前言
本篇博客主要是分享,使用SpringSecurity開發基於表單的認證(二):自定義登錄成功處理,自定義登錄失敗處理;
個性化用戶認證流程
- 創建自定義成功處理器
package com.zcw.security.browser.authentication;
import lombok.extern.slf4j.Slf4j;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @ClassName : ZcwAuthenticationSuccessHandler
* @Description :自定義成功處理器
* @Author : Zhaocunwei
* @Date: 2020-06-20 13:25
*/
@Component
@Slf4j
public class ZcwAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Autowired
private ObjectMapper objectMapper;
/**
* 登錄成功以後被調用
* @param httpServletRequest
* @param httpServletResponse
* @param authentication
* @throws IOException
* @throws ServletException
*/
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Authentication authentication)
throws IOException, ServletException {
log.info("登錄成功");
httpServletResponse.setContentType("application/json;charset=UTF-8");
httpServletResponse.getWriter().write(objectMapper.writeValueAsString(authentication));
}
}
- 啓動測試:
APPLICATION FAILED TO START
***************************
Description:
Field securityProperties in com.zcw.security.browser.BrowserSecurityConfig required a bean of type 'com.zcw.security.core.properties.SecurityProperties' that could not be found.
Action:
Consider defining a bean of type 'com.zcw.security.core.properties.SecurityProperties' in your configuration.
springboot類啓動後報如上錯誤,發現加載不了,我們自己配置的類,不管是通過 @Component 還是 @Configuration 還是其他方式註冊的,如果該Bean被其他類 注入,則在啓動時報上述錯誤。
可能是因爲SpringBoot中已經有個 名爲 SecurityProperties 的類(org.springframework.boot.autoconfigure.security.SecurityProperties)了,造成了衝突。
- 啓動成功
![在這裏插入圖片描述]()
![在這裏插入圖片描述]()
![在這裏插入圖片描述]()
![在這裏插入圖片描述]()
失敗處理
package com.zcw.security.browser.authentication;
import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @ClassName : ZcwAuthenticationFailureHandler
* @Description : 失敗處理器-- 登錄過程中出現的錯誤
* @Author : Zhaocunwei
* @Date: 2020-06-20 14:52
*/
@Component("zcwAuthenticationFailureHandler")
@Slf4j
public class ZcwAuthenticationFailureHandler implements AuthenticationFailureHandler {
@Autowired
private ObjectMapper objectMapper;
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException exception)
throws IOException, ServletException {
log.info("登錄失敗");
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(exception));
}
}
個性化用戶認證流程
- 添加枚舉類:
![在這裏插入圖片描述]()
package com.zcw.security.core.properties;
import lombok.Data;
/**
* @ClassName : BrowserProperties
* @Description :
* @Author : Zhaocunwei
* @Date: 2020-06-19 13:55
*/
public class BrowserProperties {
private String loginPage = "/zcw-sigIn.html";
private LoginType loginType = LoginType.JSON;
public String getLoginPage() {
return loginPage;
}
public void setLoginPage(String loginPage) {
this.loginPage = loginPage;
}
public LoginType getLoginType() {
return loginType;
}
public void setLoginType(LoginType loginType) {
this.loginType = loginType;
}
}
- 修改我麼你自己創建的處理器,在處理器裏面進行判斷
package com.zcw.security.browser.authentication;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.zcw.security.core.properties.LoginType;
import com.zcw.security.core.properties.MySecurityProperties;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @ClassName : ZcwAuthenticationSuccessHandler
* @Description :自定義成功處理器
* @Author : Zhaocunwei
* @Date: 2020-06-20 13:25
*/
@Component("zcwAuthenticationSuccessHandler")
@Slf4j
public class ZcwAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Autowired
private ObjectMapper objectMapper;
@Autowired
private MySecurityProperties mySecurityProperties;
/**
* 登錄成功以後被調用
* @param httpServletRequest
* @param httpServletResponse
* @param authentication
* @throws IOException
* @throws ServletException
*/
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Authentication authentication)
throws IOException, ServletException {
log.info("登錄成功");
if(LoginType.JSON.equals(mySecurityProperties.getBrowserProperties().getLoginType())){
httpServletResponse.setContentType("application/json;charset=UTF-8");
httpServletResponse.getWriter().write(objectMapper.writeValueAsString(authentication));
}else{
super.onAuthenticationSuccess(httpServletRequest,httpServletResponse,authentication);
}
}
}
- 修改失敗處理器:
package com.zcw.security.browser.authentication;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.zcw.security.core.properties.LoginType;
import com.zcw.security.core.properties.MySecurityProperties;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @ClassName : ZcwAuthenticationFailureHandler
* @Description : 失敗處理器-- 登錄過程中出現的錯誤
* @Author : Zhaocunwei
* @Date: 2020-06-20 14:52
*/
@Component("zcwAuthenticationFailureHandler")
@Slf4j
public class ZcwAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Autowired
private ObjectMapper objectMapper;
@Autowired
private MySecurityProperties mySecurityProperties;
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException exception)
throws IOException, ServletException {
log.info("登錄失敗");
if(LoginType.JSON.equals(mySecurityProperties.getBrowserProperties().getLoginType())){
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(exception));
}else{
super.onAuthenticationFailure(request,response,exception);
}
}
}
- 修改配置:
![在這裏插入圖片描述]()
![在這裏插入圖片描述]()
認證流程源碼及詳解
認證處理流程說明
- 點擊登錄時:
![在這裏插入圖片描述]()
![在這裏插入圖片描述]()
- 進行身份認證相關信息,false
![在這裏插入圖片描述]()
![在這裏插入圖片描述]()
![在這裏插入圖片描述]()
![在這裏插入圖片描述]()
![在這裏插入圖片描述]()
![在這裏插入圖片描述]()
認證結果如何在多個請求之間共享
獲取認證用戶信息
優化上面的代碼:
