JSONRespEntity

package com.lee.security.comoon;

/**
 * 
 * @ClassName: JSONRespEntity
 * @Description: 響應(yīng)實(shí)體
 */
public class JSONRespEntity<T>
{
    /**
     * 返回狀態(tài)碼 // 0代表成功，else失敗善延，建議用-1
     */
    private int status;

    /**
     * 返回實(shí)體
     */
    private T data;

    /**
     * 錯(cuò)誤描述
     */
    private String msg;

    /**
     * 默認(rèn)構(gòu)造器
     */
    public JSONRespEntity()
    {
        super();
    }

    /**
     * 只返回錯(cuò)誤信息
     * 
     * @param status
     */
    public JSONRespEntity(int status)
    {
        super();
        this.status = status;
    }

    /**
     * 返回錯(cuò)誤信息和描述
     * 
     * @param status
     * @param msg
     */
    public JSONRespEntity(int status, String msg)
    {
        super();
        this.status = status;
        this.msg = msg;
    }

    /**
     * 有參構(gòu)造
     * 
     * @param status
     *            狀態(tài)碼
     * @param data
     *            實(shí)體
     * @param msg
     *            錯(cuò)誤描述
     */
    public JSONRespEntity(int status, T data, String msg)
    {
        super();
        this.status = status;
        this.data = data;
        this.msg = msg;
    }

    /**
     * @return the status
     */
    public int getStatus()
    {
        return status;
    }

    /**
     * @param status
     *            the status to set
     */
    public void setStatus(int status)
    {
        this.status = status;
    }

    /**
     * @return the data
     */
    public T getData()
    {
        return data;
    }

    /**
     * @param data
     *            the data to set
     */
    public void setData(T data)
    {
        this.data = data;
    }

    /**
     * @return the msg
     */
    public String getMsg()
    {
        return msg;
    }

    /**
     * @param msg
     *            the msg to set
     */
    public void setMsg(String msg)
    {
        this.msg = msg;
    }

}

JsonResponse

package com.lee.security.util;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.lee.security.comoon.JSONRespEntity;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 *  由于Response無(wú)法直接向客戶(hù)端 發(fā)送json 所以該工具類(lèi)使用objectMapper向前端書(shū)寫(xiě)json
 */
@Component
public class JsonResponse {

    public static Logger logger = Logger.getLogger(JsonResponse.class);

    @Autowired
    private ObjectMapper objectMapper;

    /**
     * 給客戶(hù)端返回json應(yīng)答
     *
     * @param resp
     * @param entity
     */
    public void writeJsonResponse(HttpServletResponse resp, JSONRespEntity entity)
    {
        resp.setCharacterEncoding("utf-8");
        resp.setContentType("application/json;charset=UTF-8");
        try
        {
            objectMapper.writeValue(resp.getWriter(), entity);
        } catch (IOException e)
        {
            logger.error("轉(zhuǎn)換應(yīng)答實(shí)體為JSON格式時(shí)異常少态，" + e.getMessage());
        }
    }

}

AccessDeniedHandler

package com.lee.security.springsecurity;

import com.lee.security.comoon.JSONRespEntity;
import com.lee.security.util.JsonResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 授權(quán)失敗處理器
 */
@Component(value = "myAccessDeniedHandler")
public class MyAccessDeniedHandler implements AccessDeniedHandler
{
    @Autowired
    private JsonResponse jsonResponse;

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response,
                       AccessDeniedException accessDeniedException) throws IOException, ServletException
    {
        JSONRespEntity<Object> entity = new JSONRespEntity<>();
        entity.setStatus(-998);
        entity.setMsg("無(wú)操作權(quán)限!");
        jsonResponse.writeJsonResponse(response,entity);
    }

}

AuthenticationEntryPoint

package com.lee.security.springsecurity;

import com.lee.security.comoon.JSONRespEntity;
import com.lee.security.util.JsonResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 
 *         未登錄或session已失效
 */
@Component(value = "myAuthenticationEntryPoint")
public class MyAuthenticationEntryPoint implements AuthenticationEntryPoint
{

    @Autowired
    private JsonResponse jsonResponse;

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
                         AuthenticationException authException) throws IOException, ServletException
    {
        JSONRespEntity<Object> entity = new JSONRespEntity<>();
        entity.setStatus(-997);
        entity.setMsg("請(qǐng)登錄系統(tǒng)!");
        jsonResponse.writeJsonResponse(response,entity);
    }

}

SimpleUrlAuthenticationFailureHandler

package com.lee.security.springsecurity;

import com.lee.security.comoon.JSONRespEntity;
import com.lee.security.util.JsonResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 
 * 登錄失敗處理器
 *
 */
@Component(value = "myAuthenticationFailureHandler")
public class MyAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    @Autowired
    private JsonResponse jsonResponse;

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
                                        AuthenticationException exception) throws IOException, ServletException {
        JSONRespEntity<Object> entity = new JSONRespEntity<>();
        entity.setStatus(-1);
        entity.setMsg("登錄失敗!" + (exception.getMessage()));
        jsonResponse.writeJsonResponse(response,entity);
    }
}

SavedRequestAwareAuthenticationSuccessHandler

package com.lee.security.springsecurity;

import com.lee.security.comoon.JSONRespEntity;
import com.lee.security.util.JsonResponse;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 認(rèn)證成功處理器
 *
 */
@Component(value = "myAuthenticationSuccessHandler")
public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {

    private static Logger logger = Logger.getLogger(MyAuthenticationSuccessHandler.class);

    @Autowired
    private JsonResponse jsonResponse;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                        Authentication authentication)  {
        //登錄成功后我們先拿到當(dāng)前登錄用戶(hù)的信息 共前臺(tái)使用
        MyAuthenticationToken authenticationToken = (MyAuthenticationToken) authentication;
        SpringSecurityUserInfo springSecurityUserInfo = authenticationToken.getSpringSecurityUserInfo();
        // 登錄成功后要返回的json
        JSONRespEntity<Object> entity = new JSONRespEntity<>();
        entity.setStatus(0);
        entity.setMsg("登錄成功!");
        entity.setData(springSecurityUserInfo);
        //這列將對(duì)當(dāng)前用戶(hù)信息 放心session redis 等等 比如說(shuō)移動(dòng)application.properties端的時(shí)候 以后做session共享等功能都可以在這里實(shí)現(xiàn)
        //這里我們將用戶(hù)信息直接放在security的上下文里面 后續(xù)業(yè)務(wù)需要使用的話(huà) 我們創(chuàng)建一個(gè)工具類(lèi)就可以直接拿出當(dāng)前用戶(hù)信息
        SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
        securityContext.setAuthentication(authentication);
        jsonResponse.writeJsonResponse(response,entity);
    }
}

LogoutHandler

package com.lee.security.springsecurity;

import com.lee.security.comoon.JSONRespEntity;
import com.lee.security.util.JsonResponse;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.stereotype.Component;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Component(value = "myLogoutHandler")
public class MyLogoutHandler implements LogoutHandler {

    public static Logger logger = Logger.getLogger(MyLogoutHandler.class);

    @Autowired
    private JsonResponse jsonResponse;

    @Override
    public void logout(HttpServletRequest req, HttpServletResponse resp, Authentication authentication) {
        JSONRespEntity<Object> entity = new JSONRespEntity<>();
        entity.setStatus(0);
        entity.setMsg("已成功退出登錄!");
        jsonResponse.writeJsonResponse(resp,entity);
    }

}