前后端分离项目中 交互的往往是json 所以需要通过json告知前段登录是否成功
SpringSecurityConfig
修改SpringSecurityConfig (其他配置已经删除) 在其中配置AuthenticationFailureHandler ,AuthenticationSuccessHandler
@EnableWebSecurity public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private AuthenticationFailureHandler customAuthenticationFailureHandler; @Autowired private AuthenticationSuccessHandler customAuthenticationSuccessHandler; @Override protected void configure(HttpSecurity http) throws Exception { // 验证码过滤器 http.addFilterBefore(imageCodeValidateFilter, UsernamePasswordAuthenticationFilter.class) // 跳转前台的地址 .formLogin().loginPage("/loginPage") // 登录调用的接口地址 .loginProcessingUrl("/login").successHandler(customAuthenticationSuccessHandler).failureHandler() } }
AuthenticationFailureHandler与AuthenticationSuccessHandler
主要就是实现SimpleUrlAuthenticationFailureHandler与CustomSavedRequestAwareAuthenticationSuccessHandler 接口 其余按照楼主的配置即可
@Component("customAuthenticationFailureHandler") public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler { /** * @param exception 认证失败时抛出异常 */ @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { String referer = request.getHeader("Referer"); logger.info("referer:" + referer); // 如果下面有值,则认为是多端登录,直接返回一个登录地址 Object toAuthentication = request.getAttribute("toAuthentication"); String lastUrl = toAuthentication != null ? /loginPage: StringUtils.substringBefore(referer, "?"); logger.info("上一次请求的路径 :" + lastUrl); super.setDefaultFailureUrl(lastUrl + "?error"); super.onAuthenticationFailure(request, response, exception); } }
@Component("customAuthenticationSuccessHandler") public class CustomAuthenticationSuccessHandler extends CustomSavedRequestAwareAuthenticationSuccessHandler { @Autowired Utils utils; @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { SimpleDateFormat sd = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); SysUser sysUser = (SysUser)authentication.getPrincipal(); logger.info("|" + "用户" + sysUser.getUsername() + "于" + sd.format(new Date()) + "通过web端登录系统,ip为" + utils.getIpAddr() + "。" + "|" + sd.format(new Date()) + "|" + sysUser.getUsername()); super.onAuthenticationSuccess(request, response, authentication); } }
