在REST登录时拥有AuthenticationFailureHandler

时间:2014-06-20 11:45:07

标签: java spring spring-security spring-security-oauth2

我试图弄清楚REST登录中AuthenticationFailureHandler的bean配置是什么。通常,AuthenticationFailureHandler的示例与Form-Login结合使用。我想要实现的是基于3次不正确的登录尝试锁定帐户。我当前的bean配置

<http pattern="/oauth/token" create-session="stateless"   authentication-manager-ref="authenticationManager" xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/oauth/token" access="ROLE_USER"  />
    <anonymous enabled="false" />
    <http-basic entry-point-ref="clientAuthenticationEntryPoint"  />

    <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />

    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<beans:bean id="restServicesSuccessHandler" class="com.cointraders.api.handlers.RestAuthenticationSuccessHandler" />    

<beans:bean id="restServicesFailureHandler" class="com.cointraders.api.handlers.RestAuthenticationFailureHandler" />

                               

<beans:bean id="customUserDetailService" class="com.cointraders.api.services.UserDetailsServiceImpl" />


<beans:bean id="daoProvider" class="com.cointraders.api.daoauthproviders.CustomDaoAuthenticationProvider">
    <beans:property name="userDetailsService" ref="customUserDetailService"/>
    <beans:property name="passwordEncoder" ref="passwordEncoder" />
</beans:bean>

<beans:bean id="clientDetails" class="org.springframework.security.oauth2.provider.JdbcClientDetailsService">
    <beans:constructor-arg ref="dataSource" />
</beans:bean>

<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
    <beans:constructor-arg>
        <beans:list>
            <beans:bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
            <beans:bean class="org.springframework.security.access.vote.RoleVoter" />
            <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </beans:list>
    </beans:constructor-arg>
</beans:bean>   

<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">
    <oauth:refresh-token />
    <oauth:client-credentials/>
    <oauth:custom-grant token-granter-ref="randomTokenGrant" />
</oauth:authorization-server>


<oauth:resource-server id="resourceServerFilter" resource-id="api" token-services-ref="tokenServices" />

0 个答案:

没有答案
相关问题
最新问题