文章目录
- [SpringSecurity 返回json](#SpringSecurity 返回json)
- 一、登录成功处理器
-
- [1.1 统一响应类HttpResult](#1.1 统一响应类HttpResult)
- [1.2 登录成功处理器](#1.2 登录成功处理器)
- [1.3 配置登录成功处理器](#1.3 配置登录成功处理器)
- [1.4 登录](#1.4 登录)
- 二、登录失败处理器
-
- [2.1 登录失败处理器](#2.1 登录失败处理器)
- [2.2 配置登录失败处理器](#2.2 配置登录失败处理器)
- [2.3 登录](#2.3 登录)
- 三、退出成功处理器
-
- [3.1 退出成功处理器](#3.1 退出成功处理器)
- [3.2 配置退出成功处理器](#3.2 配置退出成功处理器)
- [3.3 退出](#3.3 退出)
- 四、访问拒绝(无权限)处理器
-
- [4.1 访问拒绝处理器](#4.1 访问拒绝处理器)
- [4.2 配置访问拒绝处理器](#4.2 配置访问拒绝处理器)
- [4.3 被拒绝](#4.3 被拒绝)
- 五、自定义处理器
SpringSecurity 返回json
一、登录成功处理器
前后端分离成为企业应用开发中的主流,前后端分离通过json进行交互,登录成功和失败后不用页面跳转,而是一段json提示
1.1 统一响应类HttpResult
java
@Data
@AllArgsConstructor
@NoArgsConstructor
@Builder
public class HttpResult {
private Integer code;
private String msg;
private Object data;
public HttpResult(Integer code, String msg) {
this.code = code;
this.msg = msg;
}
}1.2 登录成功处理器
java
/**
* 认证成功就会调用该接口里的方法
*/
@Component
public class AppAuthenticationSuccessHandle implements AuthenticationSuccessHandler {
// JSON序列化器,进行序列化和反序列化
@Resource
private ObjectMapper objectMapper;;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
// 定义返回对象httpResult
HttpResult httpResult = HttpResult.builder()
.code(200)
.msg("登陆成功")
.build();
String strResponse = objectMapper.writeValueAsString(httpResult);
// 响应字符集
response.setCharacterEncoding("UTF-8");
// 响应内容类型JSON,字符集utf-8
response.setContentType("application/json;charset=utf-8");
// 响应给前端
PrintWriter writer = response.getWriter();
writer.println(strResponse);
writer.flush();
}
}1.3 配置登录成功处理器
java
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Resource
private AppAuthenticationSuccessHandle appAuthenticationSuccessHandle;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()//授权http请求
.anyRequest() //任何请求
.authenticated();//都需要认证
http.formLogin()
.successHandler(appAuthenticationSuccessHandle) //认证成功处理器
.permitAll();//允许表单登录
}
}1.4 登录
登录成功后如下所示
二、登录失败处理器
2.1 登录失败处理器
java
/**
* 认证失败就会调用下面的方法
*/
@Component
public class AppAuthenticationFailHandle implements AuthenticationFailureHandler {
// JSON序列化器,进行序列化和反序列化
@Resource
private ObjectMapper objectMapper;;
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
// 定义返回对象httpResult
HttpResult httpResult = HttpResult.builder()
.code(401)
.msg("登录失败")
.build();
String strResponse = objectMapper.writeValueAsString(httpResult);
// 响应字符集
response.setCharacterEncoding("UTF-8");
// 响应内容类型JSON,字符集utf-8
response.setContentType("application/json;charset=utf-8");
// 响应给前端
PrintWriter writer = response.getWriter();
writer.println(strResponse);
writer.flush();
}
}2.2 配置登录失败处理器
java
@Resource
private AppAuthenticationFailHandle appAuthenticationFailHandle;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()//授权http请求
.anyRequest() //任何请求
.authenticated();//都需要认证
http.formLogin()
.successHandler(appAuthenticationSuccessHandle) //认证成功处理器
.failureHandler(appAuthenticationFailHandle) // 认证失败处理器
.permitAll();//允许表单登录
}2.3 登录
输入一个错误的密码
如下图所示
三、退出成功处理器
3.1 退出成功处理器
java
/**
* 退出成功处理器
*/
@Component
public class AppLogoutSuccessHandle implements LogoutSuccessHandler{
// JSON序列化器,进行序列化和反序列化
@Resource
private ObjectMapper objectMapper;;
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
// 定义返回对象httpResult
HttpResult httpResult = HttpResult.builder()
.code(200)
.msg("退出成功")
.build();
String strResponse = objectMapper.writeValueAsString(httpResult);
// 响应字符集
response.setCharacterEncoding("UTF-8");
// 响应内容类型JSON,字符集utf-8
response.setContentType("application/json;charset=utf-8");
// 响应给前端
PrintWriter writer = response.getWriter();
writer.println(strResponse);
writer.flush();
}
}3.2 配置退出成功处理器
java
@Resource
private AppLogoutSuccessHandle appLogoutSuccessHandle;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()//授权http请求
.anyRequest() //任何请求
.authenticated();//都需要认证
http.formLogin()
.successHandler(appAuthenticationSuccessHandle) //认证成功处理器
.failureHandler(appAuthenticationFailHandle) // 认证失败处理器
.permitAll();//允许表单登录
http.logout().logoutSuccessHandler(appLogoutSuccessHandle);//登录成功处理器
}3.3 退出
四、访问拒绝(无权限)处理器
4.1 访问拒绝处理器
java
@Component
public class AppAccessDenyHandle implements AccessDeniedHandler {
// JSON序列化器,进行序列化和反序列化
@Resource
private ObjectMapper objectMapper;;
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
// 定义返回对象httpResult
HttpResult httpResult = HttpResult.builder()
.code(403)
.msg("您没有权限访问该资源!!")
.build();
String strResponse = objectMapper.writeValueAsString(httpResult);
// 响应字符集
response.setCharacterEncoding("UTF-8");
// 响应内容类型JSON,字符集utf-8
response.setContentType("application/json;charset=utf-8");
// 响应给前端
PrintWriter writer = response.getWriter();
writer.println(strResponse);
writer.flush();
}
}4.2 配置访问拒绝处理器
java
@Resource
private AppAccessDenyHandle appAccessDenyHandle;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()//授权http请求
.anyRequest() //任何请求
.authenticated();//都需要认证
http.formLogin()
.successHandler(appAuthenticationSuccessHandle) //认证成功处理器
.failureHandler(appAuthenticationFailHandle) // 认证失败处理器
.permitAll();//允许表单登录
http.logout()
.logoutSuccessHandler(appLogoutSuccessHandle);//登录成功处理器;
http.exceptionHandling()//异常处理
.accessDeniedHandler(appAccessDenyHandle);//访问被拒绝处理器
}4.3 被拒绝
五、自定义处理器
SpringSecurity - 认证与授权、自定义失败处理、跨域问题、认证成功/失败处理器_我爱布朗熊的博客-CSDN博客