优化授权码模式的登录错误响应

9947000c · zlt2000 · b45f3c85 · 9947000c · 9947000c · 9947000c
5 changed file
--- a/zlt-uaa/src/main/java/com/central/oauth/config/SecurityConfig.java
+++ b/zlt-uaa/src/main/java/com/central/oauth/config/SecurityConfig.java
@@ -18,7 +18,6 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
@@ -37,8 +36,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Autowired
 	private AuthenticationSuccessHandler authenticationSuccessHandler;
-	@Autowired
-	private AuthenticationFailureHandler authenticationFailureHandler;
 	@Autowired(required = false)
 	private AuthenticationEntryPoint authenticationEntryPoint;
@@ -82,7 +79,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                    .loginPage(SecurityConstants.LOGIN_PAGE)
                    .loginProcessingUrl(SecurityConstants.OAUTH_LOGIN_PRO_URL)
                    .successHandler(authenticationSuccessHandler)
-                    .failureHandler(authenticationFailureHandler)
                    .and()
 				.logout()
 					.logoutUrl(SecurityConstants.LOGOUT_URL)

--- a/zlt-uaa/src/main/java/com/central/oauth/config/SecurityHandlerConfig.java
+++ b/zlt-uaa/src/main/java/com/central/oauth/config/SecurityHandlerConfig.java
 package com.central.oauth.config;
-import com.central.common.utils.ResponseUtil;
 import com.central.oauth.handler.OauthLogoutHandler;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.common.exceptions.*;
 import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator;
 import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
-import javax.annotation.Resource;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -32,25 +26,6 @@ import java.io.IOException;
 @Slf4j
 @Configuration
 public class SecurityHandlerConfig {
-    @Resource
-    private ObjectMapper objectMapper;
-    /**
-     * 登陆失败，返回401
-     */
-    @Bean
-    public AuthenticationFailureHandler loginFailureHandler() {
-        return (request, response, exception) -> {
-            String msg;
-            if (exception instanceof BadCredentialsException) {
-                msg = "密码错误";
-            } else {
-                msg = exception.getMessage();
-            }
-            ResponseUtil.responseWriter(objectMapper, response, msg, HttpStatus.UNAUTHORIZED.value());
-        };
-    }
    @Bean
    public OauthLogoutHandler oauthLogoutHandler() {
        return new OauthLogoutHandler();

--- a/zlt-uaa/src/main/java/com/central/oauth/filter/ValidateCodeFilter.java
+++ b/zlt-uaa/src/main/java/com/central/oauth/filter/ValidateCodeFilter.java
 package com.central.oauth.filter;
 import com.central.common.constant.SecurityConstants;
+import com.central.common.utils.ResponseUtil;
 import com.central.oauth.exception.ValidateCodeException;
 import com.central.oauth.service.IValidateCodeService;
 import com.central.oauth2.common.properties.SecurityProperties;
 import com.central.oauth2.common.util.AuthUtils;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Component;
 import org.springframework.util.AntPathMatcher;
 import org.springframework.web.filter.OncePerRequestFilter;
+import javax.annotation.Resource;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -31,11 +34,8 @@ public class ValidateCodeFilter extends OncePerRequestFilter {
    @Autowired
    private SecurityProperties securityProperties;
-    /**
+    @Resource
-     * 验证码校验失败处理器
+    private ObjectMapper objectMapper;
-     */
-    @Autowired
-    private AuthenticationFailureHandler authenticationFailureHandler;
    /**
     * 验证请求url与配置的url是否匹配的工具类
@@ -73,7 +73,7 @@ public class ValidateCodeFilter extends OncePerRequestFilter {
        try {
            validateCodeService.validate(request);
        } catch (ValidateCodeException e) {
-            authenticationFailureHandler.onAuthenticationFailure(request, response, e);
+            ResponseUtil.responseWriter(objectMapper, response, e.getMessage(), HttpStatus.BAD_REQUEST.value());
            return;
        }
        chain.doFilter(request, response);

--- a/zlt-uaa/src/main/resources/static/js/common.js
+++ b/zlt-uaa/src/main/resources/static/js/common.js
@@ -34,4 +34,9 @@ $(function(){
 			$(this).parent().next().hide();
 		}
 	});
+	let query = location.search;
+	if (query === '?error') {
+		$('#loginError').show();
+	}
 });
\ No newline at end of file
--- a/zlt-uaa/src/main/resources/static/login.html
+++ b/zlt-uaa/src/main/resources/static/login.html
@@ -30,6 +30,7 @@
                    <div class="form_btn">
                        <button type="submit">登录</button>
                    </div>
+                    <div id="loginError" class="ececk_warning" style="text-align: center;"><span>用户名或密码错误</span></div>
                    <div class="form_reg_btn">
                        <!--span>还没有帐号？</span><a href="/register">马上注册</a-->
                        &nbsp;