06、Spring Security 实战 - 登录失败响应Json

前言

之前已经介绍了登录成功响应Json，那么登录失败响应Json跟之前一样的原理，下面进行实现。

实现

新建SignInFailureHandler

@Component
public class SignInFailureHandler implements AuthenticationFailureHandler {
   
     
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
                                        AuthenticationException exception) throws IOException {
   
     
        Result error = Result.error();
        if (exception instanceof LockedException) {
   
     
            error.message(ResultCode.ACCOUNT_LOCKED.getMessage());
        } else if (exception instanceof CredentialsExpiredException) {
   
     
            error.message(ResultCode.CREDENTIALS_EXPIRED.getMessage());
        } else if (exception instanceof AccountExpiredException) {
   
     
            error.message(ResultCode.ACCOUNT_EXPIRED.getMessage());
        } else if (exception instanceof DisabledException) {
   
     
            error.message(ResultCode.ACCOUNT_DISABLED.getMessage());
        } else if (exception instanceof BadCredentialsException) {
   
     
            error.message(ResultCode.BAD_CREDENTIALS.getMessage());
        } else if (exception instanceof SessionAuthenticationException){
   
     
            error.message(ResultCode.EXCEED_MAX_SESSION.getMessage());
        } else {
   
     
            error.message(exception.getMessage());
        }
        response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
        response.getWriter().write(JsonUtil.toJsonString(error));
    }
}

将SignInFailureHandler注入到SpringSecurityConfig中。

@Autowired
SignInFailureHandler signInFailureHandler;

http.formLogin()
            .successHandler(signInSuccessHandler)
            .failureHandler(signInFailureHandler);

完整代码

@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
   
     
    @Bean
    PasswordEncoder passwordEncoder() {
   
     
        return new BCryptPasswordEncoder();
    }

    @Autowired
    SignInSuccessHandler signInSuccessHandler;

    @Autowired
    SignInFailureHandler signInFailureHandler;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
   
     
        auth.inMemoryAuthentication()
                .withUser("user")
                .password(passwordEncoder().encode("123"))
                .authorities("user");
        auth.inMemoryAuthentication()
                .withUser("admin")
                .password(passwordEncoder().encode("123"))
                .authorities("admin");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
   
     
        http.formLogin()
                .successHandler(signInSuccessHandler)
                .failureHandler(signInFailureHandler);
        http.authorizeRequests()
                .antMatchers("/user").hasAuthority("user")
                .antMatchers("/admin").hasAuthority("admin")
                .anyRequest().authenticated();
    }
}

验证

启动项目，数据错误的用户名密码