大家好,我的项目中存在很大问题。
我已将项目配置为使用Java EE Security for Authentication和Spring Security进行授权,使用spring Pre Authentication。
在Java EE登录后,应用程序进入预身份验证过滤器类,我在其中设置授予的权限。但在那之后没有导航到我的主页,应用程序触发我再次通过Java EE容器安全性登录。如果我第二次登录它导航到应用程序的主页。 我想摆脱第二次登录。
我正在使用vaadin for UI。以下是我的课程
web.xml
-------------------------------------------------------------------
<security-constraint>
<display-name>SecureApplicationConstraint</display-name>
<web-resource-collection>
<web-resource-name>Vaadin application</web-resource-name>
<description>The entire Vaadin application is
protected</description>
<url-pattern>/application/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Only valid users are allowed</description>
<role-name>authenticated</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description />
<role-name>authenticated</role-name>
</security-role>
=====================================================================
security.xml
======================================================================
<sec:http realm="My Realm" auto-config='true' create-session="ifRequired" disable-url-rewriting="true">
<sec:intercept-url pattern="/application/**" access="ROLE_XXXUSER"/>
<sec:custom-filter ref="myPreAuthFilter" position="PRE_AUTH_FILTER"/>
<sec:session-management session-fixation-protection="newSession"/>
</sec:http>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref='preAuthenticatedAuthenticationProvider'/>
</sec:authentication-manager>
<bean id="myPreAuthFilter"
class="com.xxx.yyy.web.security.xxxPreAuthenticatedProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
<property name="continueFilterChainOnUnsuccessfulAuthentication" value="false"/>
</bean>
<bean id="authenticationDetailsSource"
class="com.xxx.yyy.web.security.xxxAuthenticationDetailsSource" />
<bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<constructor-arg>
<list>
<ref bean="preAuthenticatedAuthenticationProvider"/>
</list>
</constructor-arg>
</bean>
<bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
</bean>
<bean id="preAuthenticatedUserDetailsService" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
</beans>