| | |
|---|
| | | import org.slf4j.Logger; |
|---|
| | | import org.slf4j.LoggerFactory; |
|---|
| | | import org.springframework.context.annotation.Bean; |
|---|
| | | import org.springframework.http.HttpStatus; |
|---|
| | | import org.springframework.security.authentication.BadCredentialsException; |
|---|
| | | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
|---|
| | | import org.springframework.security.authentication.dao.DaoAuthenticationProvider; |
|---|
| | |
|---|
| | | import org.springframework.security.core.userdetails.UserDetailsService; |
|---|
| | | import org.springframework.security.core.userdetails.UsernameNotFoundException; |
|---|
| | | import org.springframework.security.crypto.password.PasswordEncoder; |
|---|
| | | import org.springframework.security.web.AuthenticationEntryPoint; |
|---|
| | | import org.springframework.security.web.authentication.AuthenticationFailureHandler; |
|---|
| | | import org.springframework.security.web.authentication.AuthenticationSuccessHandler; |
|---|
| | | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
|---|
| | | import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; |
|---|
| | | import org.springframework.web.filter.OncePerRequestFilter; |
|---|
| | | import org.yeshi.utils.JsonUtil; |
|---|
| | | import org.yeshi.utils.StringUtil; |
|---|
| | | |
|---|
| | | import javax.annotation.Resource; |
|---|
| | |
|---|
| | | @Override |
|---|
| | | public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { |
|---|
| | | logger.info("onLogoutSuccess"); |
|---|
| | | httpServletResponse.getWriter().print(JsonUtil.loadTrueResult("")); |
|---|
| | | } |
|---|
| | | }) |
|---|
| | | .and() |
|---|
| | | .csrf().disable() |
|---|
| | | .rememberMe().userDetailsService(new MyUserDetailsService()); |
|---|
| | | .rememberMe().userDetailsService(new MyUserDetailsService()) |
|---|
| | | .and().exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint()); |
|---|
| | | http.addFilterBefore(new VerificationCodeFilter(), UsernamePasswordAuthenticationFilter.class); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | //自定义未授权返回 |
|---|
| | | class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint { |
|---|
| | | @Override |
|---|
| | | public void commence(HttpServletRequest request, HttpServletResponse response, |
|---|
| | | AuthenticationException authException) throws IOException, ServletException { |
|---|
| | | String url = request.getRequestURI().toString(); |
|---|
| | | if (url.contains("/admin/api/")) { |
|---|
| | | response.setStatus(HttpStatus.UNAUTHORIZED.value()); |
|---|
| | | } else { |
|---|
| | | response.sendRedirect("/login.html"); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | } |
|---|
