUCCESS", "TRUE");  
  
        //set our response to OK status  
        reponse.setStatus(HttpServletResponse.SC_OK);  
  
        //since we have created our custom success handler, its up to us to where  
        //we will redirect the user after successfully login  
        reponse.sendRedirect("home");  
    }  
}  




public class UsernameStoringUrlAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler
{
	 private static final Logger logger = LoggerFactory.getLogger(UsernameStoringUrlAuthenticationFailureHandler.class);
    @Override
    public void onAuthenticationFailure (HttpServletRequest request, HttpServletResponse response,
            AuthenticationException exception) throws IOException, ServletException
    {
    	
    	//这里可以做fail的处理
        request.getSession (true).setAttribute ("SPRING_SECURITY_LAST_USERNAME", request.getParameter ("username"));
        super.onAuthenticationFailure (request, response, exception);
    }
}





阅读更多
想对作者说点什么?

博主推荐

换一批

没有更多推荐了,返回首页