SpringSecurity-认证结果处理-第四章

时来时去时不返 2021-01-22 14:43:17

分类专栏： SpringSecurity 文章标签： java

本文链接：https://blog.csdn.net/weixin_53867644/article/details/112984505

版权

认证成功处理
①解决方案
自定义类实现AuthenticationSuccessHandler接口复写 onAuthenticationSuccess方法，该方法其中一个参数是Authentication ，他里面封装了认证信息,用户信息UserDetails等，我们需要在这个方法中使用Response写出json数据即可
②认证成功结果处理
定义AuthenticationSuccessHandler
定义类实现AuthenticationSuccessHandler接口复写onAuthenticationSuccess方法，实现自己的认证成功结果处理

package cn.x.th.config;

import com.alibaba.fastjson.JSON;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {
        Map map = new HashMap<>();
        map.put("success", true);
        map.put("message", "认证成功");
        response.setCharacterEncoding("utf-8");
        response.setHeader("Content-type", "text/html; charset=utf-8");
        response.getWriter().print(JSON.toJSONString(map));
        response.getWriter().flush();
        response.getWriter().close();
    }
}

③导入依赖

		<dependency>
		  <groupId>com.alibaba</groupId>
		  <artifactId>fastjson</artifactId>
		  <version>1.2.50</version>
		</dependency>

④配置AuthenticationSuccessHandler
在SpringSecurity（WebSecurityConfig）配置定义的AuthenticationSuccessHandler

http.formLogin()
		.successHandler(new MyAuthenticationSuccessHandler())//设置认证成功后，handler的处理器
        //.failureHandler(new MyAuthenticationFailureHandler())//设置认证失败后handler的处理器

认证失败结果处理
①解决方案
自定义登录失败的处理，需要实现AuthenticationFailureHandler接口，复写onAuthenticationFailure方法实现自己的认证失败结果处理
②认证失败结果处理

package cn.x.th.config;

import com.alibaba.fastjson.JSON;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

public class MyAuthenticationFailureHandler implements AuthenticationFailureHandler {
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
        Map map = new HashMap<>();
        map.put("success",false);
        map.put("message","认证失败");

        //在返回前端数据时，还可以设置一个http的状态（类似：404、403等）
        response.setCharacterEncoding("utf-8");
        response.setHeader("Content-type", "text/html; charset=utf-8");
        response.setStatus(HttpStatus.UNAUTHORIZED.value());
        response.getWriter().print(JSON.toJSONString(map));
        response.getWriter().flush();
        response.getWriter().close();
    }
}

③配置处理器

http.formLogin()
		.successHandler(new MyAuthenticationSuccessHandler())//设置认证成功后，handler的处理器
        .failureHandler(new MyAuthenticationFailureHandler())//设置认证失败后handler的处理器