Spring Security用户认证成功失败自定义实现

org.springframework.security.authentication.event包下定义了发生认证时的所有事件类型,其中AbstractAuthenticationEvent是所有事件的父类,其它事件都继承于AbstractAuthenticationEvent,其子类有

  • AbstractAuthenticationFailureEvent
  • AuthenticationFailureBadCredentialsEvent
  • AuthenticationFailureCredentialsExpiredEvent
  • AuthenticationFailureDisabledEvent
  • AuthenticationFailureExpiredEvent
  • AuthenticationFailureLockedEvent
  • AuthenticationFailureProviderNotFoundEvent
  • AuthenticationFailureProxyUntrustedEvent
  • AuthenticationFailureServiceExceptionEvent
  • AuthenticationSuccessEvent
  • InteractiveAuthenticationSuccessEvent

AbstractAuthenticationFailureEvent又是所有认证异常发布事件的抽象类,这样就可以方便的分开成两个监听器;

定义认证成功发布事件监听器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
/**
* @Description: 用户登录成功监听器事件
* @Package: cn.appblog.security.oauth2.event.listener.AuthencationSuccessListener
* @Version: 1.0
*/
@Component
public class AuthencationSuccessListener implements ApplicationListener<AuthenticationSuccessEvent> {

@Override
public void onApplicationEvent(AuthenticationSuccessEvent event) {
//用户通过输入用户名和密码登录成功
System.out.println("---AuthenticationSuccessEvent---");
}

}

当然如果有需要可以将AuthenticationSuccessEvent更换为InteractiveAuthenticationSuccessEvent,都是认证成功,但是InteractiveAuthenticationSuccessEvent表示通过自动交互的手段来登录成功,比如cookie自动登录

定义认证失败事件发布监听器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
/**
* @Description: 用户登录成功监听器事件
* @Package: cn.appblog.security.oauth2.event.listener.AuthencationFailureListener
* @Version: 1.0
*/
@Component
public class AuthencationFailureListener implements ApplicationListener<AbstractAuthenticationFailureEvent> {
@Override
public void onApplicationEvent(AbstractAuthenticationFailureEvent event) {
if (event instanceof AuthenticationFailureBadCredentialsEvent) {
//提供的凭据是错误的,用户名或者密码错误
System.out.println("---AuthenticationFailureBadCredentialsEvent---");
} else if (event instanceof AuthenticationFailureCredentialsExpiredEvent) {
//验证通过,但是密码过期
System.out.println("---AuthenticationFailureCredentialsExpiredEvent---");
} else if (event instanceof AuthenticationFailureDisabledEvent) {
//验证过了但是账户被禁用
System.out.println("---AuthenticationFailureDisabledEvent---");
} else if (event instanceof AuthenticationFailureExpiredEvent) {
//验证通过了,但是账号已经过期
System.out.println("---AuthenticationFailureExpiredEvent---");
} else if (event instanceof AuthenticationFailureLockedEvent) {
//账户被锁定
System.out.println("---AuthenticationFailureLockedEvent---");
} else if (event instanceof AuthenticationFailureProviderNotFoundEvent) {
//配置错误,没有合适的AuthenticationProvider来处理登录验证
System.out.println("---AuthenticationFailureProviderNotFoundEvent---");
} else if (event instanceof AuthenticationFailureProxyUntrustedEvent) {
//代理不受信任,用于Oauth、CAS这类三方验证的情形,多属于配置错误
System.out.println("---AuthenticationFailureProxyUntrustedEvent---");
} else if (event instanceof AuthenticationFailureServiceExceptionEvent) {
//其他任何在AuthenticationManager中内部发生的异常都会被封装成此类
System.out.println("---AuthenticationFailureServiceExceptionEvent---");
}
}
}

本文转载参考 原文 并加以调试

Powered by AppBlog.CN     浙ICP备14037229号

Copyright © 2012 - 2020 APP开发技术博客 All Rights Reserved.

访客数 : | 访问量 :