我尝试使用成功的处理程序 - MySimpleUrlAuthenticationSuccessHandler
- 使用request.getSession(false)
登录后尝试访问HttpSession,但在此阶段它是否为null,是否有任何建议?< / p>
beans.xml的一部分:
<security:http auto-config="false"
entry-point-ref="authenticationEntryPoint">
<security:intercept-url pattern="/**" />
<security:custom-filter position="FORM_LOGIN_FILTER" ref="authenticationFilter" />
<security:remember-me />
<security:anonymous enabled="false" />
<security:session-management session-fixation-protection="none" />
</security:http>
<bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
<constructor-arg type="java.lang.String" value="/login"/>
</bean>
<bean id="authenticationFilter"
class="com.me.filter.CustomAuthenticationFilter">
<constructor-arg type="java.lang.String" value="/login"/>
<property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login/failure" />
</bean>
<bean id="authenticationSuccessHandler"
class="com.me.web.filter.MySimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/login/success" />
</bean>
答案 0 :(得分:0)
我们应该定义一个会话策略,使过滤器在成功验证时创建会话,所以beans.xml的更改是这样的:
<bean id="authenticationFilter"
class="com.me.filter.CustomAuthenticationFilter">
<constructor-arg type="java.lang.String" value="/login"/>
<property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
<property name="authenticationManager" ref="authenticationManager"/>
<property name="sessionAuthenticationStrategy" ref="registerSessionStrategy" />
</bean>
<bean id="registerSessionStrategy" class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />