使用Restful自定义登陆配置
自定义登陆成功后的Handler
添加hhandler类库,创建LoginSuccessHandler.class,实现用户成功登陆Handler
@Override //登陆成功之后会调用的函数 public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, //封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息) Authentication authentication) throws IOException, ServletException { // TODO Auto-generated method stub System.out.println("登陆成功"); response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面 response.getWriter().write(objectMapper.writeValueAsString(authentication)); }
在SecurityConfig.java中配置configure()方法
protected void configure(HttpSecurity http) throws Exception{ //表单验证(身份认证) http.formLogin() //自定义登陆页面 .loginPage("/require") //如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求 .loginProcessingUrl("/loginPage") //配置登陆成功调用loginSuccessHandler .successHandler(loginSuccessHandler) .and() //请求授权 .authorizeRequests() //在访问我们的URL时,我们是不需要省份认证,可以立即访问 .antMatchers("/login.html","/require").permitAll() //所有请求都被拦截,跳转到(/login请求中) .anyRequest() //都需要我们身份认证 .authenticated() //SpringSecurity保护机制 .and().csrf().disable(); }
package com.Gary.GaryRESTful.handler; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.stereotype.Component; import com.fasterxml.jackson.databind.ObjectMapper; @Component public class LoginSuccessHandler implements AuthenticationSuccessHandler{ //将我们的authentication转换为json所需要的类 @Autowired private ObjectMapper objectMapper; @Override //登陆成功之后会调用的函数 public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, //封装了我们的认证信息(发起的认证请求(ip,session),认证成功后的用户信息) Authentication authentication) throws IOException, ServletException { // TODO Auto-generated method stub System.out.println("登陆成功"); response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面 response.getWriter().write(objectMapper.writeValueAsString(authentication)); } }
package com.Gary.GaryRESTful.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import com.Gary.GaryRESTful.handler.LoginSuccessHandler; //Web应用安全适配器 @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter{ //告诉SpringSecurity密码用什么加密的 @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Autowired private LoginSuccessHandler loginSuccessHandler; protected void configure(HttpSecurity http) throws Exception{ //表单验证(身份认证) http.formLogin() //自定义登陆页面 .loginPage("/require") //如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求 .loginProcessingUrl("/loginPage") //配置登陆成功调用loginSuccessHandler .successHandler(loginSuccessHandler) .and() //请求授权 .authorizeRequests() //在访问我们的URL时,我们是不需要省份认证,可以立即访问 .antMatchers("/login.html","/require").permitAll() //所有请求都被拦截,跳转到(/login请求中) .anyRequest() //都需要我们身份认证 .authenticated() //SpringSecurity保护机制 .and().csrf().disable(); } }
//用户权限 authorities: //认证请求的信息(ip,session) details //用户是否已经通过了我们的身份认证 authenticated //UserDetails principal //用户输入的密码 credentials //用户名 name
用户登陆失败后的Handler
@Override //登陆不成功产生的错误 public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { System.out.println("登陆失败"); //设置返回的状态码 500 response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR); response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面 response.getWriter().write(objectMapper.writeValueAsString(exception)); }
在SecurityConfig.java中配置configure()方法
protected void configure(HttpSecurity http) throws Exception{ //表单验证(身份认证) http.formLogin() //自定义登陆页面 .loginPage("/require") //如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求 .loginProcessingUrl("/loginPage") //配置登陆成功调用loginSuccessHandler .successHandler(loginSuccessHandler) //配置登陆失败调用loginFailureHandler .failureHandler(loginFailureHandler) .and() //请求授权 .authorizeRequests() //在访问我们的URL时,我们是不需要省份认证,可以立即访问 .antMatchers("/login.html","/require").permitAll() //所有请求都被拦截,跳转到(/login请求中) .anyRequest() //都需要我们身份认证 .authenticated() //SpringSecurity保护机制 .and().csrf().disable(); }
package com.Gary.GaryRESTful.handler; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.http.HttpStatus; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.stereotype.Component; import com.fasterxml.jackson.databind.ObjectMapper; @Component public class LoginFailureHandler implements AuthenticationFailureHandler{ //将我们的authentication转换为json所需要的类 @Autowired private ObjectMapper objectMapper; @Override //登陆不成功产生的错误 public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { System.out.println("登陆失败"); //设置返回的状态码 500 response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR); response.setContentType("application/json;charset=UTF-8"); //将我们authentication转换为json通过response对象以application/json写到页面 response.getWriter().write(objectMapper.writeValueAsString(exception)); } }
package com.Gary.GaryRESTful.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import com.Gary.GaryRESTful.handler.LoginFailureHandler; import com.Gary.GaryRESTful.handler.LoginSuccessHandler; //Web应用安全适配器 @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter{ //告诉SpringSecurity密码用什么加密的 @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Autowired private LoginSuccessHandler loginSuccessHandler; @Autowired private LoginFailureHandler loginFailureHandler; protected void configure(HttpSecurity http) throws Exception{ //表单验证(身份认证) http.formLogin() //自定义登陆页面 .loginPage("/require") //如果URL为loginPage,则用SpringSecurity中自带的过滤器去处理该请求 .loginProcessingUrl("/loginPage") //配置登陆成功调用loginSuccessHandler .successHandler(loginSuccessHandler) //配置登陆失败调用loginFailureHandler .failureHandler(loginFailureHandler) .and() //请求授权 .authorizeRequests() //在访问我们的URL时,我们是不需要省份认证,可以立即访问 .antMatchers("/login.html","/require").permitAll() //所有请求都被拦截,跳转到(/login请求中) .anyRequest() //都需要我们身份认证 .authenticated() //SpringSecurity保护机制 .and().csrf().disable(); } }