前后端分离项目中 交互的往往是json 所以需要通过json告知前段登录是否成功
SpringSecurityConfig
修改SpringSecurityConfig (其他配置已经删除) 在其中配置AuthenticationFailureHandler ,AuthenticationSuccessHandler
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationFailureHandler customAuthenticationFailureHandler;
@Autowired
private AuthenticationSuccessHandler customAuthenticationSuccessHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
// 验证码过滤器
http.addFilterBefore(imageCodeValidateFilter, UsernamePasswordAuthenticationFilter.class)
// 跳转前台的地址
.formLogin().loginPage("/loginPage")
// 登录调用的接口地址
.loginProcessingUrl("/login").successHandler(customAuthenticationSuccessHandler).failureHandler()
}
}
AuthenticationFailureHandler与AuthenticationSuccessHandler
主要就是实现SimpleUrlAuthenticationFailureHandler与CustomSavedRequestAwareAuthenticationSuccessHandler 接口 其余按照楼主的配置即可
@Component("customAuthenticationFailureHandler")
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
/**
* @param exception 认证失败时抛出异常
*/
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
String referer = request.getHeader("Referer");
logger.info("referer:" + referer);
// 如果下面有值,则认为是多端登录,直接返回一个登录地址
Object toAuthentication = request.getAttribute("toAuthentication");
String lastUrl = toAuthentication != null ? /loginPage: StringUtils.substringBefore(referer, "?");
logger.info("上一次请求的路径 :" + lastUrl);
super.setDefaultFailureUrl(lastUrl + "?error");
super.onAuthenticationFailure(request, response, exception);
}
}
@Component("customAuthenticationSuccessHandler")
public class CustomAuthenticationSuccessHandler extends CustomSavedRequestAwareAuthenticationSuccessHandler {
@Autowired
Utils utils;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
SimpleDateFormat sd = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
SysUser sysUser = (SysUser)authentication.getPrincipal();
logger.info("|" + "用户" + sysUser.getUsername() + "于" + sd.format(new Date()) + "通过web端登录系统,ip为"
+ utils.getIpAddr() + "。" + "|" + sd.format(new Date()) + "|" + sysUser.getUsername());
super.onAuthenticationSuccess(request, response, authentication);
}
}