Spring Boot整合Security系列步骤及问题排查（四）—— 自定义成功失败处理及可配置

1.新建成功、失败工具类:DemoAuthenticationSuccessHandler、DemoAuthenticationFailureHandler：

/**
 * 认证成功处理
 * SavedRequestAwareAuthenticationSuccessHandler Spring对AuthenticationSuccessHandler的简单实现
 * @author zhaohaibin
 */
@Slf4j
@Component("demoAuthenticationSuccessHandler")
public class DemoAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    private SecurityProperties securityProperties;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

        log.info("登录成功");

        if(LoginType.JSON.equals(securityProperties.getBrowser().getLoginType())){

            response.setContentType("application/json;charset=UTF-8");
            response.getWriter().write(objectMapper.writeValueAsString(authentication));

        }else{
            super.onAuthenticationSuccess(request,response,authentication);
        }

    }

}

/**
 * 认证失败处理
 * SimpleUrlAuthenticationFailureHandler Spring对AuthenticationFailureHandler的简单实现
 * @author zhaohaibin
 */
@Slf4j
@Component("demoAuthenticationFailureHandler")
public class DemoAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    private SecurityProperties securityProperties;

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {

        log.info("登录失败");

        if(LoginType.JSON.equals(securityProperties.getBrowser().getLoginType())){

            response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
            response.setContentType("application/json;charset=UTF-8");
            response.getWriter().write(objectMapper.writeValueAsString(e));

        }else{
            super.onAuthenticationFailure(request,response,e);
        }

    }

}

2.BrowserProperties增加loginType（枚举）属性

/**
 * 登录类型枚举
 *
 * @author zhaohaibin
 */
public enum LoginType {

    REDIRECT,
    JSON

}

3.更新WebSecurityConfig：

    @Autowired
    private DemoAuthenticationSuccessHandler demoAuthenticationSuccessHandler;
    @Autowired
    private DemoAuthenticationFailureHandler demoAuthenticationFailureHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        // 默认/表单登录方式
//        http.httpBasic()
        http.formLogin()
                // 自定义登录页面
                .loginPage("/authentication/require")
                .loginProcessingUrl("/authentication/form")
                .successHandler(demoAuthenticationSuccessHandler)
                .failureHandler(demoAuthenticationFailureHandler)
                .and()
                // 对任何请求授权
                .authorizeRequests()
                // 匹配页面授权所有权限
                .antMatchers(
                        // API
                        "/swagger-ui.html",
                        // 默认登录页
                        "/authentication/require",
                        // 自定义登录页（demoLogin）
                        securityProperties.getBrowser().getLoginPage()).permitAll()
                // 任何请求
                .anyRequest()
                // 都需要被认证
                .authenticated()
                .and()
                // 请求伪造防护功能关闭
                .csrf().disable();

    }

4.新建测试配置重定向页面：

5.配置并启动：

# security 默认登录页面配置
demo:
  security:
    browser:
      loginPage: "/demoLogin.html"
      loginType: "REDIRECT"

问题排查：

暂无

是是非非iiee

发布了81 篇原创文章 · 获赞 12 · 访问量 17万+

私信关注

Spring Boot整合Security系列步骤及问题排查（四）—— 自定义成功失败处理及可配置

猜你喜欢