spring 登录后的Spring安全重定向
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17022835/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring security redirection after login
提问by Turgut Dsfadfa
After successfull login, it doesn't redirects to "index.php". It redirects same page which is "login.php". Is there something wrong with my spring-security.xml page?
成功登录后,它不会重定向到“index.php”。它重定向同一页面,即“login.php”。我的 spring-security.xml 页面有问题吗?
By the way when I run the application it redirects me to "login.php" which is good. But It doesn't shows primefaces components but html components. After I succesfully login, It redirects the same page but this time It shows Primefaces components instead of html components.
顺便说一下,当我运行应用程序时,它会将我重定向到“login.php”,这很好。但它不显示primefaces 组件,而是显示html 组件。我成功登录后,它重定向了相同的页面,但这次它显示了 Primefaces 组件而不是 html 组件。
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/pages/login.xhtml*" access="permitAll"/>
<intercept-url pattern="/**" access="hasRole('admin')" />
<form-login login-page='/pages/login.xhtml' default-target-url="/pages/index.xhtml"
authentication-failure-url="/pages/login.xhtml"/>
<logout logout-success-url="/pages/logout.xhtml" />
</http>
<!--Authentication Manager Details -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService">
<!-- <password-encoder hash="md5"/>-->
</authentication-provider>
</authentication-manager>
my web.xml
我的 web.xml
<welcome-file-list>
<welcome-file>pages/index.xhtml</welcome-file>
</welcome-file-list>
my login page
我的登录页面
<p:outputPanel id="loginOutputPanelId" style="border: navy">
<p:panelGrid id="loginInformationPanel" columns="2">
<h:outputText value="Username: "/>
<p:inputText value="#{loginController.userName}"/>
<h:outputText value="Password: "/>
<p:inputText value="#{loginController.password}"/>
</p:panelGrid>
<p:commandButton value="Login" actionListener="#{loginController.login()}"/>
</p:outputPanel>
my loginController.login() method returns "index" string and my faces.config;
我的 loginController.login() 方法返回“index”字符串和我的 faces.config;
<navigation-rule>
<from-view-id>/pages/login.xhtml</from-view-id>
<navigation-case>
<from-outcome>index</from-outcome>
<to-view-id>/pages/index.xhtml</to-view-id>
<redirect />
</navigation-case>
</navigation-rule>
EDIT:without component it runs without any problem. When i add form-login it says "The webpage at http://localhost:8080/myApplication/pages/login.xhtmlhas resulted in too many redirects".
编辑:没有组件它运行没有任何问题。当我添加表单登录时,它说“该网页http://localhost:8080/myApplication/pages/login.xhtml导致了太多重定向”。
<http auto-config='true' use-expressions="true">
<intercept-url pattern="/**" access="hasRole('admin')" />
<logout logout-success-url="/pages/logout.xhtml" />
<form-login login-page="/pages/login.xhtml"
login-processing-url="/j_spring_security_check"
default-target-url="/pages/index.xhtml"
authentication-failure-url="/pages/login.xhtml"/>
</http>
My login page
我的登录页面
<p:outputPanel id="loginOutputPanelId" style="border: navy">
<p:panelGrid id="loginInformationPanel" columns="2">
<h:outputText value="Kullan?c? Ad?: "/>
<p:inputText id="j_username" required="true" value="#{loginController.userName}"/>
<h:outputText value="?ifre: "/>
<p:inputText id="j_password" required="true" value="#{loginController.password}"/>
</p:panelGrid>
<p:commandButton id="login" type="submit" ajax="false" value="Login" actionListener="#{loginController.login()}"/>
</p:outputPanel>
My new loginController.login() method;
我的新 loginController.login() 方法;
ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
.getRequestDispatcher("/j_spring_security_check");
dispatcher.forward((ServletRequest) context.getRequest(),
(ServletResponse) context.getResponse());
FacesContext.getCurrentInstance().responseComplete();
回答by baraber
To force spring-security to go to /pages/index.xhtml, you can use property always-use-default-targetas this :
要强制 spring-security 转到/pages/index.xhtml,您可以使用以下属性always-use-default-target:
<form-login login-page='/pages/login.xhtml'
default-target-url="/pages/index.xhtml"
always-use-default-target="true"
authentication-failure-url="/pages/login.xhtml"/>
Otherwise, the login page should be shown automatically by spring security when the user calls a secured resource, and once login done, continue to the secured resource it was originally asked for.
否则,当用户调用受保护资源时,spring security 应自动显示登录页面,并且一旦登录完成,继续访问最初要求的受保护资源。
In your case, some confusion seems to come from the fact that you want spring security to handle the login, and you try to handle it yourself with a jsf actionListener and navigation rules.
在您的情况下,您希望 spring security 来处理登录,并且您尝试使用 jsf actionListener 和导航规则自己处理它,这似乎引起了一些混乱。
putting "<form-login [...]" in the configuration essentially tells spring to activate a filter (UsernamePasswordAuthenticationFilter) that will listen to requests made to /j_spring_security_check. If you want spring to handle login, by default your form login must request this url, passing two parameters : j_usernameand j_password.
将“ <form-login [...]”放在配置中本质上是告诉 spring 激活一个过滤器 ( UsernamePasswordAuthenticationFilter),它将侦听对/j_spring_security_check. 如果你想让 spring 处理登录,默认情况下你的表单登录必须请求这个 url,传递两个参数 :j_username和j_password.
This way, spring's UsernamePasswordAuthenticationFilterwill kick in and try to authenticate the provided credentials using the UserDetailsService you configured in your AuthenticationProvider.
这样,springUsernamePasswordAuthenticationFilter将启动并尝试使用您在 AuthenticationProvider 中配置的 UserDetailsService 对提供的凭据进行身份验证。
I think you have to remove your jsf controller for login and use spring-security to handle authentication.
我认为您必须删除用于登录的 jsf 控制器并使用 spring-security 来处理身份验证。
Hope this helps.
希望这可以帮助。
PS : make sure your web.xml defines the DelegatingFilterProxy before all other servlet filters :
PS:确保您的 web.xml 在所有其他 servlet 过滤器之前定义 DelegatingFilterProxy:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
回答by Haseeb
Please check your Faces ServletURL pattern in web.xml.
请在 中检查您的Faces ServletURL 模式web.xml。
If it contains .jsflike:
如果它包含.jsf像:
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
then you must update your code in spring-security.xml like:
那么你必须在 spring-security.xml 中更新你的代码,比如:
<form-login login-page="/pages/login.jsf"
login-processing-url="/j_spring_security_check"
default-target-url="/pages/index.jsf"
authentication-failure-url="/pages/login.jsf"/>
