spring security无法执行authentication-success-handler-ref

时间:2015-01-04 04:38:16

标签: spring spring-mvc spring-security

这是我的spring-security.xml,

<http auto-config="true">
    <access-denied-handler error-page="/accessDenied" />

    <form-login login-page="/login" 
        authentication-success-handler-ref="mySuccessHandler"
        authentication-failure-url="/loginError" />

    <logout invalidate-session="true" logout-success-url="/main"
        logout-url="/logout" delete-cookies="JSESSIONID" />
    <remember-me key="j_spring_security_rememberme"/>

    <intercept-url pattern="/**" access="ROLE_ADMIN"/>
    <session-management invalid-session-url="/login"
        session-fixation-protection="none">
        <concurrency-control max-sessions="1"
            error-if-maximum-exceeded="false" />
    </session-management>
    <session-management
        session-authentication-strategy-ref="sas" />
</http>


<!-- 验证成功后跳转的方法 -->
<beans:bean id="mySuccessHandler" class="mocha.cms.security.LoginSuccessHandle" >
</beans:bean>


<!-- authentication-manager 设置alias别名 -->
<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="defaultUserDetailServiceImpl">
        <password-encoder hash="md5" base64="false">
            <salt-source user-property="username" />
        </password-encoder>
    </authentication-provider>
</authentication-manager>

 <beans:bean id="defaultUserDetailServiceImpl" class="mocha.cms.security.MyUserDetailServiceImpl" />  

点击“登录”按钮后,它跳转到MyUserDetailServiceImpl,并完成它,但后来无法执行LoginSuccessHandle,它有什么问题?

这是MyUserDetailServiceImpl.java

Collection<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();

    AdminVo loginAdmin =  adminService.getAdminByName(username);
    if(loginAdmin == null){
        throw new UsernameNotFoundException(username);
    }       

    List<String> permissionIdList = ImmutableList.copyOf(Splitter. on( ",").omitEmptyStrings().split(loginAdmin.getPermissionId()));

    for (String permissionId : permissionIdList) {
               auths.add(new SimpleGrantedAuthority("ROLE_ADMIN"));    
    }
    boolean enables = true;
    boolean accountNonExpired = true;
    boolean credentialsNonExpired = true;
    boolean accountNonLocked = true;


    User user = new User(username, loginAdmin.getPassword(), enables, accountNonExpired, credentialsNonExpired, accountNonLocked,
      auths);

    return user;

这是LoginSuccessHandle.java

public class LoginSuccessHandle implements AuthenticationSuccessHandler{

public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication authentication) throws IOException,ServletException {


    String path = request.getContextPath() ;
    String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";  
    response.sendRedirect(basePath+"manage/folder/allList.htm");        
}

}

1 个答案:

答案 0 :(得分:0)

我解决了,问题是加密的方式,我使用md5,而不是盐,所以,删除<salt-source user-property="username" />的代码是好的