为什么要返回JSON数据
因为多数的系统都是前后端分离的系统,前段请求后端的数据来判断认证的标识,SpringSecurity要实现返回JSON也并不难,只需要重写一些相关的处理器即可。
准备Result类来封装结果
package com.heimi.domain.vo;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
/**
* @author heimi
* @version 1.0
* @description 用户封装结果
* @date 2023/5/24 上午10:57
*/
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class Result {
private Integer code;
private Object data;
private String message;
}
处理认证成功和失败返回json
重写认证成功处理器和认证失败处理器,放入IOC容器
package com.heimi.config;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.heimi.domain.vo.Result;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.annotation.Resource;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
* @author heimi
* @version 1.0
* @description 处理器配置类
* @date 2023/5/24 上午10:58
*/
@Configuration
public class AuthorizationProcessesConfig {
@Resource
private ObjectMapper objectMapper; // 序列化器
/**
* @description 认证成功处理器
* @author heimi
* @date 2023/5/24 上午11:11
*/
@Bean
public AuthenticationSuccessHandler authenticationSuccessHandler() {
return (request, response, authentication) -> {
Result result = new Result(HttpServletResponse.SC_OK, true, "认证成功");
response.setStatus(HttpServletResponse.SC_OK);
response.setContentType("application/json;charset=utf-8");
String responseStr = objectMapper.writeValueAsString(result);
PrintWriter writer = response.getWriter();
writer.println(responseStr);
writer.flush();
};
}
/**
* @description 认证失败处理器
* @author heimi
* @date 2023/5/24 上午11:14
*/
@Bean
public AuthenticationFailureHandler authenticationFailureHandler() {
return new AuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
Result result = new Result(HttpServletResponse.SC_FORBIDDEN, false, "认证失败");
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
response.setContentType("application/json;charset=utf-8");
String responseStr = objectMapper.writeValueAsString(result);
PrintWriter writer = response.getWriter();
writer.println(responseStr);
writer.flush();
}
}
}
}
在SpringSecurity配置类中配置处理器
package com.heimi.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.annotation.Resource;
/**
* @author heimi
* @version 1.0
* @description springSecirty配置类
* @date 2023/5/24 上午11:00
*/
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Resource // 认证成功处理器
private AuthenticationSuccessHandler authenticationSuccessHandler;
@Resource // 认证失败处理器
private AuthenticationFailureHandler authenticationFailureHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/login")
.successHandler(authenticationSuccessHandler) // 配置认证成功处理器
.failureHandler(authenticationFailureHandler) // 配置认证失败处理器
.permitAll();
}
}
退出成功时返回json
配置退出成功处理器,放入IOC容器中
/**
* @description 退出成功处理器
* @author heimi
* @date 2023/5/24 上午11:29
*/
@Bean
public LogoutSuccessHandler logoutSuccessHandler() {
return (request, response, authentication) -> {
Result result = new Result(HttpServletResponse.SC_OK, true, "退出成功");
response.setStatus(HttpServletResponse.SC_OK);
response.setContentType("application/json;charset=utf-8");
String responseStr = objectMapper.writeValueAsString(result);
PrintWriter writer = response.getWriter();
writer.println(responseStr);
writer.flush();
};
}
在SpringSecurity中配置退出成功处理器
@Resource // 退出成功处理器
private LogoutSuccessHandler logoutSuccessHandler;
http.logout().logoutSuccessHandler(logoutSuccessHandler); // 配置退出成功处理器
权限不足时返回json
配置权限不足处理器,放入IOC容器中
/**
* @description 权限不足处理器
* @author heimi
* @date 2023/5/24 上午11:39
*/
@Bean
public AccessDeniedHandler accessDeniedHandler() {
return (request, response, accessDeniedException) -> {
Result result = new Result(HttpServletResponse.SC_FORBIDDEN, false, "权限不足");
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
response.setContentType("application/json;charset=utf-8");
String responseStr = objectMapper.writeValueAsString(result);
PrintWriter writer = response.getWriter();
writer.println(responseStr);
writer.flush();
};
}
在SpringSecurity配置类中配置该处理器
@Resource // 权限不足处理器
private AccessDeniedHandler accessDeniedHandler;
http.exceptionHandling().accessDeniedHandler(accessDeniedHandler); // 权限不足处理器