春季安全显示"不良凭证"错误而不是重定向

时间:2016-11-29 13:08:02

标签: java spring spring-mvc spring-security

这是我的spring-security.xml:

<http auto-config="true" use-expressions="true">
        <intercept-url pattern="/courses*" access="hasRole('ROLE_USER')" />
        <custom-filter  before="FORM_LOGIN_FILTER" ref="MyAuthFilter" />
        <form-login
            login-page="/login"
            default-target-url="/courses"
            authentication-failure-url="/login?error"
            username-parameter="loginField"
            password-parameter="passwordField" />
        <csrf disabled="true" />
    </http>

    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <user-service>
                <user name="ars" password="1234" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

这是MyAuthFilter:

@Component("MyAuthFilter")
public class MyAuthFilter extends UsernamePasswordAuthenticationFilter {

    @Autowired
    @Qualifier("authenticationManager")
    @Override
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        super.setAuthenticationManager(authenticationManager);
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException {

        System.out.println("running my own version of UsernmePasswordFilter ... ");

        LoginForm loginForm = new LoginForm();
        loginForm.setUsername(request.getParameter("login"));
        loginForm.setPassword(request.getParameter("password"));
        request.setAttribute("error", 3);
        System.out.println("login : " + loginForm.getUsername());
        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(loginForm.getUsername(), loginForm.getPassword());
        setDetails(request, authRequest);
        Authentication authResult = this.getAuthenticationManager().authenticate(authRequest);

        return authResult;
    }
}

当我输入错误的登录名或密码时,它会显示&#34;错误的凭据&#34;错误而不是重定向到登录页面。没有自定义筛选器它工作正常。 我只是想检查登录\密码有什么问题并设置&#34;错误&#34;我可以在登录表单中使用,以显示具体的错误,如&#34;空通#34;等

我需要创建一个登录页面,显示具体错误,如&#34;空传递\空登录\空\错误登录或传递&#34;。如果有人可以与这些验证的示例或指南共享链接,我将非常感激。

1 个答案:

答案 0 :(得分:2)

定义成功和失败处理程序

@Bean
public AuthenticationSuccessHandler getSuccessHandler(){
  SavedRequestAwareAuthenticationSuccessHandler handler =  new SavedRequestAwareAuthenticationSuccessHandler();
  handler.setDefaultTargetUrl("/login.html");
  return handler;
}


@Bean
public AuthenticationFailureHandler getFailureHandler(){
  SimpleUrlAuthenticationFailureHandler handler  =  new SimpleUrlAuthenticationFailureHandler();
  handler.setDefaultFailureUrl("/login.html");
  return handler;
}
过滤器中的

@Autowired
    @Qualifier("authenticationManager")
    @Override
    public void setAuthenticationManager(AuthenticationManager authenticationManager, AuthenticationSuccessHandler successHandler, AuthenticationFailureHandler failureHandler) {
        super.setAuthenticationManager(authenticationManager);
        this.setAuthenticationSuccessHandler(successHandler);
        this.setAuthenticationFailureHandler(failureHandler);
    }