Spring Security用户认证成功失败自定义实现

Joe.Ye 2023-03-20 Spring Security

org.springframework.security.authentication.event包下定义了发生认证时的所有事件类型,其中AbstractAuthenticationEvent是所有事件的父类,其它事件都继承于AbstractAuthenticationEvent,其子类有

  • AbstractAuthenticationFailureEvent
  • AuthenticationFailureBadCredentialsEvent
  • AuthenticationFailureCredentialsExpiredEvent
  • AuthenticationFailureDisabledEvent
  • AuthenticationFailureExpiredEvent
  • AuthenticationFailureLockedEvent
  • AuthenticationFailureProviderNotFoundEvent
  • AuthenticationFailureProxyUntrustedEvent
  • AuthenticationFailureServiceExceptionEvent
  • AuthenticationSuccessEvent
  • InteractiveAuthenticationSuccessEvent

AbstractAuthenticationFailureEvent又是所有认证异常发布事件的抽象类,这样就可以方便的分开成两个监听器;

定义认证成功发布事件监听器

/**
 * @Description: 用户登录成功监听器事件
 * @Package: cn.appblog.security.oauth2.event.listener.AuthencationSuccessListener
 * @Version: 1.0
 */
@Component
public class AuthencationSuccessListener implements ApplicationListener<AuthenticationSuccessEvent> {

    @Override
    public void onApplicationEvent(AuthenticationSuccessEvent event) {
        //用户通过输入用户名和密码登录成功
        System.out.println("---AuthenticationSuccessEvent---");
    }

}

当然如果有需要可以将AuthenticationSuccessEvent更换为InteractiveAuthenticationSuccessEvent,都是认证成功,但是InteractiveAuthenticationSuccessEvent表示通过自动交互的手段来登录成功,比如cookie自动登录

定义认证失败事件发布监听器

/**
 * @Description: 用户登录成功监听器事件
 * @Package: cn.appblog.security.oauth2.event.listener.AuthencationFailureListener
 * @Version: 1.0
 */
@Component
public class AuthencationFailureListener implements ApplicationListener<AbstractAuthenticationFailureEvent> {
    @Override
    public void onApplicationEvent(AbstractAuthenticationFailureEvent event) {
        if (event instanceof AuthenticationFailureBadCredentialsEvent) {
            //提供的凭据是错误的,用户名或者密码错误
            System.out.println("---AuthenticationFailureBadCredentialsEvent---");
        } else if (event instanceof AuthenticationFailureCredentialsExpiredEvent) {
            //验证通过,但是密码过期
            System.out.println("---AuthenticationFailureCredentialsExpiredEvent---");
        } else if (event instanceof AuthenticationFailureDisabledEvent) {
            //验证过了但是账户被禁用
            System.out.println("---AuthenticationFailureDisabledEvent---");
        } else if (event instanceof AuthenticationFailureExpiredEvent) {
            //验证通过了,但是账号已经过期
            System.out.println("---AuthenticationFailureExpiredEvent---");
        } else if (event instanceof AuthenticationFailureLockedEvent) {
            //账户被锁定
            System.out.println("---AuthenticationFailureLockedEvent---");
        } else if (event instanceof AuthenticationFailureProviderNotFoundEvent) {
            //配置错误,没有合适的AuthenticationProvider来处理登录验证
            System.out.println("---AuthenticationFailureProviderNotFoundEvent---");
        } else if (event instanceof AuthenticationFailureProxyUntrustedEvent) {
            //代理不受信任,用于Oauth、CAS这类三方验证的情形,多属于配置错误
            System.out.println("---AuthenticationFailureProxyUntrustedEvent---");
        } else if (event instanceof AuthenticationFailureServiceExceptionEvent) {
            //其他任何在AuthenticationManager中内部发生的异常都会被封装成此类
            System.out.println("---AuthenticationFailureServiceExceptionEvent---");
        }
    }
}

本文转载参考 原文 并加以调试

版权声明:
作者:Joe.Ye
链接:https://www.appblog.cn/index.php/2023/03/20/spring-security-user-authentication-success-failure-custom-implementation/
来源:APP全栈技术分享
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
打赏
海报
Spring Security用户认证成功失败自定义实现
在org.springframework.security.authentication.event包下定义了发生认证时的所有事件类型,其中AbstractAuthenticationEvent是所有事件的父类,其它事件都继……
<<上一篇
下一篇>>
文章目录
关闭
目 录