使用 successForwardUrl()时表示成功后转发请求到地址。内部是
通过 successHandler()方法进行控制成功后交给哪个类进行处理
ForwardAuthenticationSuccessHandler 内部就是最简单的请求转
发。由于是请求转发,当遇到需要跳转到站外或在前后端分离的项目
中就无法使用了。
package com.wyt.handler;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
*自定义成功界面
**/
public class MyAuth implements AuthenticationSuccessHandler {
private String url;
public MyAuth(String url) {
this.url = url;
}
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
httpServletResponse.sendRedirect(url);
}
}
package com.wyt.config;
import com.wyt.handler.MyAuth;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
*
**/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginProcessingUrl("/login")
.failureForwardUrl("/fail")
.successHandler(new MyAuth("http://www.baidu.com")).loginPage("/login.html");
//url拦截
http.authorizeRequests()
.antMatchers("/login.html").permitAll()//loigin.html被放行
.antMatchers("/fail.html").permitAll()
.anyRequest().authenticated();//所有的请求都必须被认证
//关闭csrf
http.csrf().disable();
}
//关闭csrf
//采用哪种加密算法
@Bean
public PasswordEncoder getPe(){
return new BCryptPasswordEncoder();
}
}