我正在使用 Spring Security 来实现系统登录功能。系统中有多个登录页面,如果登录时出现任何错误,页面将重定向到 xxx?error = true 。我已在xml文件中成功配置了一个<security:form-login>,如下所示:
<!-- Default security config -->
<security:http disable-url-rewriting="true">
<security:anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS" />
<!-- session stealing is prevented by using secure GUID cookie -->
<security:session-management session-fixation-protection="none" />
<security:intercept-url pattern="/login" requires-channel="https" />
<security:intercept-url pattern="/login/**" requires-channel="https" />
<security:form-login
login-page="/login"
authentication-failure-handler-ref="loginAuthenticationFailureHandler"
authentication-success-handler-ref="loginGuidAuthenticationSuccessHandler"
always-use-default-target="false"
default-target-url="/" />
<security:logout logout-url="/logout" invalidate-session="true" success-handler-ref="logoutSuccessHandler"/>
<security:port-mappings>
<security:port-mapping http="#{configurationService.configuration.getProperty('tomcat.http.port')}"
https="#{configurationService.configuration.getProperty('tomcat.ssl.port')}" />
<security:port-mapping http="80" https="443" />
</security:port-mappings>
<security:request-cache ref="httpSessionRequestCache" />
</security:http>
<bean id="loginAuthenticationFailureHandler" class="com.xxx.xxx.xxx.xxx.LoginAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login?error=true"/>
</bean>
但还有另一个名为 facebook-login 的登录页面,如何定义另一个<security:form-login/>以了解如果 / facebook-login 中存在错误,该页面将重定向到 / facebook-login?error = true ?
(我只想通过在我的xml片段上配置xml文件来实现它,但不是通过注释来实现)
答案 0 :(得分:0)
您应该在xml中添加新的<security:http>标记,然后使用pattern="/facebook-login/**"过滤您的登录页面。标记<security:form-login> login-processing-url 也不能&#34; / j_spring_security_check&#34; ,您可以使用&#34; / Facebook的登录/ j_spring_security_check&#34; 即可。例如:
<!-- Security config for Facebook login - it has its own login page -->
<security:http disable-url-rewriting="true" pattern="/facebook-login/**">
<security:anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS" />
<!-- session stealing is prevented by using secure GUID cookie -->
<security:session-management session-fixation-protection="none" />
<!-- SSL / AUTHENTICATED pages -->
<security:intercept-url pattern="/facebook-login*" requires-channel="https" />
<security:intercept-url pattern="/facebook-login/**" requires-channel="https" />
<security:form-login
login-page="/facebook-login"
login-processing-url="/facebook-login/j_spring_security_check"
authentication-failure-handler-ref="loginFacebookAuthenticationFailureHandler"
authentication-success-handler-ref="loginGuidAuthenticationSuccessHandler"
always-use-default-target="false"
default-target-url="/" />
<security:logout logout-url="/logout" invalidate-session="true" success-handler-ref="logoutSuccessHandler"/>
<security:port-mappings>
<security:port-mapping http="#{configurationService.configuration.getProperty('tomcat.http.port')}"
https="#{configurationService.configuration.getProperty('tomcat.ssl.port')}" />
<security:port-mapping http="80" https="443" />
</security:port-mappings>
<security:request-cache ref="httpSessionRequestCache" />
</security:http>
<bean id="loginFacebookAuthenticationFailureHandler" class="com.xxx.xxx.xxx.xxx.LoginAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/facebook-link?error=true"/>
</bean>