假设有一个要登录的REST API:
/api/user/login
在Spring安全性中,很容易替换HTTP入口点/成功处理程序/失败处理程序,如下所示
<http
pattern="/**"
use-expressions="true"
entry-point-ref="restAuthenticationEntryPoint">
<form-login
authentication-success-handler-ref="mySuccessHandler"
authentication-failure-handler-ref="myFailureHandler"
login-processing-url="/api/user/login"
username-parameter="login"
password-parameter="password"/>
<logout
invalidate-session="true"
delete-cookies="WSESSIONID"
logout-url="/api/user/logout"/>
<csrf disabled="true"/>
<session-management>
<concurrency-control max-sessions="1" />
</session-management>
....
</http>
并在成功/失败状态下生成自定义响应:
public class RestUrlAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws ServletException, IOException {
response.getOutputStream().write("success".getBytes());
clearAuthenticationAttributes(request);
}
}
我正在寻找一种在成功和失败状态下返回与Spring MVC控制器相同的对象的方法。在这种情况下,响应编码必须与MVC控制器相同,并考虑从请求标头接受。