SpringSecurity successHandler方法使用自定义Handler登录成功,302问题
一开始我自定义了成功和失败两个Handler,在进行调试的时候发现失败的没有问题,但是登录成功的话走的是某人的重定向而不是我自定义的
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.headers().frameOptions().disable()
.and()
.formLogin()
.usernameParameter("userName")
.passwordParameter("password")
.loginPage("/index")
.loginProcessingUrl("/login")
.successHandler(loginSuccessHandler)
.failureHandler(loginFailureHandler)
.and()
.authorizeRequests()
.antMatchers("/index","/login","/welcome").permitAll()
.anyRequest().authenticated();
}
package com.std.www.erp_admin.config;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.std.www.erp_admin.model.RespBean;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
private static ObjectMapper objectMapper=new ObjectMapper();
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
System.out.println("=====================成功=====================");
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(RespBean.success("登录成功")));
}
}
我很是奇怪,为什么成功的就不行呢,通过后台输出发现,根本没有走我自定义的handler,于是我走进源码一探究竟
这是源码里调用的方法
public final T successHandler(AuthenticationSuccessHandler successHandler) {
this.successHandler = successHandler;
return this.getSelf();
}
然后我发现问题所在了,我这里继承的类型为SavedRequestAwareAuthenticationSuccessHandler,这是从网上借鉴的,于是我把类型替换了一下
package com.std.www.erp_admin.config;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.std.www.erp_admin.model.RespBean;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler {
private static ObjectMapper objectMapper=new ObjectMapper();
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
System.out.println("=====================成功=====================");
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(objectMapper.writeValueAsString(RespBean.success("登录成功")));
}
}
发现成功跳转,因此顺利解决