当前位置：网站首页>Custom login failure handling

Custom login failure handling

2022-04-23 09:50:00 【Engage in money self-discipline】

Failed to add custom login handler

package com.example.handler;

import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

/** *  User defined authentication failure handling  */
public class MyAuthenticationFailureHandler implements AuthenticationFailureHandler {
    
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
    
        Map<String,Object> result = new HashMap<>();
        result.put("msg"," Login failed "+exception.getMessage());
        result.put("status",500);
        response.setContentType("application/json;charset=UTF-8");
        String s = new ObjectMapper().writeValueAsString(result);
        response.getWriter().println(s);
    }
}

modify WebSecurityConfigurer

Mainly failureHandler

package com.example.config;

import com.example.handler.MyAuthenticationFailureHandler;
import com.example.handler.MyAuthenticationSuccessHandler;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
    


    @Override
    public void configure(HttpSecurity http) throws Exception {
    

        //【 matters needing attention 】 Release resources should be put in front , The certified ones are in the back 
        http.authorizeRequests()
                .mvcMatchers("/index").permitAll() // On behalf of release index All requests for 
                .mvcMatchers("/loginHtml").permitAll() // release loginHtml request 
                .anyRequest().authenticated()// Authentication is required on behalf of other requests 
                .and()
                .formLogin()// Indicates that other requests requiring authentication have passed the form authentication 
                //loginPage  Once you customize this login page , Then you have to make it clear SpringSecurity Which one in the future url Process your login request 
                .loginPage("/loginHtml")// Used to specify user-defined login interface , Don't use SpringSecurity Default login interface   Be careful ： Once you customize the login page , Login must be specified url
                //loginProcessingUrl  This doLogin The request itself is not , Because we just need to tell SpringSecurity, In the future, as long as the front-end initiates a doLogin Such a request ,
                // that SpringSecurity You should be username and password To capture 
                .loginProcessingUrl("/doLogin")// Specified login request processing url
                .usernameParameter("uname") // Specifies the name of the login interface user name text box name value , If not specified , The default property name must be username
                .passwordParameter("passwd")// Specify the password box of the login interface name value , If not specified , The default property name must be password
// .successForwardUrl("/index")// Authentication success  forward  Jump path ,forward Represents the jump inside the server , The address bar doesn't change   Always jump to the specified request after successful authentication 
// .defaultSuccessUrl("/index")// Authentication success   Then jump , Redirect  redirect  After the jump , The address will change   Successfully jump according to the last save request 
                .successHandler(new MyAuthenticationSuccessHandler()) // Handle when authentication is successful   Front and back end separation solution 
// .failureForwardUrl("/loginHtml")// After the authentication fails  forward  Jump 
// .failureUrl("/login.html")// After the authentication fails  redirect  Jump 
                .failureHandler(new MyAuthenticationFailureHandler())// Used to customize the processing after authentication failure   Front and back end separation solution 
                .and()
                .csrf().disable(); // prohibit csrf  Cross site request protection 
    }
}