在现实的很多开发中,前后端都是分离的,前端访问接口返回的数据一般都是json格式。前端表单登录,我们应该返回一个登录成功或失败的json,然后由前端自己进行处理。
SpringSecurity提供了AuthenticationSuccessHandler和AuthenticationFailureHandler接口,允许我们实现自定义的登录成功和失败逻辑。
自定义成功
1: 在com.xhc.security包下新建一个类MyAuthenticationSuccessHandler,实现AuthenticationSuccessHandler接口,重写其方法。
package com.xhc.security;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
* 自定义成功处理的逻辑类
*/
public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
private ObjectMapper objectMapper = new ObjectMapper();
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
Map map = new HashMap();
map.put("success", true);
String str = objectMapper.writeValueAsString(map);
response.setContentType("text/json;charset=utf-8");
response.getWriter().write(str);
}
}
2: 在spring-security.xml文件中加入下面代码
<bean id="myAuthenticationSuccessHandler" class="com.xhc.security.MyAuthenticationSuccessHandler"/>
修改form-login标签,加入authentication-success-handler-ref
<security:form-login login-page="/userLogin" login-processing-url="/securityLogin" default-target-url="/goods/index" authentication-success-handler-ref="myAuthenticationSuccessHandler"/>
3:启动项目,成功登录后会返回成功的json信息。
自定义失败
操作和自定义成功基本一致
1: 在com.xhc.security包下新建一个类MyAuthenticationFailureHandler,实现AuthenticationFailureHandler接口,重写其方法。
package com.xhc.security;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
public class MyAuthenticationFailureHandler implements AuthenticationFailureHandler {
private ObjectMapper objectMapper = new ObjectMapper();
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
Map map = new HashMap();
map.put("success", false);
map.put("errorMsg", e.getMessage());
String str = objectMapper.writeValueAsString(map);
response.setContentType("text/json;charset=utf-8");
response.getWriter().write(str);
}
}
2: 在spring-security.xml文件中加入下面代码
<bean id="myAuthenticationFailureHandler" class="com.xhc.security.MyAuthenticationFailureHandler"/>
修改form-login标签,加入authentication-failure-handler-ref
<security:form-login login-page="/userLogin" login-processing-url="/securityLogin"
default-target-url="/goods/index"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
authentication-failure-handler-ref="myAuthenticationFailureHandler"/>
3:启动项目,登录失败后会返回失败的json信息。
