配置插件 package com.imoke.web.Async; import com.aimuke.security.brewoser.anth.AuthenticationUnsucessFulHandler; import com.aimuke.security.brewoser.anth.ImoocAuthenticationSuccessHandler; import com.imoke.security.SecurityProperties.SecurityProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @Configuration public class brwoserConfig extends WebSecurityConfigurerAdapter { @Autowired private SecurityProperties securityProperties; @Autowired private ImoocAuthenticationSuccessHandler imoocAuthenticationSuccessHandler; @Autowired private AuthenticationUnsucessFulHandler authenticationUnsucessFulHandler; @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin() /* http.httpBasic()*/ .loginPage("/users") .loginProcessingUrl("/users/loginuser") .successHandler(imoocAuthenticationSuccessHandler) .failureHandler(authenticationUnsucessFulHandler) .and() .csrf().disable()//关闭csrf .authorizeRequests() .antMatchers("/users", securityProperties.browser.getLoginPage()).permitAll()//当是这个页面是不需要身份认证 //授权认证 .anyRequest()//任何请求 .authenticated();//都需要安全认证 /*username-parameter:表示登录时用户名使用的是哪个参数,默认是“j_username”。 password-parameter:表示登录时密码使用的是哪个参数,默认是“j_password”。 login-processing-url:表示登录时提交的地址,默认是“/j-spring-security-check”。这个只是Spring Security用来标记登录页面使用的提交地址,真正关于登录这个请求是不需要用户自己处理的 */ } }
失败后的
package com.aimuke.security.brewoser.anth; import com.fasterxml.jackson.databind.ObjectMapper; import com.imoke.security.SecurityProperties.SecurityProperties; import com.imoke.security.SecurityProperties.properties.LoginResponseType; import com.imoke.web.support.SimpleResponse; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @Slf4j public class AuthenticationUnsucessFulHandler extends SimpleUrlAuthenticationFailureHandler { @Autowired private SecurityProperties securityProperties; @Autowired ObjectMapper objectMapper; @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { logger.info("登录失败"); if(LoginResponseType.JSON.equals(securityProperties.getBrowser().getLoginType())){ log.info("securityProperties.getBrowser().getLoginType()"+securityProperties.getBrowser().getLoginType()); response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); response.setContentType("application/json;charset=UTF-8"); response.getWriter().write(objectMapper.writeValueAsString(new SimpleResponse(exception.getMessage()))); }else { super.onAuthenticationFailure(request, response, exception); } } }
成功跳转
package com.aimuke.security.brewoser.anth; /** * */ import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.imoke.security.SecurityProperties.SecurityProperties; import com.imoke.security.SecurityProperties.properties.LoginResponseType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.stereotype.Component; import com.fasterxml.jackson.databind.ObjectMapper; /** * @author 35-pxiaodong * */ @Component("imoocAuthenticationSuccessHandler") public class ImoocAuthenticationSuccessHandler implements AuthenticationSuccessHandler { private Logger logger = LoggerFactory.getLogger(getClass()); @Autowired private ObjectMapper objectMapper; @Autowired private SecurityProperties securityProperties; /* * (non-Javadoc) * * @see org.springframework.security.web.authentication. * AuthenticationSuccessHandler#onAuthenticationSuccess(javax.servlet.http. * HttpServletRequest, javax.servlet.http.HttpServletResponse, * org.springframework.security.core.Authentication) */ @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { if (LoginResponseType.JSON.equals(securityProperties.getBrowser().getLoginType())) { logger.info("登录成功"); response.setContentType("application/json;charset=UTF-8"); response.getWriter().write(objectMapper.writeValueAsString(authentication)); } else { logger.info("有问题"); } } }