我在JBoss WildFly 10.0.0.CR2上使用Spring 3.2.11.RELEASE和Spring Security 3.1.4.RELEASE。我在我的应用程序上下文中设置了以下内容......
<beans:bean id="springboardUsernamePasswordUrlAuthenticationFilter" class="org.mainco.subco.core.security.SubcoUsernamePasswordUrlAuthenticationFilter">
<beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationFailureHandler">
<beans:bean class="org.mainco.subco.myproject.security.SubcoAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login/failure"/>
<beans:property name="userService" ref="userService" />
</beans:bean>
</beans:property>
<beans:property name="authenticationSuccessHandler">
<beans:bean class="org.mainco.subco.myproject.security.SubcoAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/success"/>
<beans:property name="userService" ref="userService" />
<beans:property name="sessionService" ref="sessionService" />
</beans:bean>
</beans:property>
</beans:bean>
我注意到当我输入错误的用户名/密码组合时,会调用失败处理程序,当我输入正确的用户名/密码组合时,会调用成功处理程序,最终会调用以下方法...
@RequestMapping(value = "/success")
public String authenticate(final Principal principal)
{
…
}
这是在我的web.xml中配置的。请注意,Spring安全过滤器会捕获有问题的成功URL ...
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CSRFGuard</filter-name>
<filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CSRFGuard</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
但是,当调用上面的方法时,“principal”对象为null,所以我无法确定谁登录.Spring中的哪个机制在成功登录后设置了Principal对象?我如何弄清楚为什么我似乎能够正确登录,但是未设置身份验证对象?