1.认证结果处理
1.1.认证成功处理
在传统的应用中,认证成功后页面需要跳转到认证成功页面或者跳转到个人中心页,但是在前后端分离的项目通常是使用Ajax请求完成认证,这时候我们需要返回一个JSON结果告知前端认证结果,然后前端自行跳转页面。
要做到上述功能,我们需要自定义认证成功处理器实现AuthenticationSuccessHandler接口复写 onAuthenticationSuccess方法,该方法其中一个参数是Authentication ,他里面封装了认证信息,用户信息UserDetails等,我们需要在这个方法中使用Response写出json数据即可
1.导入JSON依赖
<dependency><groupId>com.alibaba</groupId><artifactId>fastjson</artifactId><version>1.2.50</version></dependency>
2.定义AuthenticationSuccessHandler
定义类实现AuthenticationSuccessHandler接口复写onAuthenticationSuccess方法,实现自己的认证成功结果处理
publicclassMyAuthenticationSuccessHandlerimplementsAuthenticationSuccessHandler { publicvoidonAuthenticationSuccess(HttpServletRequestrequest, HttpServletResponseresponse, Authenticationauthentication) throwsIOException, ServletException { response.setContentType("application/json;charset=utf-8"); Mapmap=newHashMap<>(); map.put("success",true); map.put("message","认证成功"); map.put("data",authentication); response.getWriter().print(JSON.toJSONString(map)); response.getWriter().flush(); response.getWriter().close(); } }
3.配置AuthenticationSuccessHandler
在SpringSecurity配置定义的AuthenticationSuccessHandler
http.formLogin() //.successForwardUrl("/loginSuccess") // 设置登陆成功页.successHandler(newMyAuthenticationSuccessHandler) ...
1.2.认证失败结果处理
自定义登录失败的处理,需要实现AuthenticationFailureHandler接口,复写onAuthenticationFailure方法实现自己的认证失败结果处理
1.定义认证失败处理器
publicclassMyAuthenticationFailureHandlerimplementsAuthenticationFailureHandler { publicvoidonAuthenticationFailure(HttpServletRequestrequest, HttpServletResponseresponse, AuthenticationExceptionexception) throwsIOException, ServletException { response.setContentType("application/json;charset=utf-8"); Mapmap=newHashMap<>(); map.put("success",false); map.put("message","认证失败"); response.setStatus(HttpStatus.UNAUTHORIZED.value()); response.getWriter().print(JSON.toJSONString(map)); response.getWriter().flush(); response.getWriter().close(); } }
2.配置处理器
http.formLogin() .failureHandler(newMyAuthenticationFailureHandler) ...
2.授权结果处理
1.授权失败处理
当用户请求资源服务的资源时,需要进行用户的认证和授权检查,当认证或授权检查失败,我们需要要返回自己的失败结果信息,可以通过HttpSecurity设置授权失败结果处理器,内部通过 ExceptionTranslationFilter 调用AuthenticationEntryPoint实现匿名用户授权失败结果处理, ExceptionTranslationFilter 通过 AccessDeniedHandler来处理授权失败结果处理。
1.定义认证检查失败处理
定义AccessDeineHandler 用来解决认证过的用户访问无权限资源时的异常
publicclassDefaultAccessDeniedHandlerimplementsAccessDeniedHandler { publicvoidhandle(HttpServletRequestrequest, HttpServletResponseresponse, AccessDeniedExceptionaccessDeniedException) throwsIOException, ServletException { Stringresult=JSON.toJSONString(AjaxResult.me().setSuccess(false).setMessage("无访问权限")); response.setContentType("text/html;charset=utf-8"); PrintWriterwriter=response.getWriter(); writer.print(result); writer.flush(); writer.close(); } }
2.定义AuthenticationEntryPoint
AuthenticationEntryPoint 用来解决匿名用户访问无权限资源时的异常
publicclassMyAuthenticationEntryPointimplementsAuthenticationEntryPoint { publicvoidcommence(HttpServletRequesthttpServletRequest, HttpServletResponsehttpServletResponse, AuthenticationExceptione) throwsIOException, ServletException { e.printStackTrace(); httpServletResponse.setContentType("application/json;charset=utf-8"); Map<String,Object>result=newHashMap<>(); result.put("success",false); result.put("message","登录失败,用户名或密码错误["+e.getMessage()+"]"); httpServletResponse.getWriter().print(JSONUtils.toJSONString(result)); } }
3.配置异常处理器
配置异常处理器
httpSecurity.exceptionHandling() .accessDeniedHandler(newDefaultAccessDeniedHandler ()) .authenticationEntryPoint(newMyAuthenticationEntryPoint()) //身份认证验证失败配置
