扩展spring security UsernamePasswordAuthenticationFilter

时间:2014-02-12 09:30:58

标签: java spring-security

我正在尝试扩展UsernamePasswordAuthenticationFilter,如本教程所示:http://blog.awnry.com/post/16183749439/two-factor-authentication-and-spring-security-3

这是我的security.xml:

<security:http use-expressions="true" auto-config="false"
    entry-point-ref="loginUrlAuthenticationEntryPoint">

    <security:custom-filter position="FORM_LOGIN_FILTER"
        ref="twoFactorAuthenticationFilter" />

    <security:intercept-url pattern="/**"
        access="isAuthenticated()" />


    <security:logout logout-url="/player/logout"
        success-handler-ref="playerLogoutSuccessHandler" />

</security:http>

<bean id="loginUrlAuthenticationEntryPoint"
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <property name="loginFormUrl" value="/demo/player/login" />
</bean>

<bean id="twoFactorAuthenticationFilter"
    class="com.XXX.filter.TwoFactorAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="authenticationFailureHandler" ref="failureHandler" />
    <property name="authenticationSuccessHandler" ref="playerAuthenticationSuccessHandler" />
    <property name="filterProcessesUrl" value="/processLogin" />
    <property name="postOnly" value="true" />
    <property name="extraParameter" value="domain" />
</bean>


<bean id="failureHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    <property name="defaultFailureUrl" value="/login?login_error=true" />
</bean>

    <bean id="bCryptPasswordEncoder"
        class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />



    <security:authentication-manager
        alias="authenticationManager">
        <security:authentication-provider
            ref="authenticationProvider">
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

当我到达需要注册的页面时,我的自定义登录会出现,但在提交时没有任何附加内容。

我的登录信息:

<body>
<form method="post" action="http://localhost:8080/XXX/j_spring_security_check">
        <div id="passwordLoginOption" class="form">
            <div class="row">
                <div class="label left">
                    <label for="j_username">login:</label>
                </div>
                <div class="right">
                    <div class="textWrapper">
                        <input type="text" name="j_username"/>
                    </div>
                </div>
                <div class="cl"></div>
            </div>
            <div class="row">
                <div class="label left">
                    <label for="j_password">password:</label>
                </div>
                <div class="right">
                    <div class="textWrapper">
                        <input type="password" name="j_password"/>
                    </div>
                </div>
                <div class="cl"></div>
            </div>
             <div class="row">
                <div class="label left">
                    <label for="brand">brand:</label>
                </div>
                <div class="right">
                    <div class="textWrapper">
                        <input type="text" name="brand"/>
                    </div>
                </div>
                <div class="cl"></div>
            </div>
                <div class="buttons">
                <input type="submit" value="Login"/>
            </div>
        </div>
    </form>
</body>

想法?

1 个答案:

答案 0 :(得分:1)

您已指定filterProcessesUrl,因此您的登录表单需要提交。具体来说,你应该使用类似的东西:

<form method="post" action="/XXX/filterProcessesUrl">

当然,理想情况下,您不会对上下文根进行硬编码。如果您使用的是JSP,则可以使用<c:url>标记自动包含上下文根。