Spring Security6、登录用户退出登录操作
2021-04-19 03:28
标签:覆盖 bcrypt wired 失效 roc 代码 autowire ann ada 在使用过程中,如果有多个账号,需要进行账号切换。我们一般需要用户先注销当前的登录用户,然后在登录另一个账号。 这时候我们就需要使用到退出登录的操作,在Spring Security中默认调用接口 在前后端分离的情况下,我们希望能像登录授权那样,登出成功后也能返回 JSON 字符串。 登录失败处理程序和登录授权这些一样,我们只要实现 我们现在把我们写的 我们先登录用户admin,然后请求接口 然后我们使用get方式调用接口 退出成功后,我们再请求接口 然后我们重新登录后继续请求接口 Spring Security6、登录用户退出登录操作 标签:覆盖 bcrypt wired 失效 roc 代码 autowire ann ada 原文地址:https://www.cnblogs.com/lixingwu/p/13291255.html
/logout
进行登出操作,登出成功后会自动跳转到登录页面。一、退出登录成功处理程序
LogoutSuccessHandler
这个接口就可以了。import cn.hutool.core.lang.Console;
import cn.hutool.core.lang.Dict;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.extra.servlet.ServletUtil;
import cn.hutool.http.ContentType;
import cn.hutool.json.JSONUtil;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 退出成功
*
* @author lixin
*/
@Component
public class JsonLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(
HttpServletRequest request, HttpServletResponse response,
Authentication authentication
) throws IOException, ServletException {
Console.log("退出成功,{}", authentication);
Dict res = Dict.create()
.set("code", 0)
.set("msg", "退出成功")
.set("data", authentication);
ServletUtil.write(response, JSONUtil.toJsonStr(res), ContentType.JSON.toString(CharsetUtil.CHARSET_UTF_8));
}
}
二、配置退出登录成功处理程序
退出登录成功
处理程序配置到HttpSecurity上,这样在 退出登录成功
时就返回我们设置的json字符串了,完整配置看代码。import com.miaopasi.securitydemo.config.security.handler.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
/**
* Security配置类,会覆盖yml配置文件的内容
*
* @author lixin
*/
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final JsonSuccessHandler successHandler;
private final JsonFailureHandler failureHandler;
private final JsonAccessDeniedHandler accessDeniedHandler;
private final JsonAuthenticationEntryPoint authenticationEntryPoint;
private final JsonLogoutSuccessHandler logoutSuccessHandler;
@Autowired
public SecurityConfig(JsonSuccessHandler successHandler, JsonFailureHandler failureHandler, JsonAccessDeniedHandler accessDeniedHandler, JsonAuthenticationEntryPoint authenticationEntryPoint, JsonLogoutSuccessHandler logoutSuccessHandler) {
this.successHandler = successHandler;
this.failureHandler = failureHandler;
this.accessDeniedHandler = accessDeniedHandler;
this.authenticationEntryPoint = authenticationEntryPoint;
this.logoutSuccessHandler = logoutSuccessHandler;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/code", "/login", "/logout", "/doLogin").permitAll()
.antMatchers("/admin/**", "/guest/**").hasRole("admin")
.antMatchers("/guest/**").hasRole("guest")
.anyRequest().authenticated()
.and().formLogin()
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/doLogin")
.successHandler(successHandler)
.failureHandler(failureHandler)
// 退出登录,默认为/logout,这里修改接口地址为 /doLogout
.and().logout().logoutUrl("/doLogout")
// 设置退出登录成功处理程序,退出成功后返回JSON字符串
.logoutSuccessHandler(logoutSuccessHandler)
.and().exceptionHandling()
.accessDeniedHandler(accessDeniedHandler)
.authenticationEntryPoint(authenticationEntryPoint)
.and().cors()
.and().csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.passwordEncoder(new BCryptPasswordEncoder())
.withUser("admin")
.password(new BCryptPasswordEncoder().encode("123456"))
.roles("admin", "guest")
.and()
.withUser("user")
.password(new BCryptPasswordEncoder().encode("000000"))
.roles("guest");
}
}
三、测试
/admin/get
,能正常访问。/doLogout
,接口返回JSON字符串:{
"msg": "退出成功",
"code": 0,
"data": {
"authenticated": true,
"authorities": [
{},
{}
],
"principal": {
"credentialsNonExpired": true,
"authorities": [
{},
{}
],
"enabled": true,
"accountNonExpired": true,
"username": "admin",
"accountNonLocked": true
},
"details": {
"remoteAddress": "127.0.0.1"
}
}
}
/admin/get
,发现返回JSON字符串:{
"msg": "未登录或者登录失效",
"code": 1001,
"data": "Full authentication is required to access this resource"
}
/admin/get
,发现正常请求到数据。
上一篇:Spring 整合 Junit
下一篇:Linux 线程传递参数
文章标题:Spring Security6、登录用户退出登录操作
文章链接:http://soscw.com/index.php/essay/76482.html