2.SpringSecurity - 处理器简单说明

SpringSecurity 返回json

承接：1.SpringSecurity -快速入门、加密、基础授权-CSDN博客

一、登录成功处理器

前后端分离成为企业应用开发中的主流，前后端分离通过json进行交互，登录成功和失败后不用页面跳转，而是一段json提示

1.1 统一响应类HttpResult

@Data
@AllArgsConstructor
@NoArgsConstructor
@Builder
public class HttpResult {
    private Integer code;
    private String msg;
    private Object data;
    
    public HttpResult(Integer code, String msg) {
        this.code = code;
        this.msg = msg;
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14

1.2 登录成功处理器

/**
 * 认证成功就会调用该接口里的方法
 */
@Component
public class AppAuthenticationSuccessHandle implements AuthenticationSuccessHandler {

//  JSON序列化器，进行序列化和反序列化
    @Resource
    private ObjectMapper objectMapper;;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
//      定义返回对象httpResult
        HttpResult httpResult = HttpResult.builder()
                .code(200)
                .msg("登陆成功")
                .build();

        String strResponse = objectMapper.writeValueAsString(httpResult);

//      响应字符集
        response.setCharacterEncoding("UTF-8");
//      响应内容类型JSON,字符集utf-8
        response.setContentType("application/json;charset=utf-8");
//      响应给前端
        PrintWriter writer = response.getWriter();
        writer.println(strResponse);
        writer.flush();
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

1.3 配置登录成功处理器

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private AppAuthenticationSuccessHandle appAuthenticationSuccessHandle;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()//授权http请求
                .anyRequest() //任何请求
                .authenticated();//都需要认证

        http.formLogin()
                .successHandler(appAuthenticationSuccessHandle) //认证成功处理器
                .permitAll();//允许表单登录
    }
 }
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

1.4 登录

登录成功后如下所示

二、登录失败处理器

2.1 登录失败处理器

/**
 * 认证失败就会调用下面的方法
 */
@Component
public class AppAuthenticationFailHandle implements AuthenticationFailureHandler {
    //  JSON序列化器，进行序列化和反序列化
    @Resource
    private ObjectMapper objectMapper;;

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
        //      定义返回对象httpResult
        HttpResult httpResult = HttpResult.builder()
                .code(401)
                .msg("登录失败")
                .build();

        String strResponse = objectMapper.writeValueAsString(httpResult);

//      响应字符集
        response.setCharacterEncoding("UTF-8");
//      响应内容类型JSON,字符集utf-8
        response.setContentType("application/json;charset=utf-8");
//      响应给前端
        PrintWriter writer = response.getWriter();
        writer.println(strResponse);
        writer.flush();
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

2.2 配置登录失败处理器

@Resource
private AppAuthenticationFailHandle appAuthenticationFailHandle;

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests()//授权http请求
            .anyRequest() //任何请求
            .authenticated();//都需要认证

    http.formLogin()
            .successHandler(appAuthenticationSuccessHandle) //认证成功处理器
            .failureHandler(appAuthenticationFailHandle) // 认证失败处理器
            .permitAll();//允许表单登录
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

2.3 登录

输入一个错误的密码

如下图所示

三、退出成功处理器

3.1 退出成功处理器

/**
 * 退出成功处理器
 */
@Component
public class AppLogoutSuccessHandle implements LogoutSuccessHandler{
    //  JSON序列化器，进行序列化和反序列化
    @Resource
    private ObjectMapper objectMapper;;


    @Override
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
//      定义返回对象httpResult
        HttpResult httpResult = HttpResult.builder()
                .code(200)
                .msg("退出成功")
                .build();

        String strResponse = objectMapper.writeValueAsString(httpResult);

//      响应字符集
        response.setCharacterEncoding("UTF-8");
//      响应内容类型JSON,字符集utf-8
        response.setContentType("application/json;charset=utf-8");
//      响应给前端
        PrintWriter writer = response.getWriter();
        writer.println(strResponse);
        writer.flush();
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

3.2 配置退出成功处理器

@Resource
private AppLogoutSuccessHandle appLogoutSuccessHandle;

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests()//授权http请求
            .anyRequest() //任何请求
            .authenticated();//都需要认证

    http.formLogin()
            .successHandler(appAuthenticationSuccessHandle) //认证成功处理器
            .failureHandler(appAuthenticationFailHandle) // 认证失败处理器
            .permitAll();//允许表单登录

    http.logout().logoutSuccessHandler(appLogoutSuccessHandle);//登录成功处理器
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

3.3 退出

四、访问拒绝（无权限）处理器

4.1 访问拒绝处理器

@Component
public class AppAccessDenyHandle implements AccessDeniedHandler {
    //  JSON序列化器，进行序列化和反序列化
    @Resource
    private ObjectMapper objectMapper;;

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        //      定义返回对象httpResult
        HttpResult httpResult = HttpResult.builder()
                .code(403)
                .msg("您没有权限访问该资源！！")
                .build();

        String strResponse = objectMapper.writeValueAsString(httpResult);

//      响应字符集
        response.setCharacterEncoding("UTF-8");
//      响应内容类型JSON,字符集utf-8
        response.setContentType("application/json;charset=utf-8");
//      响应给前端
        PrintWriter writer = response.getWriter();
        writer.println(strResponse);
        writer.flush();
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

4.2 配置访问拒绝处理器

@Resource
private AppAccessDenyHandle appAccessDenyHandle;

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests()//授权http请求
            .anyRequest() //任何请求
            .authenticated();//都需要认证

    http.formLogin()
            .successHandler(appAuthenticationSuccessHandle) //认证成功处理器
            .failureHandler(appAuthenticationFailHandle) // 认证失败处理器
            .permitAll();//允许表单登录

    http.logout()
            .logoutSuccessHandler(appLogoutSuccessHandle);//登录成功处理器;

    http.exceptionHandling()//异常处理
            .accessDeniedHandler(appAccessDenyHandle);//访问被拒绝处理器
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

4.3 被拒绝

五、自定义处理器

SpringSecurity - 认证与授权、自定义失败处理、跨域问题、认证成功/失败处理器_我爱布朗熊的博客-CSDN博客