spring-security 個性化用戶認證流程——自定義登錄成功/失敗的處理
阿新 • • 發佈:2018-12-24
http servle utf author ddr als ble 沒有 ont 1.自定義登錄成功處理
什麽需要自定義登錄成功處理,因為登錄行為不止只有一種,有可能是ajax請求,而默認的則是form提交跳轉的行為,這個時候就不是我們想要的一種結果。
什麽需要自定義登錄成功處理,因為登錄行為不止只有一種,有可能是ajax請求,而默認的則是form提交跳轉的行為,這個時候就不是我們想要的一種結果。
如果自定義登錄成功之後的行為?只需要實現AuthenticationSuccessHandler接口
@Component("myAuthenticationSuccessHandler") public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler{ private static final Logger logger = LoggerFactory.getLogger(MyAuthenticationSuccessHandler.class); @Autowired private ObjectMapper objectMapper; //登錄成功之後會被調用 //Authentication用來封裝我們的認證信息,包括發起認證請求裏的認證信息(IP,Session,以及認證通過之後UserDetails的實現類的信息), @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { logger.info("登錄成功"); //把authentication返回給前臺 response.setContentType("application/json;charset=UTF-8"); response.getWriter().write(objectMapper.writeValueAsString(authentication)); } }
再修改BrowserSecurityConfig類的配置信息
訪問請求:http://localhost:8080/sign.html ,登錄成功之後,會把用戶的信息全部返回
{ authorities: [ { authority: "admin" //該用戶的角色信息 } ], details: { remoteAddress: "0:0:0:0:0:0:0:1", //發起請求的IP sessionId: null }, authenticated: true, principal: { //principal就是UserDetails的實現類裏面的信息 username: "admin", password: "$2a$10$WPv2.mXiAPEaOXjAHP9jYuLNfbGT1Nk99Ix2fn351gZGKeEPiOTQW", accountNonExpired: true, accountNonLocked: true, credentialsNonExpired: true, enabled: true, authorities: [ { authority: "admin" } ] }, credentials: null, name: "admin" }
1.自定義登錄錯誤處理
實現AuthenticationFailureHandler接口
@Component("myAuthenticationFailHandler") public class MyAuthenticationFailHandler implements AuthenticationFailureHandler { private static final Logger logger = LoggerFactory.getLogger(MyAuthenticationFailHandler.class); @Autowired private ObjectMapper objectMapper; //AuthenticationException記錄,用戶名沒找到,密碼沒匹配上等信息 認證過程中所有發生的錯誤 @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { logger.info("登錄失敗"); //把exception返回給前臺 response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); response.setContentType("application/json;charset=UTF-8"); response.getWriter().write(objectMapper.writeValueAsString(exception)); } }
AuthenticationException下的異常子類
同樣也需要配置BrowserSecurityConfig配置類
訪問請求:http://localhost:8080/sign.html ,登錄失敗之後,會把異常信息返回
2.可配置化
需要把它做成可配置化的,有些應用卻是是form提交方式,應該需要更靈活一些
在BrowserProperties中定義一下跳轉方式
public enum LoginType {
REDIRECT, //跳轉
JSON; //JSON
}
public class BrowserProperties {
//標準的登錄頁面,如果其他項目沒有配置則使用默認的登錄配置
private String loginPage = "/sign.html";
private LoginType loginType = LoginType.JSON;//默認返回json
//get/set
}
既然需要跳轉頁面的這種方式,這個時候就不能僅僅實現Success/FailHandler接口這樣了。
@Component("myAuthenticationSuccessHandler")
public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{
private static final Logger logger = LoggerFactory.getLogger(MyAuthenticationSuccessHandler.class);
@Autowired
private ObjectMapper objectMapper;
@Autowired
private SecurityProperties securityProperties;//判斷我們的請求數據的返回方式json/redirect
//登錄成功之後會被調用
//Authentication用來封裝我們的認證信息,包括發起認證請求裏的認證信息(IP,Session,以及認證通過之後UserDetails的實現類的信息),
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
logger.info("登錄成功");
if (LoginType.JSON.equals(securityProperties.getBrowser().getLoginType())) {
//把authentication返回給前臺
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(authentication));
}else {
//跳轉
super.onAuthenticationSuccess(request, response, authentication);
}
}
}
@Component("myAuthenticationFailHandler")
public class MyAuthenticationFailHandler extends SimpleUrlAuthenticationFailureHandler {
private static final Logger logger = LoggerFactory.getLogger(MyAuthenticationFailHandler.class);
@Autowired
private ObjectMapper objectMapper;
@Autowired
private SecurityProperties securityProperties;
//AuthenticationException記錄,用戶名沒找到,密碼沒匹配上等信息 認證過程中所有發生的錯誤
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
logger.info("登錄失敗");
if (LoginType.JSON.equals(securityProperties.getBrowser().getLoginType())) {
//把exception返回給前臺
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(exception));
}else {
//跳轉,即返回頁面
super.onAuthenticationFailure(request, response, exception);
}
}
}
訪問請求:http://localhost:8080/sign.html ,登錄成功和失敗都會返回json的方式
當更改完配置:
LoginType.REDIRECT;
再次訪問請求:http://localhost:8080/sign.html ,登錄成功和失敗都會返回跳轉的方式
spring-security 個性化用戶認證流程——自定義登錄成功/失敗的處理