java UsernamePasswordAuthenticationFilter 问题
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7384842/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
UsernamePasswordAuthenticationFilter Problem
提问by kamaci
I have a Spring Security 3 application that I login and logout works well. I wanted to implenment my own UsernamePasswordAuthenticationFilter for my application. I followed that tutorial:
我有一个 Spring Security 3 应用程序,我登录和注销运行良好。我想为我的应用程序实现我自己的 UsernamePasswordAuthenticationFilter。我跟着那个教程:
http://mrather.blogspot.com/2010/02/extending-usernamepasswordauthenticatio.html
http://mrather.blogspot.com/2010/02/extending-usernamepasswordauthenticatio.html
My Filter class is:
我的过滤器类是:
package security;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException {
super.successfulAuthentication(request, response, authResult);
System.out.println("==successful login==");
}
@Override
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
super.unsuccessfulAuthentication(request, response, failed);
System.out.println("==failed login==");
}
}
My security xml configuration file:
我的安全xml配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security/>
<http entry-point-ref="loginUrlAuthenticationEntryPoint"/>
<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.html"/>
</beans:bean>
<beans:bean id="customUsernamePasswordAuthenticationFilter"
class="security.CustomUsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationFailureHandler" ref="failureHandler"/>
<beans:property name="authenticationSuccessHandler" ref="successHandler"/>
</beans:bean>
<beans:bean id="successHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/login.html"/>
</beans:bean>
<beans:bean id="failureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login.html?login_error=true"/>
</beans:bean>
<http auto-config="false" disable-url-rewriting="true">
<custom-filter position="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter"/>
<intercept-url pattern="/login.html" filters="none"/>
<intercept-url pattern="/css/*" filters="none"/>
<intercept-url pattern="/**" access="ROLE_USER"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<password-encoder hash="sha-256"/>
<user-service>
<user name="sdf" password="6b86d273ff34fce19d6dddf5747ada4eaa22f1d49c01e52ddb7875b4b"
authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
However when I run my application it doesn't redirect to login page, it goes to index page by default and gives
但是,当我运行我的应用程序时,它不会重定向到登录页面,而是默认转到索引页面并给出
404 Not found error
for all my web pages. Any ideas? Did I configure my application well?
对于我所有的网页。有任何想法吗?我的应用程序配置好了吗?
PS:That writes at tutorial:
PS:在教程中写道:
Note: Since we are replacing the default FORM_LOGIN_FILTER, we should not use
注意:由于我们正在替换默认的 FORM_LOGIN_FILTER,我们不应该使用
so I removed that:
所以我删除了:
<form-login
login-page="/login3.html"
login-processing-url="/j_spring_security_check"
default-target-url="/index.html"
always-use-default-target="true"/>
<logout logout-url="/j_spring_security_logout"
logout-success-url="/login.html"/>
from my XML file.
从我的 XML 文件。
Also is there need to define successHandler and failureHandler because I didn't overwrite them. If I do it because I am replacing the filter(or because of -http auto-config="false"
还需要定义 successHandler 和 failureHandler 因为我没有覆盖它们。如果我这样做是因为我要更换过滤器(或因为 -http auto-config="false"
I don't know the real purpose of that line, if you explain you are welcome) should I define anything else for security?
我不知道那条线的真正目的,如果你解释你是受欢迎的)我应该为安全定义其他任何东西吗?
I am new to Spring Security 3 and Spring.
我是 Spring Security 3 和 Spring 的新手。
采纳答案by kamaci
I solved tyhe problem: entry-point-ref="loginUrlAuthenticationEntryPoint" shouldn't be at different http tag.
我解决了你的问题: entry-point-ref="loginUrlAuthenticationEntryPoint" 不应该在不同的 http 标签上。
