创建CustomAuthenticationSuccessHandler
package com.mengxuegu.security.authentication;
import com.mengxuegu.base.result.MengxueguResult;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 认证成功处理器
* 1. 决定 响应json还是跳转页面,或者认证成功后进行其他处理
* @Auther: 梦学谷 www.mengxuegu.com
*/
@Component("customAuthenticationSuccessHandler")
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
// 认证成功后,响应JSON字符串
MengxueguResult result = MengxueguResult.ok("认证成功");
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(result.toJsonString());
}
}
修改配置文件
package com.mengxuegu.security.config;
import com.mengxuegu.security.properites.SecurityProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
/**
* alt+/ 导包
* ctrl+o 覆盖
* @Auther: 梦学谷 www.mengxuegu.com
*/
@Configuration
@EnableWebSecurity // 开启springsecurity过滤链 filter
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
Logger logger = LoggerFactory.getLogger(getClass());
@Bean
public PasswordEncoder passwordEncoder() {
// 明文+随机盐值》加密存储
return new BCryptPasswordEncoder();
}
@Autowired
UserDetailsService customUserDetailsService;
/**
* 认证管理器:
* 1. 认证信息(用户名,密码)
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 数据库存储的密码必须是加密后的,不然会报错:There is no PasswordEncoder mapped for the id "null"
// String password = passwordEncoder().encode("1234");
// logger.info("加密之后存储的密码:" + password);
// auth.inMemoryAuthentication().withUser("mengxuegu")
// .password(password).authorities("ADMIN");
auth.userDetailsService(customUserDetailsService);
}
// 配置文件参数
@Autowired
private SecurityProperties securityProperties;
@Autowired
private AuthenticationSuccessHandler customAuthenticationSuccessHandler;
@Autowired
private AuthenticationFailureHandler customAuthenticationFailureHandler;
/**
* 当你认证成功之后 ,springsecurity它会重写向到你上一次请求上
* 资源权限配置:
* 1. 被拦截的资源
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
// http.httpBasic() // 采用 httpBasic认证方式
http.formLogin() // 表单登录方式
.loginPage(securityProperties.getAuthentication().getLoginPage())
.loginProcessingUrl(securityProperties.getAuthentication().getLoginProcessingUrl()) // 登录表单提交处理url, 默认是/login
.usernameParameter(securityProperties.getAuthentication().getUsernameParameter()) //默认的是 username
.passwordParameter(securityProperties.getAuthentication().getPasswordParameter()) // 默认的是 password
.successHandler(customAuthenticationSuccessHandler)
.and()
.authorizeRequests() // 认证请求
.antMatchers(securityProperties.getAuthentication().getLoginPage()).permitAll() // 放行/login/page不需要认证可访问
.anyRequest().authenticated() //所有访问该应用的http请求都要通过身份认证才可以访问
; // 注意不要少了分号
}
/**
* 一般是针对静态资源放行
* @param web
* @throws Exception
*/
@Override
public void configure(WebSecurity web){
web.ignoring().antMatchers("/dist/**", "/modules/**", "/plugins/**");
}
}
