【问题标题】:Why is my spring security not forwarding the request to authentication-success-handler?为什么我的 Spring Security 没有将请求转发给 authentication-success-handler?
【发布时间】:2017-02-02 04:57:27
【问题描述】:

我正在尝试在我的应用程序中实现 Spring Security,但不知何故我遇到了一些问题。每当我点击其中一个截获的 URL 时,我都会得到一个自定义登录页面。但是成功登录后,我的 Spring Security 不会将其转发给身份验证成功处理程序。

我的security-context.xml 是:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:jpa="http://www.springframework.org/schema/data/jpa"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/mvc 
    http://www.springframework.org/schema/mvc/spring-mvc.xsd
    http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/data/jpa
    http://www.springframework.org/schema/data/jpa/spring-jpa.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">

    <security:http auto-config="true" use-expressions="true">
        <security:intercept-url pattern="/reviewer/**"
            access="isAuthenticated()" requires-channel="any" />

        <security:form-login login-page="/home"
            authentication-failure-url="/authfailed?errormessage=authentication.login.failed"
            authentication-success-handler-ref="successHandler"
             />
        <security:logout logout-url="/logoutsuccess" logout-success-url="/logoutsuccess" />
        <!--  <access-denied-handler ref="" error-page="/signup" /-->

    </security:http>
    <bean id="successHandler"
        class="com.reviewthedoctors.security.WebAuthenticationSuccessHandler">
    </bean>

    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider user-service-ref="userService">
        </security:authentication-provider>
    </security:authentication-manager>

    <security:jdbc-user-service id="userService"  data-source-ref="dataSource"
          users-by-username-query=
            "select email,password, true from users where email=?"
          authorities-by-username-query=
            "select email, authority from users where email =?  " />
</beans>    

而我的WebAuthenticationSuccessHandler 班级是:

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.StringUtils;


public class WebAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

    private RequestCache requestCache = new HttpSessionRequestCache();

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) throws ServletException, IOException {
        SavedRequest savedRequest = requestCache.getRequest(request, response);
        if (savedRequest == null) {
            super.onAuthenticationSuccess(request, response, authentication);
            return;
        }
        String targetUrlParameter = getTargetUrlParameter();
        if (isAlwaysUseDefaultTargetUrl()
                || (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
            requestCache.removeRequest(request, response);
            super.onAuthenticationSuccess(request, response, authentication);
            return;
        }
        clearAuthenticationAttributes(request);
        String targetUrl = savedRequest.getRedirectUrl();
        getRedirectStrategy().sendRedirect(request, response, targetUrl);
    }

    public void setRequestCache(RequestCache requestCache) {
        this.requestCache = requestCache;
    }
}

同样我的登录页面是:

<div class="page_content">
    <div class="demo-card-wide mdl-card mdl-shadow--2dp"
        style="margin-left: 50px; margin-top: 50px; width: 400px;">
        <div class="mdl-card__title">
            <h2 class="mdl-card__title-text">Login</h2>
        </div>
        <div class="mdl-card__supporting-text" style="width: 400px;">
            <form action="/revewthemovies/j_spring_security_check" method="post" modelAttribute="user">
                <div class="mdl-textfield mdl-js-textfield">
                    <input class="mdl-textfield__input" type="text" id="email"
                        name="j_username" modelAttribute="email" /> <label
                        class="mdl-textfield__label" for="name">Email</label>
                </div>
                <div class="mdl-textfield mdl-js-textfield">
                    <input class="mdl-textfield__input" type="password" id="password"
                        name="j_password" modelAttribute="password" /> <label
                        class="mdl-textfield__label" for="name">Password</label>
                </div>
                <input type="submit"
                    class="mdl-button mdl-js-button mdl-button--raised mdl-js-ripple-effect mdl-button--accent"
                    style="width: 150px; margin-bottom: 100px" value="Add" />
            </form>
        </div>

    </div>

</div>

同样,我的web.xml 是:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    version="2.5">
    <display-name>PRASM</display-name>
    <!-- <welcome-file-list> <welcome-file>/pages/home.jsp</welcome-file> </welcome-file-list> -->
    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                classpath:spring-config.xml
            </param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring-config.xml</param-value>
    </context-param>
    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <listener>
        <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
    </listener>

</web-app>

我完全不知道为什么请求没有到达WebAuthenticationSuccessHandler

每当我登录时,我都会访问此网址:

http://localhost:8080/myapp/j_spring_security_check

有人对此有什么建议吗?

【问题讨论】:

  • 自 2015 年 1 月 28 日起,您已提出 13 个问题,但尚未接受任何答案。答案没有解决你的问题吗?
  • 您好,很抱歉给您带来不便。我在 Stackoverflow 中不是很活跃,如果这是一个问题,我肯定会接受所有问题的答案。再次抱歉。
  • @Smrita 你必须implement AuthenticationSuccessHandler..WebAuthenticationSuccessHandler implements AuthenticationSuccessHandler
  • 您应该接受解决了您的问题的答案,以便将来遇到相同问题的用户有用。如果您没有得到任何答案,那么您可以设置赏金以吸引更多答案
  • 好的@SpringLearner 我会尽量听从你的建议:)

标签: java spring spring-mvc spring-security


【解决方案1】:

所以问题是我忘记在我的 web.xml 中声明以下内容。

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2014-02-01
    • 2019-01-17
    • 2014-07-18
    • 2013-07-18
    • 2021-04-19
    • 2014-03-15
    • 2018-08-23
    • 1970-01-01
    相关资源
    最近更新 更多