Question

我们有一个内部框架，使用spring security 3.1.4为我们的应用程序执行登录验证过程这是security-applicationContext.xml的一部分

<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:aop="http://www.springframework.org/schema/aop"
  xsi:schemaLocation="http://www.springframework.org/schema/beans  
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.1.xsd
       http://www.springframework.org/schema/aop    http://www.springframework.org/schema/aop/spring-aop-3.1.xsd"> 
//some other beans....
<http use-expressions="true" auto-config="false" disable-url-rewriting="true" entry-point-ref="loginUrlAuthenticationEntryPoint"
        request-matcher-ref="localAuthRequestMatcher">
  <intercept-url pattern="/admin/**" access="hasRole('ADMIN_PERMISSION')" />
  <intercept-url pattern="/system/**" access="hasRole('ADMIN_PERMISSION')" />
  <intercept-url pattern="/enduser/**" access="isAuthenticated()" />
  <intercept-url pattern="/changePassword.do" access="isAuthenticated()"/>      
  <intercept-url pattern="/index.do" access="isAnonymous()" />
  <custom-filter after="SECURITY_CONTEXT_FILTER" ref="welcomePageRedirectFilter" />
  <custom-filter before="LOGOUT_FILTER" ref="internalAuthenticationFilter" />
  <form-login login-page="/index.do" authentication-failure-handler-ref="DCAuthenticationFailureHandler" authentication-success-handler-ref="DCAuthenticationSuccessHandler" />
  <http-basic />
  <anonymous />      
  <session-management session-authentication-strategy-ref="customSessionFixationProtectionStrategy" />  
  <logout success-handler-ref="localLogoutSuccessHandler" />       
</http> 
</beans:beans>

我们在applicationContext中引用此security-applicationContext.xml配置，如下所示

<import resource="classpath:/security-applicationContext.xml" />

我需要扩展DCAuthenticationSuccessHandler的功能，所以我通过扩展DCAuthenticationSuccessHandler创建了一个新类CPAuthenticationSuccessHandler。

如何将CPAuthenticationSuccessHandler配置为authentication-success-handler，以覆盖DCAuthenticationSuccessHandler的功能，而无需触及security-applicationContext.xml。我真的很感谢有人帮助你

我创建了CPAuthenticationHandler，如下所示

@Component
@Primary
public class CPAuthenticationSuccessHandler extends DCAuthenticationSuccessHandler {
 @Override
public void onAuthenticationSuccess(final HttpServletRequest request, HttpServletResponse response,
        Authentication authentication) throws IOException, ServletException {
    new DefaultRedirectStrategy().sendRedirect(request, response,
            this.onAuthenticationSuccessUrl(request, response, authentication));
}

    @Override
    public String onAuthenticationSuccessUrl(final HttpServletRequest request, HttpServletResponse response,
        Authentication authentication) throws IOException, ServletException {
.......
}

但是没有调用CPAuthenticationSuccessHandler，我在两个处理程序中都有一个断点，但控制总是转到DCAuthenticationSuccessHandler。

Answer 1

有关如何将自定义AuthenticationSuccessHandler连接到您的安全上下文中的示例，请参阅此帖子here上的回答。

但是，在您的情况下，您希望扩展AuthenticationSuccessHandler而不是实施DCAuthenticationSuccessHandler，并在super.onAuthenticationSuccess(request, response, authentication)的最后一行调用CPAuthenticationSuccessHandler。

这样的事情：

public class CPAuthenticationSuccessHandler extends DCAuthenticationSuccessHandler{
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, 
        HttpServletResponse response, Authentication authentication){
        /* Do anything that you want to do here. Any changes to the HttpServletResponse
         * will be overwritten when you call super. So when you call super will
         * depend on what logic you want to implement.
         */

        super.onAuthenticationSuccess(request, response, authentication);
    }
}

如果您有任何不明白的地方，请告诉我

如何覆盖默认的spring security XML配置？

1 个答案: