Java Spring Security忽略successHandler和failureHandler
我正在将我的Spring安全配置从xml移动到Java配置。 然而,由于某些原因,当我尝试使用自定义sucessHandler或failureHandler时,spring会忽略它们。我错过什么了吗 我在internet上查看了很多示例,但找不到此配置的错误:Java Spring Security忽略successHandler和failureHandler,java,spring-security,Java,Spring Security,我正在将我的Spring安全配置从xml移动到Java配置。 然而,由于某些原因,当我尝试使用自定义sucessHandler或failureHandler时,spring会忽略它们。我错过什么了吗 我在internet上查看了很多示例,但找不到此配置的错误: @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .addFilterB
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.addFilterBefore(concurrentFilter, ConcurrentSessionFilter.class)
.addFilterAfter(myFilter(), UsernamePasswordAuthenticationFilter.class)
.sessionManagement()
.sessionAuthenticationStrategy(sessionAuthenticationStrategy());
http
.authorizeRequests()
.accessDecisionManager(accessDecisionManager())
.antMatchers("/login.xhtml").permitAll()
.antMatchers("/403.xhtml").access("IS_AUTHENTICATED_ANONYMOUSLY")
.antMatchers("/wrecked-db.xhtml").access("ROLE_USER")
.antMatchers("/admin.xhtml").access("ROLE_ADMIN")
.antMatchers("/**.xhtml").access("NO_ACCESS")
.and().formLogin()
.loginPage("/login.xhtml")
.successHandler(customAuthenticationSuccessHandler)
.failureHandler(customAuthenticationFailureHandler)
.usernameParameter("j_username")
.passwordParameter("j_password")
.and().logout().logoutUrl("/logout.xhtml")
.logoutSuccessUrl("/login.xhtml")
.deleteCookies("JSESSIONID")
.and().exceptionHandling().accessDeniedHandler(customAccessDeniedHandler);
}
我拿了你的,修改了一点,这个对我来说很好
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/403.xhtml").access("IS_AUTHENTICATED_ANONYMOUSLY")
.antMatchers("/wrecked-db.xhtml").access("ROLE_USER")
.antMatchers("/admin.xhtml").access("ROLE_ADMIN")
.antMatchers("/**.xhtml").access("NO_ACCESS")
.antMatchers("/login*").permitAll().anyRequest().authenticated()
.and().formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/login")
.successHandler(new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
System.out.println("AuthenticationSuccessHandler");
}
})
.failureHandler(new AuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
System.out.println("AuthenticationFailureHandler");
}
})
.and().logout().logoutUrl("/logout.xhtml")
.logoutSuccessUrl("/login.xhtml")
.deleteCookies("JSESSIONID");
我的登录页面将是
<form action="login" method='POST'>
<table>
<tr>
<td>UN</td>
<td><input type='text' name='username' value=''></td>
</tr>
<tr>
<td>Pass</td>
<td><input type='password' name='password' /></td>
</tr>
<tr>
<td><input name="submit" type="submit" value="submit" /></td>
</tr>
</table>
</form>
联合国
通过
您好,谢谢您的努力:)我能够解决这个问题。问题出在这一行。addFilterAfter(myFilter(),UsernamePasswordAuthenticationFilter.class)此“myFilter()”以某种方式重写了配置。一旦我在过滤器中声明了CustomHandler,它们就开始工作了。我不确定我是否能用这些信息回答我自己的问题。不过还是谢谢你!