SpringSecurity系列——访问权限判断(权限,角色,IP),权限不足(403)处理day6-1(源于官网5.7.2版本)
前言
为了你对本文的内容不产生疑惑请先看下方说明
说明
关于本文的测试用户
本文测试用户为:
- 用户名:user1,密码:123,角色信息:
user,admin
,权限信息:ROLE_user, ROLE_admin
- 用户名:user2,密码:456,角色信息:
guest
,权限信息:ROLE_guest
关于本文的其他类
AuthenticationEvents
package com.example.test1.config;
import org.springframework.context.event.EventListener;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.authorization.event.AuthorizationDeniedEvent;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
@Component
public class AuthenticationEvents {
@EventListener
public void InteractiveSuccess(InteractiveAuthenticationSuccessEvent event){
System.out.println("interactive success");
System.out.println(event.getAuthentication().getAuthorities());
System.out.println(event.getAuthentication().getPrincipal());
// System.out.println(event.getAuthentication());
}
@EventListener
public void onFailure(AbstractAuthenticationFailureEvent failureEvent){
System.out.println("fail....");
System.out.println(failureEvent.getAuthentication());
System.out.println(failureEvent.getException());
}
DefineLogoutSuccessHandler
package com.example.test1.config;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
public class DefineLogoutSuccessHandler