Spring安全性 - 在成功的登录处理程序上访问http会话

时间:2014-12-22 13:07:45

标签: spring spring-security

我尝试使用成功的处理程序 - MySimpleUrlAuthenticationSuccessHandler - 使用request.getSession(false)登录后尝试访问HttpSession,但在此阶段它是否为null,是否有任何建议?< / p>

beans.xml的一部分:

 <security:http auto-config="false" 
                 entry-point-ref="authenticationEntryPoint">
    <security:intercept-url pattern="/**"  />

    <security:custom-filter position="FORM_LOGIN_FILTER" ref="authenticationFilter" />

    <security:remember-me />
    <security:anonymous enabled="false" />
    <security:session-management session-fixation-protection="none" />
</security:http>

<bean id="authenticationEntryPoint"
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
    <constructor-arg type="java.lang.String" value="/login"/>
</bean>

<bean id="authenticationFilter"
        class="com.me.filter.CustomAuthenticationFilter">

       <constructor-arg type="java.lang.String" value="/login"/>

       <property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
       <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
       <property name="authenticationManager" ref="authenticationManager"/>
</bean>

<bean id="authenticationFailureHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    <property name="defaultFailureUrl" value="/login/failure" />
</bean>

<bean id="authenticationSuccessHandler"
    class="com.me.web.filter.MySimpleUrlAuthenticationSuccessHandler">
    <property name="defaultTargetUrl" value="/login/success" />
</bean>

1 个答案:

答案 0 :(得分:0)

我们应该定义一个会话策略,使过滤器在成功验证时创建会话,所以beans.xml的更改是这样的:

<bean id="authenticationFilter"
        class="com.me.filter.CustomAuthenticationFilter">

       <constructor-arg type="java.lang.String" value="/login"/>

       <property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
       <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
       <property name="authenticationManager" ref="authenticationManager"/>
       <property name="sessionAuthenticationStrategy" ref="registerSessionStrategy" />
</bean>

<bean id="registerSessionStrategy" class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
    <constructor-arg name="sessionRegistry" ref="sessionRegistry" />
</bean>
<bean id="sessionRegistry"
    class="org.springframework.security.core.session.SessionRegistryImpl" />
相关问题
最新问题