这就是问题,我使用内存数据库开发了一个简单的spring boot security应用程序。身份验证成功后,它将重定向到另一个站点,我的问题来自身份验证失败,因为它向我显示了一个空白屏幕。
我已经建立了一个单独的spring安全应用程序,并实现了AuthenticationFailureHandler和AuthenticationSuccessHandler。当我不使用自定义AuthenticationFailureHandler时,我的确在屏幕上收到一条BAD CREDENTIALS消息。
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import com.tech.app.security.handler.CsegAuthenticationFailureHandler;
import com.tech.app.security.handler.CsegAuthenticationSuccessHandler;
@SuppressWarnings("deprecation")
@Configuration
@EnableWebSecurity
public class CsegSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
private CsegAuthenticationSuccessHandler successHandler;
@Autowired
private CsegAuthenticationFailureHandler failureHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers(HttpMethod.POST, "/login").permitAll()
.anyRequest().authenticated().and()
.formLogin()
.successHandler(successHandler)
.failureHandler(failureHandler);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance()).withUser("user").password("password").roles("USER");
}
}
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import com.fasterxml.jackson.databind.ObjectMapper;
@Component
public class CsegAuthenticationFailureHandler implements AuthenticationFailureHandler{
private ObjectMapper objectMapper = new ObjectMapper();
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
System.out.println("credenciales invalidas");
response.setStatus(HttpStatus.UNAUTHORIZED.value());
Map<String, Object> data = new HashMap<>();
data.put("timestamp", Calendar.getInstance().getTime());
data.put("exception", exception.getMessage());
response.getOutputStream()
.println(objectMapper.writeValueAsString(data));
redirectStrategy.sendRedirect(request, response, "/login?error=true");
}
}
我想要的是在身份验证失败时将记录保存在DB中,然后返回spring生成的默认登录页面,并在屏幕上显示相应的BAD CREDENTIALS消息。我也想知道默认的AuthenticationFailureHandler在哪里以及它如何工作。我得到的只是一个空白屏幕
答案 0 :(得分:0)
通过将适当的Location
标头设置为响应来进行重定向。具有youtput流后,您必须首先以该特定顺序编写协议,标头,响应主体。
如果您开始编写正文,则不能编写标头(除非正在缓冲输出)。因此,要么写正文,要么做重定向。