一、定制失败页面
- 登录成功之后可以跳转到指定地址,登录失败之后也可以跳转到对应地址
- 编写错误页面error.html
<!DOCTYPE html>
<html lang="zh">
<head>
<meta charset="UTF-8">
<title>登录失败</title>
</head>
<body>
<h3>登录失败,请重新<a href="/login.html">登录</a></h3>
</body>
</html>
- 在授权配置里面允许错误页面访问不需要权限
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/login")
.successForwardUrl("/toCore")
.failureForwardUrl("/toError");
http.authorizeRequests()
.antMatchers("/login.html").permitAll()
.antMatchers("/error.html").permitAll()
.anyRequest().authenticated();
http.csrf().disable();
}
@RequestMapping("/toError")
public String error() {
return "redirect:/error.html";
}
二、定制失败处理器
- 同成功处理器一样,失败后会调用对应失败处理器进行处理ForwardAuthenticationFailureHandler
- org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler
- 内部设置了错误信息之后也是转发到服务器内部地址,如果自定义处理则需要指定错误处理器
- 实现AuthenticationFailureHandler接口指定自定义处理,例如也是重定向
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Slf4j
public class AdvanceAuthenticationFailureHandler implements AuthenticationFailureHandler {
private final String url;
public AdvanceAuthenticationFailureHandler(String url) {
this.url = url;
}
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
log.error("登录失败【{}】", exception.getMessage());
response.sendRedirect(url);
}
}
- 在formLogin() 中指定处理规则
- failureHandler(new AdvanceAuthenticationFailureHandler(“http://www.codecoord.com”))
- 指定鉴权失败处理器,指定之后上面失败跳转配置失效
http.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/login")
.successForwardUrl("/toCore")
.failureForwardUrl("/toError")
.usernameParameter("username")
.passwordParameter("password")
.failureHandler(new AdvanceAuthenticationFailureHandler("http://www.codecoord.com"));
- 失败处理器中可以按照具体业务场景实现,例如前后分离项目中可能需要返回对应的信息而不是返回页面