我已将spring security xml配置为根据站点提示标头进行预授权。如果请求不包含网站提示标头,或者用户信息没有出现在网站提示标头中,则我希望将请求转发到默认登录页面。我尝试按顺序放置过滤器,但无法正常工作。我尝试放置http403entry点,但无法正常工作。这是我使用siteminder令牌进行预认证的XML。还需要添加什么才能将请求重定向到登录页面?
<sec:http use-expressions="true" auto-config="true">
<sec:intercept-url pattern="/login.jsp" access="permitAll" />
<sec:intercept-url pattern="/index.jsp" access="isAuthenticated()" />
<sec:form-login login-page="/login.jsp"
login-processing-url="/j_spring_security_check"
default-target-url="/index.jsp"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<sec:logout invalidate-session="true" logout-success-url="/login.jsp?logout" />
<sec:csrf disabled="false"/>
<sec:custom-filter before="PRE_AUTH_FILTER" ref="siteminderFilter" />
<sec:session-management>
<sec:concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/login.jsp" />
</sec:session-management>
</sec:http>
<beans:bean id="siteminderFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<beans:property name="principalRequestHeader" value="myemailaddress"/>
<beans:property name="authenticationManager" ref="authenticationManager">
</beans:property>
</beans:bean>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="preauthAuthProvider" />
</sec:authentication-manager>
<beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<beans:property name="preAuthenticatedUserDetailsService">
<beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:property name="userDetailsService" ref="customUserDetailsService"/>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="customUserDetailsService" class="com.test.CustomUserDetailsService"></beans:bean>