登录时,自定义登录成功的handler不会执行,已经在security中配置了处理器,代码如下
handler
@Component
public class SecurityAuthSuccessHandler implements AuthenticationSuccessHandler {
/**
* 验证成功后执行
* @param request 请求对象
* @param response 响应对象
* @param authentication security验证成功后的封装对象,包括用户的信息
* @throws IOException
* @throws ServletException
*/
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
// 登录的用户验证成功后执行
response.setContentType("text/json;charset=utf-8");
System.out.println("success handler...");
Result result = new Result();
result.setCode(0);
result.setStatus(200);
result.setMsg("登录成功");
// 使用jsckson
ObjectMapper mapper = new ObjectMapper();
ServletOutputStream outputStream = response.getOutputStream();
mapper.writeValue(outputStream, result);
outputStream.flush();
outputStream.close();
}
}
security配置
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http
.authorizeHttpRequests(auth->{
// 设置url权限,注意所有权限的配置顺序
auth.requestMatchers("/home").permitAll();
auth.anyRequest().authenticated();
})
.formLogin(conf->{
// 自定义表单登录页
// https://docs.spring.io/spring-security/reference/servlet/authentication/passwords/form.html
conf.loginPage("/login");
// 表单登录请求
conf.loginProcessingUrl("/login");
// 登录成功处理器,取消defaultSuccessUrl默认登录成功页可以看到效果,如登录失败处理器类似
// 使用handler类
conf.successHandler(successHandler);
conf.failureHandler(failureHandler);
// 默认登录成功页,使用了handler,就不要使用默认登录页,否则handler不起作用
// conf.defaultSuccessUrl("/home");
// 登录相关请求不需要认证
conf.permitAll();
})
.logout(conf->{
// 登出请求
conf.logoutUrl("/logout");
conf.logoutSuccessUrl("/login");
conf.permitAll();
})
// 使用自定义过滤器,并且
.addFilterBefore(new VerificationFilter(), UsernamePasswordAuthenticationFilter.class)
// 使用自定义的userDetails认证过程,
// .userDetailsService(null)
.csrf(AbstractHttpConfigurer::disable)// 关闭跨站请求伪造保护功能
.build();
}
}
原因是使用了自定义的handler,就不要设置跳转默认成功页了
// 注释掉
// conf.defaultSuccessUrl("/home");
参考java - Spring boot AuthenticationSuccessHandler ignore - Stack Overflow
Your is overriden by default handler in your security config.CustomSuccessHandler
Just delete following line: from class.defaultSuccessUrl("/")SecurityConfiguration
- AuthenticationSuccessHandler SpringSecurity successHandler successhandler 作用springsecurity successhandler handler方法 successhandler uaasuccesshandler successhandler意思new authenticationsuccesshandler springsecurity springsecurity权限 作用 系统 authenticationsuccesshandler springsecurity springsecurity流程 springsecurity教程 springsecurity-jwt