UsernamePasswordAuthenticationFilter问题

时间:2011-09-12 07:57:19

标签: java spring spring-security

我有一个Spring Security 3应用程序,我登录和注销效果很好。我想为我的应用程序实现自己的UsernamePasswordAuthenticationFilter。我按照那个教程:

http://mrather.blogspot.com/2010/02/extending-usernamepasswordauthenticatio.html

我的过滤器类是:

package security;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException {
        super.successfulAuthentication(request, response, authResult);
        System.out.println("==successful login==");
    }

    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
        super.unsuccessfulAuthentication(request, response, failed);
        System.out.println("==failed login==");
    }
}

我的安全xml配置文件:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                    http://www.springframework.org/schema/security
                    http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <global-method-security/>

    <http entry-point-ref="loginUrlAuthenticationEntryPoint"/>
    <beans:bean id="loginUrlAuthenticationEntryPoint"
                class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <beans:property name="loginFormUrl" value="/login.html"/>
    </beans:bean>
    <beans:bean id="customUsernamePasswordAuthenticationFilter"
                class="security.CustomUsernamePasswordAuthenticationFilter">
        <beans:property name="authenticationManager" ref="authenticationManager"/>
        <beans:property name="authenticationFailureHandler" ref="failureHandler"/>
        <beans:property name="authenticationSuccessHandler" ref="successHandler"/>
    </beans:bean>
    <beans:bean id="successHandler"
                class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/login.html"/>
    </beans:bean>
    <beans:bean id="failureHandler"
                class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <beans:property name="defaultFailureUrl" value="/login.html?login_error=true"/>
    </beans:bean>
    <http auto-config="false" disable-url-rewriting="true">
        <custom-filter position="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter"/>
        <intercept-url pattern="/login.html" filters="none"/>
        <intercept-url pattern="/css/*" filters="none"/>
        <intercept-url pattern="/**" access="ROLE_USER"/>
    </http>
    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <password-encoder hash="sha-256"/>
            <user-service>
                <user name="sdf" password="6b86d273ff34fce19d6dddf5747ada4eaa22f1d49c01e52ddb7875b4b"
                      authorities="ROLE_USER"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

然而,当我运行我的应用程序时,它不会重定向到登录页面,它会默认进入索引页面并提供

404 Not found error

用于我的所有网页。有任何想法吗?我是否配置好我的应用程序?

PS:在教程中写道:

  

注意:由于我们要替换默认的FORM_LOGIN_FILTER,我们应该这样做   不使用

所以我删除了:

    <form-login
            login-page="/login3.html"
            login-processing-url="/j_spring_security_check"
            default-target-url="/index.html"
            always-use-default-target="true"/>
    <logout logout-url="/j_spring_security_logout"
            logout-success-url="/login.html"/>

来自我的XML文件。

还需要定义successHandler和failureHandler,因为我没有覆盖它们。如果我这样做是因为我要更换过滤器(或者因为 - http auto-config="false"

我不知道该行的真正目的,如果您解释,欢迎您)我应该为安全性定义其他任何内容吗?

我是Spring Security 3和Spring的新手。

1 个答案:

答案 0 :(得分:4)

我解决了tyhe问题:entry-point-ref =“loginUrlAuthenticationEntryPoint”不应该在不同的http标签上。