前言
本篇博客主要是分享,使用SpringSecurity开发基于表单的认证(二):自定义登录成功处理,自定义登录失败处理;
个性化用户认证流程
- 创建自定义成功处理器
package com.zcw.security.browser.authentication;
import lombok.extern.slf4j.Slf4j;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @ClassName : ZcwAuthenticationSuccessHandler
* @Description :自定义成功处理器
* @Author : Zhaocunwei
* @Date: 2020-06-20 13:25
*/
@Component
@Slf4j
public class ZcwAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Autowired
private ObjectMapper objectMapper;
/**
* 登录成功以后被调用
* @param httpServletRequest
* @param httpServletResponse
* @param authentication
* @throws IOException
* @throws ServletException
*/
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Authentication authentication)
throws IOException, ServletException {
log.info("登录成功");
httpServletResponse.setContentType("application/json;charset=UTF-8");
httpServletResponse.getWriter().write(objectMapper.writeValueAsString(authentication));
}
}
- 启动测试:
APPLICATION FAILED TO START
***************************
Description:
Field securityProperties in com.zcw.security.browser.BrowserSecurityConfig required a bean of type 'com.zcw.security.core.properties.SecurityProperties' that could not be found.
Action:
Consider defining a bean of type 'com.zcw.security.core.properties.SecurityProperties' in your configuration.
springboot类启动后报如上错误,发现加载不了,我们自己配置的类,不管是通过 @Component 还是 @Configuration 还是其他方式注册的,如果该Bean被其他类 注入,则在启动时报上述错误。
可能是因为SpringBoot中已经有个 名为 SecurityProperties 的类(org.springframework.boot.autoconfigure.security.SecurityProperties)了,造成了冲突。
- 启动成功
![在这里插入图片描述]()
![在这里插入图片描述]()
![在这里插入图片描述]()
![在这里插入图片描述]()
失败处理
package com.zcw.security.browser.authentication;
import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @ClassName : ZcwAuthenticationFailureHandler
* @Description : 失败处理器-- 登录过程中出现的错误
* @Author : Zhaocunwei
* @Date: 2020-06-20 14:52
*/
@Component("zcwAuthenticationFailureHandler")
@Slf4j
public class ZcwAuthenticationFailureHandler implements AuthenticationFailureHandler {
@Autowired
private ObjectMapper objectMapper;
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException exception)
throws IOException, ServletException {
log.info("登录失败");
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(exception));
}
}
个性化用户认证流程
- 添加枚举类:
![在这里插入图片描述]()
package com.zcw.security.core.properties;
import lombok.Data;
/**
* @ClassName : BrowserProperties
* @Description :
* @Author : Zhaocunwei
* @Date: 2020-06-19 13:55
*/
public class BrowserProperties {
private String loginPage = "/zcw-sigIn.html";
private LoginType loginType = LoginType.JSON;
public String getLoginPage() {
return loginPage;
}
public void setLoginPage(String loginPage) {
this.loginPage = loginPage;
}
public LoginType getLoginType() {
return loginType;
}
public void setLoginType(LoginType loginType) {
this.loginType = loginType;
}
}
- 修改我么你自己创建的处理器,在处理器里面进行判断
package com.zcw.security.browser.authentication;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.zcw.security.core.properties.LoginType;
import com.zcw.security.core.properties.MySecurityProperties;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @ClassName : ZcwAuthenticationSuccessHandler
* @Description :自定义成功处理器
* @Author : Zhaocunwei
* @Date: 2020-06-20 13:25
*/
@Component("zcwAuthenticationSuccessHandler")
@Slf4j
public class ZcwAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Autowired
private ObjectMapper objectMapper;
@Autowired
private MySecurityProperties mySecurityProperties;
/**
* 登录成功以后被调用
* @param httpServletRequest
* @param httpServletResponse
* @param authentication
* @throws IOException
* @throws ServletException
*/
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Authentication authentication)
throws IOException, ServletException {
log.info("登录成功");
if(LoginType.JSON.equals(mySecurityProperties.getBrowserProperties().getLoginType())){
httpServletResponse.setContentType("application/json;charset=UTF-8");
httpServletResponse.getWriter().write(objectMapper.writeValueAsString(authentication));
}else{
super.onAuthenticationSuccess(httpServletRequest,httpServletResponse,authentication);
}
}
}
- 修改失败处理器:
package com.zcw.security.browser.authentication;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.zcw.security.core.properties.LoginType;
import com.zcw.security.core.properties.MySecurityProperties;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @ClassName : ZcwAuthenticationFailureHandler
* @Description : 失败处理器-- 登录过程中出现的错误
* @Author : Zhaocunwei
* @Date: 2020-06-20 14:52
*/
@Component("zcwAuthenticationFailureHandler")
@Slf4j
public class ZcwAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Autowired
private ObjectMapper objectMapper;
@Autowired
private MySecurityProperties mySecurityProperties;
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException exception)
throws IOException, ServletException {
log.info("登录失败");
if(LoginType.JSON.equals(mySecurityProperties.getBrowserProperties().getLoginType())){
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(exception));
}else{
super.onAuthenticationFailure(request,response,exception);
}
}
}
- 修改配置:
![在这里插入图片描述]()
![在这里插入图片描述]()
认证流程源码及详解
认证处理流程说明
- 点击登录时:
![在这里插入图片描述]()
![在这里插入图片描述]()
- 进行身份认证相关信息,false
![在这里插入图片描述]()
![在这里插入图片描述]()
![在这里插入图片描述]()
![在这里插入图片描述]()
![在这里插入图片描述]()
![在这里插入图片描述]()
认证结果如何在多个请求之间共享
获取认证用户信息
优化上面的代码:
