spring security 自定义登录,推荐文章地址:https://www.jianshu.com/p/779d3071e98d
附加信息项,自定义登录成功与失败
定义自定义成功处理类,继承SavedRequestAwareAuthenticationSuccessHandler
@Component("myAuthenctiationSuccessHandler")
public class MyAuthenctiationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
private Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
private ObjectMapper objectMapper;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
logger.info("登录成功");
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write( objectMapper.writeValueAsString(authentication));
}
}
定义自定义失败处理类 继承 SimpleUrlAuthenticationFailureHandler
@Component("myAuthenctiationFailureHandler")
public class MyAuthenctiationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
private Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
private ObjectMapper objectMapper;
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
logger.info("进入认证失败处理类");
// response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
response.setContentType("application/json;charset=UTF-8");
//转发到login
// request.getRequestDispatcher("/login?error="+exception.getMessage()).forward(request, response);
response.sendRedirect("/login?error="+objectMapper.writeValueAsString(exception.getMessage()));
return;
}
}
将自定义处理类加入配置
注意:
网上默认添加认证成功处理类在我们自己定义的安全配置类中 BrowerSecurityConfig extends WebSecurityConfigurerAdapter
configure 方法中设置添加
@Autowired
MyAuthenctiationSuccessHandler myAuthenctiationSuccessHandler; //认证成功处理类
@Autowired
MyAuthenctiationFailureHandler myAuthenctiationFailureHandler; //认证失败处理类
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin() // 定义当需要用户登录时候,转到的登录页面。
.loginPage("/login") // 设置登录页面
.successHandler(myAuthenctiationSuccessHandler) // 自定义登录成功处理
.failureHandler(myAuthenctiationFailureHandler); // 自定义登录失败处理
... 此处省略不关键代码
}
当我们使用了自定义过滤器(BhAuthenticationFilter 继承至 AbstractAuthenticationProcessingFilter)开头链接文章有讲解如何自定义过滤器,自定义登录等。
使用自定义过滤器后在configure 方法中的http 设置了自定义登录成功与登录失败处理(如上) 不生效
解决办法:需要定义 filter的bean上设置。
例如:
@Bean
public BhAuthenticationFilter bhAuthenticationFilter() {
BhAuthenticationFilter filter = new BhAuthenticationFilter();
filter.setAuthenticationManager(authenticationManager);
filter.setAuthenticationFailureHandler(myAuthenctiationFailureHandler); //处理失败
filter.setAuthenticationSuccessHandler(myAuthenctiationSuccessHandler); //处理成功
return filter;
}
学习spring security 遇到的坑,仅供参考。