我有一个Spring Security 3应用程序,我登录和注销效果很好。我想为我的应用程序实现自己的UsernamePasswordAuthenticationFilter。我按照那个教程:
http://mrather.blogspot.com/2010/02/extending-usernamepasswordauthenticatio.html
我的过滤器类是:
package security;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException {
super.successfulAuthentication(request, response, authResult);
System.out.println("==successful login==");
}
@Override
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
super.unsuccessfulAuthentication(request, response, failed);
System.out.println("==failed login==");
}
}
我的安全xml配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security/>
<http entry-point-ref="loginUrlAuthenticationEntryPoint"/>
<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.html"/>
</beans:bean>
<beans:bean id="customUsernamePasswordAuthenticationFilter"
class="security.CustomUsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationFailureHandler" ref="failureHandler"/>
<beans:property name="authenticationSuccessHandler" ref="successHandler"/>
</beans:bean>
<beans:bean id="successHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/login.html"/>
</beans:bean>
<beans:bean id="failureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login.html?login_error=true"/>
</beans:bean>
<http auto-config="false" disable-url-rewriting="true">
<custom-filter position="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter"/>
<intercept-url pattern="/login.html" filters="none"/>
<intercept-url pattern="/css/*" filters="none"/>
<intercept-url pattern="/**" access="ROLE_USER"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<password-encoder hash="sha-256"/>
<user-service>
<user name="sdf" password="6b86d273ff34fce19d6dddf5747ada4eaa22f1d49c01e52ddb7875b4b"
authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
然而,当我运行我的应用程序时,它不会重定向到登录页面,它会默认进入索引页面并提供
404 Not found error
用于我的所有网页。有任何想法吗?我是否配置好我的应用程序?
PS:在教程中写道:
注意:由于我们要替换默认的FORM_LOGIN_FILTER,我们应该这样做 不使用
所以我删除了:
<form-login
login-page="/login3.html"
login-processing-url="/j_spring_security_check"
default-target-url="/index.html"
always-use-default-target="true"/>
<logout logout-url="/j_spring_security_logout"
logout-success-url="/login.html"/>
来自我的XML文件。
还需要定义successHandler和failureHandler,因为我没有覆盖它们。如果我这样做是因为我要更换过滤器(或者因为 - http auto-config="false"
我不知道该行的真正目的,如果您解释,欢迎您)我应该为安全性定义其他任何内容吗?
我是Spring Security 3和Spring的新手。
答案 0 :(得分:4)
我解决了tyhe问题:entry-point-ref =“loginUrlAuthenticationEntryPoint”不应该在不同的http标签上。