1. 新建SpringBoot工程
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/898a46e7deb3ea2209219743db8a6931.png#pic_center)
2. 项目依赖
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
</dependencies>
3. 定义登录成功处理器
- 新建一个类实现AuthenticationSuccessHandler
- 重写onAuthenticationSuccess方法
package zw.springboot.controller;
import lombok.SneakyThrows;
import org.json.JSONObject;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler
{
@SneakyThrows
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException
{
response.setCharacterEncoding("UTF-8");
JSONObject object = new JSONObject();
object.put("code", 1);
object.put("msg", "登录成功");
response.setContentType("application/json;charset=utf-8");
PrintWriter pw = response.getWriter();
pw.print(object.toString());
pw.close();
}
}
4. 定义登录失败处理器
- 新建一个类实现AuthenticationFailureHandler接口
- 重写onAuthenticationFailure方法
package zw.springboot.controller;
import lombok.SneakyThrows;
import org.json.JSONObject;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
@Component
public class LoginErrorHandler implements AuthenticationFailureHandler
{
@SneakyThrows
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException) throws IOException, ServletException
{
response.setCharacterEncoding("UTF-8");
JSONObject object = new JSONObject();
object.put("code", -1);
object.put("msg", "登录失败");
response.setContentType("application/json;charset=utf-8");
PrintWriter pw = response.getWriter();
pw.print(object.toString());
pw.close();
}
}
5. 安全认证配置类
package zw.springboot.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
private AuthenticationSuccessHandler loginSuccessHandler;
@Autowired
private AuthenticationFailureHandler loginErrorHandler;
@Bean
@Override
protected UserDetailsService userDetailsService()
{
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("admin").password(passwordEncoder().encode("123456")).authorities("p1").build());
manager.createUser(User.withUsername("user").password(passwordEncoder().encode("654321")).authorities("p2").build());
return manager;
}
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.authorizeRequests()
.antMatchers("/**").authenticated()
.and()
.formLogin()
.successHandler(loginSuccessHandler)
.failureHandler(loginErrorHandler);
}
}
6. 项目运行测试
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/1108880ffc60136bb8fde744011063de.png#pic_center)
7. 登录成功测试
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/1e561f42077ccf29ebb2b51b0d256125.png#pic_center)
8. 登录失败测试
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/779fcc3ea74c5ecb215a8929c6d40ed9.png#pic_center)