05、Spring Security 实战 - 登录成功响应Json
前言
在前后端分离项目中,页面的跳转都是交由前端来处理,后端只需要返回Json数据即可。
实现
使用之前写好的统一返回结果类Result,并将Result对象转化成json字符串响应。
@Component
public class SignInSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication
authentication) throws IOException {
Result success = Result.ok().message("登录成功!");
response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
response.getWriter().write(JsonUtil.toJsonString(success));
}
}
在SpringSecurityConfig中注入SignInSuccessHandler对象
@Autowired
SignInSuccessHandler signInSuccessHandler;
将SignInSuccessHandler对象添加到successHandler中
http.formLogin()
.successHandler(signInSuccessHandler);
启动项目验证
完整代码
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
SignInSuccessHandler signInSuccessHandler;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user")
.password(passwordEncoder().encode("123"))
.authorities("user");
auth.inMemoryAuthentication()
.withUser("admin")
.password(passwordEncoder().encode("123"))
.authorities("admin");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.successHandler(signInSuccessHandler);
http.authorizeRequests()
.antMatchers("/user").hasAuthority("user")
.antMatchers("/admin").hasAuthority("admin")
.anyRequest().authenticated();
}
}