如何在自定义过滤器弹簧安全性

Question

我制作了自定义过滤器和failureHandler。但要使其工作，我需要在过滤器中注册处理程序。如果有人会在我的代码中写下如何做，我会很高兴。我知道stackowerflow中有很多例子，但我是spring和java的新手，要了解它是如何工作的，我需要一个我的应用程序的例子。请不要回答“这是重复”。 我的过滤器：

@Component("MyAuthFilter")
public class MyAuthFilter extends UsernamePasswordAuthenticationFilter {

    private int errCode = 5;

    @Autowired
    @Qualifier("authenticationManager")
    @Override
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        super.setAuthenticationManager(authenticationManager);
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException {

        System.out.println("running my own version of UsernmePasswordFilter ... ");

        String login = (String) request.getParameter("login");
        String password = (String) request.getParameter("password");
        errCode = validate(login, password);
        System.out.println(login + " - " + password);
        System.out.println(request.getQueryString());           
        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(login, password);
        // Allow subclasses to set the "details" property
        setDetails(request, authRequest);
        return this.getAuthenticationManager().authenticate(authRequest);
    }

    private int validate(String login, String password) {

        if (login.isEmpty() && password.isEmpty()) {
            return 4;
        }
        if (login.isEmpty() && !password.isEmpty()) {
            return 2;
        }
        if (!login.isEmpty() && password.isEmpty()) {
            return 3;
        }

        return 1;
    }
}

这是我的经纪人：

public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    public LoginFailureHandler() {
        System.out.println("i debug");
    }

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException exception) throws IOException, ServletException {

           System.out.println("do smth");
            super.onAuthenticationFailure(request, response, exception);

    }

}

和我的spring-security.xml：

<beans:bean id="authenticationFailureHandler" class="com.webproject.LoginFailureHandler" />

    <http auto-config="true" use-expressions="true">
        <intercept-url pattern="/courses*" access="hasRole('ROLE_USER')" />
        <custom-filter  before="FORM_LOGIN_FILTER" ref="MyAuthFilter" />
        <form-login
            login-page="/login"
            default-target-url="/courses"
            username-parameter="loginField"
            password-parameter="passwordField" 
            authentication-failure-handler-ref="authenticationFailureHandler"
        />
        <csrf disabled="true" />
    </http>

    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <user-service>
                <user name="ars" password="1234" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

Answer 1

向bean声明并将它们自动装配到您的过滤器

@Bean
public AuthenticationFailureHandler getFailureHandler(){
  SimpleUrlAuthenticationFailureHandler handler  =  new SimpleUrlAuthenticationFailureHandler();
  handler.setDefaultFailureUrl("/login.html");
  return handler;
}

MyAuthFilter

@Autowired
@Qualifier("authenticationManager")
@Override
public void setAuthenticationManager(AuthenticationManager authenticationManager, AuthenticationFailureHandler failureHandler) {
    this.setAuthenticationManager(authenticationManager);
    this.setAuthenticationFailureHandler(failureHandler);
}