（二）Spring Security自定义登录成功或失败处理器

我们接着上一章 Spring Security最简单的搭建，进行开发
LoginSuccessHandler 和LoginFailureHandler可以用在前后端分离处理

一：创建登录成功处理器

@Component
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    private static final Logger log = LoggerFactory.getLogger(LoginSuccessHandler.class);
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
        /* 默认：会帮我们跳转到上一次请求的页面上 */
        //super.onAuthenticationSuccess(request, response, authentication);
        response.setStatus(HttpServletResponse.SC_OK);
        response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
        PrintWriter writer = response.getWriter();
        writer.write("登录成功");
        writer.flush();
        writer.close();
    }
}

二：创建登录失败处理器

@Component
public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(LoginFailureHandler.class);
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
    	/* 默认：执行重定向或转发到defaultfailureurl(如果设置)，Otherw返回401错误代码 */
    	//super.onAuthenticationFailure(request,response,exception)
        LOGGER.error("登录错误 [{}] ",exception.getMessage());
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
        PrintWriter writer = response.getWriter();
        writer.write(exception.getMessage());
        writer.flush();
        writer.close();
    }
}

三：添加处理器

在WebSecurityConfig 注入处理器依赖，并设置处理器

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private LoginSuccessHandler successHandler;
    @Autowired
    private LoginFailureHandler failureHandler;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests() /* 需要授权的请求 */
            .antMatchers("/login","/home").permitAll() /* 过滤不需要认证的路径 */
            .anyRequest().authenticated() /* 对任何一个请求，都需要认证 */
            .and() /* 完成上一个配置，进行下一步配置 */
            //.httpBasic();
            .formLogin() /* 配置表单登录 */
            .loginPage("/login") /* 设置登录页面 */
            .successHandler(successHandler)  /* 设置成功处理器 */
            .failureHandler(failureHandler)  /* 设置失败处理器*/
            .and()
            .logout() /* 登出 */
            .logoutSuccessUrl("/home"); /* 设置退出页面 */
}

示例：

三. 项目地址

Spring Security自定义登录成功或失败处理器