java Spring Security 中覆盖默认登录处理 url 的用例是什么
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16359701/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What is the use case for overriding default login-processing-url in spring security
提问by Abhijit Mazumder
Here is a sample config for spring security form login
这是 spring 安全表单登录的示例配置
<http auto-config="true" use-expressions="false">
<form-login login-processing-url="/static/j_spring_security_check"
login-page="/login"
authentication-failure-url="/login?login_error=t"/>
</http>
Now if I dont specify any explicit login-processing-url spring assumes it as only "/j_spring_security_check". I could not find any type of functional difference between default and the overridden one and found spring handles the change seamlessly. I tried to do google to understand when should we override it. None of the answer satisfied me.
现在,如果我没有指定任何显式的 login-processing-url,spring 会将它假定为“/j_spring_security_check”。我找不到默认和覆盖之间的任何类型的功能差异,并且发现 spring 可以无缝地处理更改。我试着用谷歌来了解我们什么时候应该覆盖它。没有一个答案让我满意。
So when and why should we override the default login-processing-url? And most importantly is there any usecase when we "must" override the default?
那么我们什么时候以及为什么应该覆盖默认的 login-processing-url 呢?最重要的是,当我们“必须”覆盖默认值时,是否有任何用例?
Thanks
谢谢
回答by Jay Lindquist
If you want to hide the fact that you are using Spring Security, you should override the login-processing-urlto something like "forms/login", as well as the username and password form parameters. This help hide the framework that you are using to secure your site.
如果你想隐藏你正在使用 Spring Security 的事实,你应该覆盖login-processing-url像“forms/login”这样的东西,以及用户名和密码表单参数。这有助于隐藏您用来保护站点的框架。
The <form-login>tag is a short hand for configuring the UsernamePasswordAuthenticationFilter. This filter will only be invoked by the URL specified in login-processing-urland will use the value set for username-parameterand password-parameteras the username and password from the request.
该<form-login>标签是配置UsernamePasswordAuthenticationFilter的简写。此过滤器将仅由 中指定的 URL 调用login-processing-url,并将使用为username-parameter和设置的值password-parameter作为请求中的用户名和密码。
