spring boot security 自定义登陆、成功处理、失败处理

spring security 自定义登录，推荐文章地址：https://www.jianshu.com/p/779d3071e98d

 

附加信息项，自定义登录成功与失败

定义自定义成功处理类，继承SavedRequestAwareAuthenticationSuccessHandler  

@Component("myAuthenctiationSuccessHandler")
public class MyAuthenctiationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler  {
	private Logger logger = LoggerFactory.getLogger(getClass());
	@Autowired
	private ObjectMapper objectMapper;

	@Override
	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
			throws IOException, ServletException {
		logger.info("登录成功");
		response.setContentType("application/json;charset=UTF-8");
		response.getWriter().write( objectMapper.writeValueAsString(authentication));
	}
}

 

定义自定义失败处理类 继承 SimpleUrlAuthenticationFailureHandler

@Component("myAuthenctiationFailureHandler")
public class MyAuthenctiationFailureHandler extends SimpleUrlAuthenticationFailureHandler  {
	private Logger logger = LoggerFactory.getLogger(getClass());
	@Autowired
	private ObjectMapper objectMapper;

	@Override
	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
			throws IOException, ServletException {
		logger.info("进入认证失败处理类");
//		response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
		response.setContentType("application/json;charset=UTF-8");
		//转发到login
//		request.getRequestDispatcher("/login?error="+exception.getMessage()).forward(request, response);
		
		response.sendRedirect("/login?error="+objectMapper.writeValueAsString(exception.getMessage())); 
		return;
	}
}

 

将自定义处理类加入配置

注意：

网上默认添加认证成功处理类在我们自己定义的安全配置类中  BrowerSecurityConfig extends WebSecurityConfigurerAdapter

configure 方法中设置添加

    @Autowired
    MyAuthenctiationSuccessHandler myAuthenctiationSuccessHandler;		//认证成功处理类
    @Autowired
    MyAuthenctiationFailureHandler myAuthenctiationFailureHandler;		//认证失败处理类

	@Override
    protected void configure(HttpSecurity http) throws Exception {

        http.formLogin()                    //  定义当需要用户登录时候，转到的登录页面。
            .loginPage("/login")          // 设置登录页面
            .successHandler(myAuthenctiationSuccessHandler) // 自定义登录成功处理 
            .failureHandler(myAuthenctiationFailureHandler); // 自定义登录失败处理
        ... 此处省略不关键代码
}

当我们使用了自定义过滤器（BhAuthenticationFilter 继承至 AbstractAuthenticationProcessingFilter）开头链接文章有讲解如何自定义过滤器，自定义登录等。

 

使用自定义过滤器后在configure 方法中的http 设置了自定义登录成功与登录失败处理（如上） 不生效

解决办法：需要定义 filter的bean上设置。

例如：

    @Bean
    public BhAuthenticationFilter bhAuthenticationFilter() {
        BhAuthenticationFilter filter = new BhAuthenticationFilter();
        filter.setAuthenticationManager(authenticationManager);
        filter.setAuthenticationFailureHandler(myAuthenctiationFailureHandler); //处理失败
        filter.setAuthenticationSuccessHandler(myAuthenctiationSuccessHandler); //处理成功
        return filter;
    }

学习spring security 遇到的坑，仅供参考。