07、Spring Security 实战 - 退出成功响应Json
前言
前面介绍了登录失败时候响应的Json,下面接着介绍退出成功时响应Json
实现
跟之前一样,新建一个SignOutSuccessHandler类,实现以下代码
@Component
public class SignOutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication
authentication) throws IOException {
Result success = Result.ok().message("退出成功!");
response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
response.getWriter().write(JsonUtil.toJsonString(success));
}
}
还是在SpringSecurityConfig类中,首先注入SignOutSuccessHandler对象,然后进行配置
@Autowired
SignOutSuccessHandler signOutSuccessHandler;
http.logout()
.logoutSuccessHandler(signOutSuccessHandler);
启动项目,在浏览器先进行登录,然后通过http://localhost:8080/logout进行退出
完整代码
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
SignInSuccessHandler signInSuccessHandler;
@Autowired
SignInFailureHandler signInFailureHandler;
@Autowired
SignOutSuccessHandler signOutSuccessHandler;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user")
.password(passwordEncoder().encode("123"))
.authorities("user");
auth.inMemoryAuthentication()
.withUser("admin")
.password(passwordEncoder().encode("123"))
.authorities("admin");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.successHandler(signInSuccessHandler)
.failureHandler(signInFailureHandler);
http.logout()
.logoutSuccessHandler(signOutSuccessHandler);
http.authorizeRequests()
.antMatchers("/user").hasAuthority("user")
.antMatchers("/admin").hasAuthority("admin")
.anyRequest().authenticated();
}
}