在現實的很多開發中,前後端都是分離的,前端訪問接口返回的數據一般都是json格式。前端表單登錄,我們應該返回一個登錄成功或失敗的json,然後由前端自己進行處理。
SpringSecurity提供了AuthenticationSuccessHandler和AuthenticationFailureHandler接口,允許我們實現自定義的登錄成功和失敗邏輯。
自定義成功
1: 在com.xhc.security包下新建一個類MyAuthenticationSuccessHandler,實現AuthenticationSuccessHandler接口,重寫其方法。
package com.xhc.security;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
* 自定義成功處理的邏輯類
*/
public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
private ObjectMapper objectMapper = new ObjectMapper();
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
Map map = new HashMap();
map.put("success", true);
String str = objectMapper.writeValueAsString(map);
response.setContentType("text/json;charset=utf-8");
response.getWriter().write(str);
}
}
2: 在spring-security.xml文件中加入下面代碼
<bean id="myAuthenticationSuccessHandler" class="com.xhc.security.MyAuthenticationSuccessHandler"/>
修改form-login標籤,加入authentication-success-handler-ref
<security:form-login login-page="/userLogin" login-processing-url="/securityLogin" default-target-url="/goods/index" authentication-success-handler-ref="myAuthenticationSuccessHandler"/>
3:啓動項目,成功登錄後會返回成功的json信息。
自定義失敗
操作和自定義成功基本一致
1: 在com.xhc.security包下新建一個類MyAuthenticationFailureHandler,實現AuthenticationFailureHandler接口,重寫其方法。
package com.xhc.security;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
public class MyAuthenticationFailureHandler implements AuthenticationFailureHandler {
private ObjectMapper objectMapper = new ObjectMapper();
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
Map map = new HashMap();
map.put("success", false);
map.put("errorMsg", e.getMessage());
String str = objectMapper.writeValueAsString(map);
response.setContentType("text/json;charset=utf-8");
response.getWriter().write(str);
}
}
2: 在spring-security.xml文件中加入下面代碼
<bean id="myAuthenticationFailureHandler" class="com.xhc.security.MyAuthenticationFailureHandler"/>
修改form-login標籤,加入authentication-failure-handler-ref
<security:form-login login-page="/userLogin" login-processing-url="/securityLogin"
default-target-url="/goods/index"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
authentication-failure-handler-ref="myAuthenticationFailureHandler"/>
3:啓動項目,登錄失敗後會返回失敗的json信息。