自定义认证失败处理器
package com.mengxuegu.security.authentication;
import com.mengxuegu.base.result.MengxueguResult;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component("customAuthenticationFailureHandler")
public class CustomAuthenticationFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
AuthenticationException e) throws IOException, ServletException {
MengxueguResult result = MengxueguResult.build(
HttpStatus.UNAUTHORIZED.value(), e.getMessage());
httpServletResponse.setContentType("application/json;charset=UTF-8");
httpServletResponse.getWriter().write(result.toJsonString());
}
}
配置认证失败处理器
package com.mengxuegu.security.config;
import com.mengxuegu.security.properties.AuthenticationProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
/**
* alt+/ 导包
* ctrl+o 覆盖
* @Auther: 梦学谷 www.mengxuegu.com
*/
@EnableWebSecurity // 开启springsecurity过滤链 filter
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
private AuthenticationProperties authenticationProperties;
@Bean
public PasswordEncoder passwordEncoder(){
// 明文+随机盐值-》加密存储
return new BCryptPasswordEncoder();
}
@Autowired
UserDetailsService customUserDetailsService;
@Autowired
private AuthenticationSuccessHandler customAuthenticationSuccessHandler;
@Autowired
private AuthenticationFailureHandler customAuthenticationFailureHandler;
/**
* 认证管理器:
* 1. 认证信息(用户名,密码)
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// String password = passwordEncoder().encode("123456");
// logger.info("加密之后存储的密码:"+password);
// auth.inMemoryAuthentication().withUser("root").password(password).authorities("ADMIN");
auth.userDetailsService(customUserDetailsService);
}
/**
* 资源权限配置:
* 1. 被拦截的资源
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("用户认证");
// http.httpBasic() // 采用 httpBasic认证方式
http.formLogin() // 表单登录方式
.loginPage(authenticationProperties.getLoginPage()) //配置登录页面
.loginProcessingUrl(authenticationProperties.getLoginProcessingUrl()) //登录表单提交处理url,默认是/login
.usernameParameter(authenticationProperties.getUsernameParameter())
.passwordParameter(authenticationProperties.getPasswordParameter())
.successHandler(customAuthenticationSuccessHandler) // 认证成功处理器
.failureHandler(customAuthenticationFailureHandler) // 认证失败处理器
.and()
.authorizeRequests() // 认证请求
.antMatchers(authenticationProperties.getLoginPage()).permitAll()
.anyRequest().authenticated() //所有访问该应用的http请求都要通过身份认证才可以访问
; // 注意不要少了分号
}
/**
* 一般针对静态资源放行
* @param web
*/
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers(authenticationProperties.getStaticPaths());
}
}
