06、Spring Security 实战 - 登录失败响应Json

前言

之前已经介绍了登录成功响应Json，那么登录失败响应Json跟之前一样的原理，下面进行实现。

实现

新建SignInFailureHandler

@Component
public class SignInFailureHandler implements AuthenticationFailureHandler {
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
                                        AuthenticationException exception) throws IOException {
        Result error = Result.error();
        if (exception instanceof LockedException) {
            error.message(ResultCode.ACCOUNT_LOCKED.getMessage());
        } else if (exception instanceof CredentialsExpiredException) {
            error.message(ResultCode.CREDENTIALS_EXPIRED.getMessage());
        } else if (exception instanceof AccountExpiredException) {
            error.message(ResultCode.ACCOUNT_EXPIRED.getMessage());
        } else if (exception instanceof DisabledException) {
            error.message(ResultCode.ACCOUNT_DISABLED.getMessage());
        } else if (exception instanceof BadCredentialsException) {
            error.message(ResultCode.BAD_CREDENTIALS.getMessage());
        } else if (exception instanceof SessionAuthenticationException){
            error.message(ResultCode.EXCEED_MAX_SESSION.getMessage());
        } else {
            error.message(exception.getMessage());
        }
        response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
        response.getWriter().write(JsonUtil.toJsonString(error));
    }
}

将SignInFailureHandler注入到SpringSecurityConfig中。

@Autowired
SignInFailureHandler signInFailureHandler;

http.formLogin()
            .successHandler(signInSuccessHandler)
            .failureHandler(signInFailureHandler);

完整代码

@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    @Bean
    PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Autowired
    SignInSuccessHandler signInSuccessHandler;
    @Autowired
    SignInFailureHandler signInFailureHandler;
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("user")
                .password(passwordEncoder().encode("123"))
                .authorities("user");
        auth.inMemoryAuthentication()
                .withUser("admin")
                .password(passwordEncoder().encode("123"))
                .authorities("admin");
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .successHandler(signInSuccessHandler)
                .failureHandler(signInFailureHandler);
        http.authorizeRequests()
                .antMatchers("/user").hasAuthority("user")
                .antMatchers("/admin").hasAuthority("admin")
                .anyRequest().authenticated();
    }
}

验证

启动项目，数据错误的用户名密码