这是我的spring-security.xml:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/courses*" access="hasRole('ROLE_USER')" />
<custom-filter before="FORM_LOGIN_FILTER" ref="MyAuthFilter" />
<form-login
login-page="/login"
default-target-url="/courses"
authentication-failure-url="/login?error"
username-parameter="loginField"
password-parameter="passwordField" />
<csrf disabled="true" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="ars" password="1234" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
这是MyAuthFilter:
@Component("MyAuthFilter")
public class MyAuthFilter extends UsernamePasswordAuthenticationFilter {
@Autowired
@Qualifier("authenticationManager")
@Override
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException {
System.out.println("running my own version of UsernmePasswordFilter ... ");
LoginForm loginForm = new LoginForm();
loginForm.setUsername(request.getParameter("login"));
loginForm.setPassword(request.getParameter("password"));
request.setAttribute("error", 3);
System.out.println("login : " + loginForm.getUsername());
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(loginForm.getUsername(), loginForm.getPassword());
setDetails(request, authRequest);
Authentication authResult = this.getAuthenticationManager().authenticate(authRequest);
return authResult;
}
}
当我输入错误的登录名或密码时,它会显示&#34;错误的凭据&#34;错误而不是重定向到登录页面。没有自定义筛选器它工作正常。 我只是想检查登录\密码有什么问题并设置&#34;错误&#34;我可以在登录表单中使用,以显示具体的错误,如&#34;空通#34;等
我需要创建一个登录页面,显示具体错误,如&#34;空传递\空登录\空\错误登录或传递&#34;。如果有人可以与这些验证的示例或指南共享链接,我将非常感激。
答案 0 :(得分:2)
定义成功和失败处理程序
@Bean
public AuthenticationSuccessHandler getSuccessHandler(){
SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
handler.setDefaultTargetUrl("/login.html");
return handler;
}
@Bean
public AuthenticationFailureHandler getFailureHandler(){
SimpleUrlAuthenticationFailureHandler handler = new SimpleUrlAuthenticationFailureHandler();
handler.setDefaultFailureUrl("/login.html");
return handler;
}
过滤器中的
@Autowired
@Qualifier("authenticationManager")
@Override
public void setAuthenticationManager(AuthenticationManager authenticationManager, AuthenticationSuccessHandler successHandler, AuthenticationFailureHandler failureHandler) {
super.setAuthenticationManager(authenticationManager);
this.setAuthenticationSuccessHandler(successHandler);
this.setAuthenticationFailureHandler(failureHandler);
}