将 Spring Security 移至 Java Config,authentication-success-handler-ref 去哪里了?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21097528/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Moving Spring Security To Java Config, where does authentication-success-handler-ref go?
提问by geekonablog
Our app has a custom success handler for successful logins. It basically redirects them to the page they were on when their session expired.
我们的应用程序有一个用于成功登录的自定义成功处理程序。它基本上将他们重定向到他们会话过期时所在的页面。
We're moving to a Java config rather than a spring xml config. The rest of the config went very smoothly, but we can't find where to put the authentication-success-handler-ref attribute of the security:form-login tag.
我们正在转向 Java 配置而不是 spring xml 配置。其余的配置进行得非常顺利,但我们找不到将 security:form-login 标记的 authentication-success-handler-ref 属性放在哪里。
<security:http auto-config='true'>
...
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
<security:form-login login-page="/login" default-target-url="/sites"
authentication-failure-url="/login"
authentication-success-handler-ref="authenticationSuccessHandler"/>
...
Here's our config, so far.
到目前为止,这是我们的配置。
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login")
.and()
.logout()
.permitAll()
.and()
}
Also, we can't find where to put default-target-url, but that is definitely less important.
此外,我们无法找到放置 default-target-url 的位置,但这绝对不那么重要。
Caveat, we're actually using Groovy, but the code is basically the same as a Java config.
注意,我们实际上使用的是 Groovy,但代码与 Java 配置基本相同。
采纳答案by Vaelyr
All settings can be done inside the global configure method. Add the following:
所有设置都可以在全局配置方法中完成。添加以下内容:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/sites")
.failureUrl("/login")
.successHandler(yourSuccessHandlerBean) // autowired or defined below
.and()
.logout()
.permitAll()
.and()
}
回答by Jakub Kubrynski
You have to create bean extending SimpleUrlAuthenticationSuccessHandleror SavedRequestAwareAuthenticationSuccessHandler. For example:
您必须创建 bean 扩展SimpleUrlAuthenticationSuccessHandler或SavedRequestAwareAuthenticationSuccessHandler. 例如:
@Bean
public SavedRequestAwareAuthenticationSuccessHandler successHandler() {
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("/secure/");
return successHandler;
}
Then you have to setup it on bean extending AbstractAuthenticationProcessingFilter:
然后你必须在 bean 扩展上设置它AbstractAuthenticationProcessingFilter:
UsernamePasswordAuthenticationFilter authenticationFilter = new UsernamePasswordAuthenticationFilter();
authenticationFilter.setAuthenticationSuccessHandler(successHandler());
