我要评论spring security中successhandler无效
原先代码
@override
protected void configure(httpsecurity http) throws exception {
http.authorizerequests()
.anyrequest().authenticated()
// 自定义登录页面
.and()
.formlogin()
.loginpage("/login.html")
.successhandler((req, resp, auth) -> {
object principal = auth.getprincipal();
resp.setcontenttype("application/json;charset=utf-8");
printwriter out = resp.getwriter();
out.write(new objectmapper().writevalueasstring(principal));
out.flush();
out.close();
})
.permitall()
// 关闭 csrf
.and()
.csrf().disable();
}
以上代码运行之后
无论怎么测试,successhandler都无效,只会返回原来的登录页面,
但是,加入自定义登录接口url之后,successhandler又生效:
@override
protected void configure(httpsecurity http) throws exception {
http.authorizerequests()
.anyrequest().authenticated()
// 自定义登录页面
.and()
.formlogin()
.loginpage("/login.html")
// 自定义登录接口
.loginprocessingurl("/dologin")
.successhandler((req, resp, auth) -> {
object principal = auth.getprincipal();
resp.setcontenttype("application/json;charset=utf-8");
printwriter out = resp.getwriter();
out.write(new objectmapper().writevalueasstring(principal));
out.flush();
out.close();
})
.permitall()
// 关闭 csrf
.and()
.csrf().disable();
}
总结
以上为个人经验,希望能给大家一个参考,也希望大家多多支持代码网。
发表评论