SpringBoot Security權限控制自定義failureHandler實例

Posted on by

創建hander文件夾

在 java 源碼目錄下創建hander文件夾, 在該文件夾下創建CustomAuthenticationFailHander類文件

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 * <p>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.edurt.hander;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
 * CustomAuthenticationFailHander <br/>
 * 描述 : CustomAuthenticationFailHander <br/>
 * 作者 : qianmoQ <br/>
 * 版本 : 1.0 <br/>
 * 創建時間 : 2018-03-20 下午4:08 <br/>
 */
@Component(value = "customAuthenticationFailHander")
public class CustomAuthenticationFailHander extends SimpleUrlAuthenticationFailureHandler {
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
        System.out.println("登錄失敗!!!");
        this.returnJson(response, exception);
    }
    /**
     * 直接返回需要返回的 json 數據
     */
    private void returnJson(HttpServletResponse response,
                            AuthenticationException exception) throws IOException {
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json");
        response.getWriter().println("{\"ok\":0,\"msg\":\"" + exception.getLocalizedMessage() + "\"}");
    }
    /**
     * 直接返會錯誤頁面
     */
    private void returnErrorPage(HttpServletRequest request, HttpServletResponse response,
                                 AuthenticationException exception) throws IOException, ServletException {
        String strUrl = request.getContextPath() + "/loginErrorPath";
        request.getSession().setAttribute("status", 0);
        request.getSession().setAttribute("message", exception.getLocalizedMessage());
        request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
        // 使用該方法會出現錯誤
//        request.getRequestDispatcher(strUrl).forward(request, response);
        response.sendRedirect(strUrl);
    }
}

修改WebSecurityConfig配置

修改WebSecurityConfig配置文件支持自定義Handler

@Autowired
private CustomAuthenticationFailHander customAuthenticationFailHander;
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
            // 允許直接訪問/路徑
            .authorizeRequests().antMatchers("/").permitAll()
            // 使其支持跨域
            .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
            // 其他路徑需要授權訪問
            .anyRequest().authenticated()
            // 指定登錄頁面
            .and().formLogin().loginPage("/user/login")
            // 指定登錄失敗跳轉地址, 使用自定義錯誤信息
            .failureHandler(customAuthenticationFailHander)
            // 登錄成功後的默認路徑
            .defaultSuccessUrl("/").permitAll()
            // 退出登錄後的默認路徑
            .and().logout().logoutSuccessUrl("/user/login").permitAll();
}

以上就是SpringBoot Security權限控制自定義failureHandler實例的詳細內容,更多關於SpringBoot Security failureHandler的資料請關註WalkonNet其它相關文章!

推薦閱讀: