1.新建成功、失败工具类:DemoAuthenticationSuccessHandler、DemoAuthenticationFailureHandler:
/**
* 认证成功处理
* SavedRequestAwareAuthenticationSuccessHandler Spring对AuthenticationSuccessHandler的简单实现
* @author zhaohaibin
*/
@Slf4j
@Component("demoAuthenticationSuccessHandler")
public class DemoAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Autowired
private ObjectMapper objectMapper;
@Autowired
private SecurityProperties securityProperties;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
log.info("登录成功");
if(LoginType.JSON.equals(securityProperties.getBrowser().getLoginType())){
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(authentication));
}else{
super.onAuthenticationSuccess(request,response,authentication);
}
}
}
/**
* 认证失败处理
* SimpleUrlAuthenticationFailureHandler Spring对AuthenticationFailureHandler的简单实现
* @author zhaohaibin
*/
@Slf4j
@Component("demoAuthenticationFailureHandler")
public class DemoAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Autowired
private ObjectMapper objectMapper;
@Autowired
private SecurityProperties securityProperties;
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
log.info("登录失败");
if(LoginType.JSON.equals(securityProperties.getBrowser().getLoginType())){
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(e));
}else{
super.onAuthenticationFailure(request,response,e);
}
}
}
2.BrowserProperties增加loginType(枚举)属性
/**
* 登录类型枚举
*
* @author zhaohaibin
*/
public enum LoginType {
REDIRECT,
JSON
}
3.更新WebSecurityConfig:
@Autowired
private DemoAuthenticationSuccessHandler demoAuthenticationSuccessHandler;
@Autowired
private DemoAuthenticationFailureHandler demoAuthenticationFailureHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
// 默认/表单登录方式
// http.httpBasic()
http.formLogin()
// 自定义登录页面
.loginPage("/authentication/require")
.loginProcessingUrl("/authentication/form")
.successHandler(demoAuthenticationSuccessHandler)
.failureHandler(demoAuthenticationFailureHandler)
.and()
// 对任何请求授权
.authorizeRequests()
// 匹配页面授权所有权限
.antMatchers(
// API
"/swagger-ui.html",
// 默认登录页
"/authentication/require",
// 自定义登录页(demoLogin)
securityProperties.getBrowser().getLoginPage()).permitAll()
// 任何请求
.anyRequest()
// 都需要被认证
.authenticated()
.and()
// 请求伪造防护功能关闭
.csrf().disable();
}
4.新建测试配置重定向页面:
5.配置并启动:
# security 默认登录页面配置
demo:
security:
browser:
loginPage: "/demoLogin.html"
loginType: "REDIRECT"
问题排查:
暂无