- 失败处理流程 继承AuthenticationFailureHandler 接口
@Component("MyAuthenticationFailureHandler")
public class MyAuthenticationFailureHandler implements AuthenticationFailureHandler {
protected Logger logger= LoggerFactory.getLogger(getClass());
@Autowired
ObjectMapper objectMapper;
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
logger.info("登录失败:");
//这里可以自定义失败处理的数据格式
httpServletResponse.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
httpServletResponse.setContentType("application/json;charset=utf-8");
httpServletResponse.getWriter().write(objectMapper.writeValueAsString(e));
}
}
- 成功处理流程继承 AuthenticationSuccessHandler
@Component("MyAuthenticationSuccessHandler")
public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
protected Logger logger= LoggerFactory.getLogger(getClass());
@Autowired
ObjectMapper objectMapper;
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
logger.info("登录成功:");
//这里可以自己定义返回的数据结构 我在这里返回的是 authentication 的内容,authentication 里面包含
//用户信息,ip信息、等
httpServletResponse.setContentType("application/json;charset=utf-8");
httpServletResponse.getWriter().write(objectMapper.writeValueAsString(authentication));
}
}
3.修改配置项 WebSecurityConfigurerAdapter
@Configuration
public class MySecurityConfigurer extends WebSecurityConfigurerAdapter {
//引入成功配置注解
@Autowired
AuthenticationSuccessHandler MyAuthenticationSuccessHandler;
//引入失败配置注解
@Autowired
AuthenticationFailureHandler MyAuthenticationFailureHandler;
@Bean
PasswordEncoder passwordEncoder()
{
// return NoOpPasswordEncoder.getInstance();
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//formlogin登录
http.formLogin()
//自定义的登录页面
.loginPage("/login.html")
//让form表单的用户名和密码走 系统认证
.loginProcessingUrl("/login/form")
.successHandler(MyAuthenticationSuccessHandler)
.failureHandler(MyAuthenticationFailureHandler)
.and()
//任何请求都进行拦截
.authorizeRequests()
//不需要身份认证的项目。匹配器
.antMatchers("/login.html").permitAll()
//所有的请求
.anyRequest()
//都要身份认证
.authenticated()
.and()
//跨站请求关掉
.csrf().disable();
}
}
4.登录失败演示
5.登录成功演示