spring security 自定义登录,推荐文章地址:https://www.jianshu.com/p/779d3071e98d
附加信息项,自定义登录成功与失败
定义自定义成功处理类,继承SavedRequestAwareAuthenticationSuccessHandler
-
@Component("myAuthenctiationSuccessHandler")
-
public
class
MyAuthenctiationSuccessHandler
extends
SavedRequestAwareAuthenticationSuccessHandler {
-
private
Logger
logger
= LoggerFactory.getLogger(getClass());
-
@Autowired
-
private ObjectMapper objectMapper;
-
-
@Override
-
public
void
onAuthenticationSuccess
(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
-
throws IOException, ServletException {
-
logger.info(
"登录成功");
-
response.setContentType(
"application/json;charset=UTF-8");
-
response.getWriter().write( objectMapper.writeValueAsString(authentication));
-
}
-
}
定义自定义失败处理类 继承 SimpleUrlAuthenticationFailureHandler
-
@Component("myAuthenctiationFailureHandler")
-
public
class
MyAuthenctiationFailureHandler
extends
SimpleUrlAuthenticationFailureHandler {
-
private
Logger
logger
= LoggerFactory.getLogger(getClass());
-
@Autowired
-
private ObjectMapper objectMapper;
-
-
@Override
-
public
void
onAuthenticationFailure
(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
-
throws IOException, ServletException {
-
logger.info(
"进入认证失败处理类");
-
// response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
-
response.setContentType(
"application/json;charset=UTF-8");
-
//转发到login
-
// request.getRequestDispatcher("/login?error="+exception.getMessage()).forward(request, response);
-
-
response.sendRedirect(
"/login?error="+objectMapper.writeValueAsString(exception.getMessage()));
-
return;
-
}
-
}
将自定义处理类加入配置
注意:
网上默认添加认证成功处理类在我们自己定义的安全配置类中 BrowerSecurityConfig extends WebSecurityConfigurerAdapter
configure 方法中设置添加
-
@Autowired
-
MyAuthenctiationSuccessHandler myAuthenctiationSuccessHandler;
//认证成功处理类
-
@Autowired
-
MyAuthenctiationFailureHandler myAuthenctiationFailureHandler;
//认证失败处理类
-
-
@Override
-
protected
void
configure
(HttpSecurity http)
throws Exception {
-
-
http.formLogin()
// 定义当需要用户登录时候,转到的登录页面。
-
.loginPage(
"/login")
// 设置登录页面
-
.successHandler(myAuthenctiationSuccessHandler)
// 自定义登录成功处理
-
.failureHandler(myAuthenctiationFailureHandler);
// 自定义登录失败处理
-
... 此处省略不关键代码
-
}
当我们使用了自定义过滤器(BhAuthenticationFilter 继承至 AbstractAuthenticationProcessingFilter)开头链接文章有讲解如何自定义过滤器,自定义登录等。
使用自定义过滤器后在configure 方法中的http 设置了自定义登录成功与登录失败处理(如上) 不生效
解决办法:需要定义 filter的bean上设置。
例如:
-
@Bean
-
public BhAuthenticationFilter
bhAuthenticationFilter
() {
-
BhAuthenticationFilter
filter
=
new
BhAuthenticationFilter();
-
filter.setAuthenticationManager(authenticationManager);
-
filter.setAuthenticationFailureHandler(myAuthenctiationFailureHandler);
//处理失败
-
filter.setAuthenticationSuccessHandler(myAuthenctiationSuccessHandler);
//处理成功
-
return filter;
-
}
学习spring security 遇到的坑,仅供参考。