五分钟带你玩转SpringSecurity（九）整合vue，以json方式交互

前后端分离项目中 交互的往往是json 所以需要通过json告知前段登录是否成功

SpringSecurityConfig

修改SpringSecurityConfig （其他配置已经删除） 在其中配置AuthenticationFailureHandler ，AuthenticationSuccessHandler 

  

   

    

     

    
    

     

      @EnableWebSecurity
     
    
   

    

     

    
    

     

      public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
     
    
   

    

     

    
    

     
 
     
    
   

    

     

    
    

     
    @Autowired
     
    
   

    

     

    
    

     
    private AuthenticationFailureHandler customAuthenticationFailureHandler;
     
    
   

    

     

    
    

     
 
     
    
   

    

     

    
    

     
    @Autowired
     
    
   

    

     

    
    

     
    private AuthenticationSuccessHandler customAuthenticationSuccessHandler;
     
    
   

    

     

    
    

     
 
     
    
   

    

     

    
    

     
 
     
    
   

    

     

    
    

     
    @Override
     
    
   

    

     

    
    

     
    protected void configure(HttpSecurity http) throws Exception {
     
    
   

    

     

    
    

     
        // 验证码过滤器
     
    
   

    

     

    
    

     

              http.addFilterBefore(imageCodeValidateFilter, UsernamePasswordAuthenticationFilter.class)
     
    
   

    

     

    
    

     

                  // 跳转前台的地址
     
    
   

    

     

    
    

     

                  .formLogin().loginPage("/loginPage")
     
    
   

    

     

    
    

     

                  // 登录调用的接口地址
     
    
   

    

     

    
    

     

                  .loginProcessingUrl("/login").successHandler(customAuthenticationSuccessHandler).failureHandler()
     
    
   

    

     

    
    

     
     
     
    
   

    

     

    
    

     

          }
     
    
   

    

     

    
    

     

      }
     
    
  
 

AuthenticationFailureHandler与AuthenticationSuccessHandler 

主要就是实现SimpleUrlAuthenticationFailureHandler与CustomSavedRequestAwareAuthenticationSuccessHandler 接口 其余按照楼主的配置即可

  

   

    

     

    
    

     

      @Component("customAuthenticationFailureHandler")
     
    
   

    

     

    
    

     

      public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
     
    
   

    

     

    
    

     
 
     
    
   

    

     

    
    

     
    /**
     
    
   

    

     

    
    

     

       * @param exception 认证失败时抛出异常
     
    
   

    

     

    
    

     

       */
     
    
   

    

     

    
    

     
    @Override
     
    
   

    

     

    
    

     

          public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
     
    
   

    

     

    
    

     
        AuthenticationException exception) throws IOException, ServletException {
     
    
   

    

     

    
    

     
        String referer = request.getHeader("Referer");
     
    
   

    

     

    
    

     

              logger.info("referer:" + referer);
     
    
   

    

     

    
    

     
        // 如果下面有值,则认为是多端登录,直接返回一个登录地址
     
    
   

    

     

    
    

     
        Object toAuthentication = request.getAttribute("toAuthentication");
     
    
   

    

     

    
    

     
        String lastUrl = toAuthentication != null ? /loginPage: StringUtils.substringBefore(referer, "?");
     
    
   

    

     

    
    

     

              logger.info("上一次请求的路径 ：" + lastUrl);
     
    
   

    

     

    
    

     
        super.setDefaultFailureUrl(lastUrl + "?error");
     
    
   

    

     

    
    

     
        super.onAuthenticationFailure(request, response, exception);
     
    
   

    

     

    
    

     

          }
     
    
   

    

     

    
    

     

      }
     
    
  
 

  

   

    

     

    
    

     

      @Component("customAuthenticationSuccessHandler")
     
    
   

    

     

    
    

     

      public class CustomAuthenticationSuccessHandler extends CustomSavedRequestAwareAuthenticationSuccessHandler {
     
    
   

    

     

    
    

     
 
     
    
   

    

     

    
    

     
    @Autowired
     
    
   

    

     

    
    

     
    Utils utils;
     
    
   

    

     

    
    

     
 
     
    
   

    

     

    
    

     
    @Override
     
    
   

    

     

    
    

     

          public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
     
    
   

    

     

    
    

     
        Authentication authentication) throws IOException, ServletException {
     
    
   

    

     

    
    

     
        SimpleDateFormat sd = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
     
    
   

    

     

    
    

     
        SysUser sysUser = (SysUser)authentication.getPrincipal();
     
    
   

    

     

    
    

     

              logger.info("|" + "用户" + sysUser.getUsername() + "于" + sd.format(new Date()) + "通过web端登录系统，ip为"
     
    
   

    

     

    
    

     

                  + utils.getIpAddr() + "。" + "|" + sd.format(new Date()) + "|" + sysUser.getUsername());
     
    
   

    

     

    
    

     
        super.onAuthenticationSuccess(request, response, authentication);
     
    
   

    

     

    
    

     

          }
     
    
   

    

     

    
    

     

      }
     
    
  
 

文章来源: baocl.blog.csdn.net，作者：小黄鸡1992，版权归原作者所有，如需转载，请联系作者。

原文链接：baocl.blog.csdn.net/article/details/113753086