【Spring Boot】Spring Security登陆异常出路
【Spring Boot】Spring Security登陆异常出路
Security 配置
package cn.young.greenhome.config;
import cn.young.greenhome.module.auth.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
/**
* 安全配置类
*
* @author ycx
* @since 2020-02-02
*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsServiceImpl userDetailsService;
/**
* 配置拦截请求
*
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().disable();
http.authorizeRequests()
.antMatchers("/login", "/logout", "/getVerifyCode", "/validateVerifyCode")
.permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.successForwardUrl("/success")
.failureForwardUrl("/failure")
.and()
.logout()
.logoutUrl("/logout")
.invalidateHttpSession(true)
.and()
.csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 123456
// $2a$10$E0ypqva9V.tMStGszN8Zeu6mUAO2OkEUs1bbYGUIvnANVuwi5DfgO
// 自定义用户服务和密码
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
/**
* 配置过滤器
*
* @param web
* @throws Exception
*/
@Override
public void configure(WebSecurity web) throws Exception {
// 忽略静态资源
web.ignoring().antMatchers("/static/**");
super.configure(web);
}
}出异常时forward到 /failure
点击 failureForwardUrl 方法
public FormLoginConfigurer<H> failureForwardUrl(String forwardUrl) {
this.failureHandler(new ForwardAuthenticationFailureHandler(forwardUrl));
return this;
}异常信息被存储在了request中
public class ForwardAuthenticationFailureHandler implements AuthenticationFailureHandler {
private final String forwardUrl;
/**
* @param forwardUrl
*/
public ForwardAuthenticationFailureHandler(String forwardUrl) {
Assert.isTrue(UrlUtils.isValidRedirectUrl(forwardUrl),
() -> "‘" + forwardUrl + "‘ is not a valid forward URL");
this.forwardUrl = forwardUrl;
}
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception);
request.getRequestDispatcher(forwardUrl).forward(request, response);
}
}处理异常信息
/**
* 失败
*
* @return
*/
@RequestMapping("/failure")
public String failure(HttpServletRequest request, Model model) {
AuthenticationException exception = (AuthenticationException) request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
String error;
if (exception instanceof UsernameNotFoundException || exception instanceof BadCredentialsException) {
error = "用户名或密码错误";
} else if (exception instanceof DisabledException) {
error = "账户已禁用";
} else if (exception instanceof LockedException) {
error = "账户已锁定";
} else if (exception instanceof AccountExpiredException) {
error = "账户已过期";
} else if (exception instanceof CredentialsExpiredException) {
error = "证书已过期";
} else {
error = "登录失败";
}
model.addAttribute("error", error);
return "login";
} 相关推荐
hellowordmonkey 2020-11-02
zyshappy 2020-08-16
pythonwangjunji 2020-08-16
Equation 2020-08-09
iamjiyu 2020-07-21
winxcoder 2020-07-18
lepton 2020-07-04
zzdadexiaoha 2020-06-28
ajuan 2020-06-25
tosim 2020-06-24
wghou 2020-06-21
yudiewenyuan 2020-06-21
JessePinkmen 2020-06-14
heimu 2020-06-12
limx 2020-06-11
zghover 2020-06-11