安全配置中的已注册处理程序:
.formLogin().loginPage(/login).failureHandler(new CustomAuthenticationFailureHandler())
我的自定义失败处理程序:
public class CustomAuthenticationFailureHandler implements AuthenticationFailureHandler {
private String failureUrl="/login?error";
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
this.redirectStrategy.sendRedirect(request, response, this.failureUrl);
}
}
当auth失败发生时, onAuthenticationFailure
会被触发,但是Spring会触发另外一个请求,请找到另一个req堆栈,
LoginUrlAuthenticationEntryPoint.commence(HttpServletRequest, HttpServletResponse, AuthenticationException) line: 169
ExceptionTranslationFilter.sendStartAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, AuthenticationException) line: 204
ExceptionTranslationFilter.handleSpringSecurityException(HttpServletRequest, HttpServletResponse, FilterChain, RuntimeException) line: 178
因此,此请求会覆盖我的sendredirect请求。
我是否需要配置/执行其他任何操作才能实现此目的?请帮忙。 提前致谢
我的配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(SignUpFilter(userService), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers(
"/",
"/register",
"/retrieveUsernameForm",
.permitAll()
.and()
.anonymous()
.authenticationProvider(anonymousAuthenticationProvider())
.authenticationFilter(anonymousAuthenticationFilter())
.and()
.formLogin()
.loginPage(SecurityController.URI_LOGIN)
.failureHandler(new CustomAuthenticationFailureHandler())
.permitAll()
.defaultSuccessUrl(securityController.createUri(SecurityController.PATH_PART_LOGIN))
.and()
.rememberMe()
.rememberMeParameter("remember-me")
.key(REMEMBERME_TOKEN_KEY)
.rememberMeServices(tokenBasedRememberMeServices())
.and()
.logout()
.permitAll()
.and()
.headers()
.frameOptions().disable()
.addHeaderWriter(new StaticHeadersWriter("X-Frame-Options", "SAMEORIGIN"))
.and()
.csrf().disable();
http.formLogin()
.addObjectPostProcessor(new ObjectPostProcessor<UsernamePasswordAuthenticationFilter>() {
@Override
public UsernamePasswordAuthenticationFilter postProcess(UsernamePasswordAuthenticationFilter filter) {
filter.setSessionAuthenticationStrategy(sessionAuthenticationStrategyForContentAndStoreUsers());
return filter;
}
});
http.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
}