自定义登录和登出页面
自定义登录
在默认的情况下,Spring Security为我们生成的登录登出页面如下:
我们可以自定义登录和登出页面,我们使用thymeleaf来编写登录页面,代码如下:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org">
<head>
<title>Please Log In</title>
</head>
<body>
<h1>Please Log In</h1>
<form th:action="@{/login}" method="post">
<div>
<input type="text" name="username" placeholder="Username"/>
</div>
<div>
<input type="password" name="password" placeholder="Password"/>
</div>
<input type="submit" value="Log in" />
</form>
</body>
</html>
配置自定义登录相关设置:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// 认证相关
http.authorizeRequests(authorize ->
authorize
// /login.html请求不需要验证
.requestMatchers(new AntPathRequestMatcher("/login")).permitAll()
.anyRequest()
.authenticated()
);
// 开启登录表单
http.formLogin(form -> {
form
// 自定义登录页面
.loginPage("/login")
// 自定义登录URL
.loginProcessingUrl("/login")
// 登录成功之后跳转的页面
.defaultSuccessUrl("/index")
.permitAll();
});
// 关闭csrf防护
http.csrf().disable();
return http.build();
}
登录成功之后跳转页面:
在现在的项目开发过程中,一般都是前后端分离的项目,后端只需要返回JSON数据,由前端自己进行跳转,那么我们可以进行如下配置:
// 开启登录表单
http.formLogin(form -> {
form
// 自定义登录页面
.loginPage("/login")
// 自定义登录URL
.loginProcessingUrl("/login")
// 用于前后端分离的情况,登录成功之后返回JSON数据
.successHandler(new AuthenticationSuccessHandlerImpl())
// 用于前后端分离的情况,登录失败之后返回JSON数据
.failureHandler(new AuthenticationFailureHandlerImpl())
.permitAll();
});
上面分别配置了登录成功返回的JSON和登录失败的JSON。AuthenticationSuccessHandlerImpl,AuthenticationFailureHandlerImpl分别实现Spring Security提供的接口AuthenticationSuccessHandler,AuthenticationFailureHandler。
public class AuthenticationSuccessHandlerImpl implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
Map<String,Object> map = new HashMap<>();
map.put("code", "200");
map.put("message", "成功");
map.put("data", authentication);
String json = new ObjectMapper().writeValueAsString(map);
// 构建返回
response.setContentType("application/json;charset=utf-8");
response.getWriter().println(json);
}
}
public class AuthenticationFailureHandlerImpl implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
Map<String,Object> map = new HashMap<>();
map.put("code", "-1");
map.put("message", "登录失败");
map.put("data", exception.getLocalizedMessage());
String json = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json;charset=utf-8");
response.getWriter().println(json);
}
}
使用Postman测试:
自定义登出
// 登出表单
http.logout(logout -> {
logout
// 自定义登出地址
.logoutUrl("/logout").
// 用户前后端分离登出返回JSON
logoutSuccessHandler(new LogoutSuccessHandlerImpl());
});
实现LogoutSuccessHandler接口:
public class LogoutSuccessHandlerImpl implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
Map<String,Object> map = new HashMap<>();
map.put("code", "200");
map.put("message", "注销成功");
map.put("data", authentication.getName());
String json = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json;charset=utf-8");
response.getWriter().println(json);
}
}
