Fatal编程技术网
  • java/
  • Java Spring Security忽略successHandler和failureHandler

Java Spring Security忽略successHandler和failureHandler

java spring-security

Java Spring Security忽略successHandler和failureHandler,java,spring-security,Java,Spring Security,我正在将我的Spring安全配置从xml移动到Java配置。 然而,由于某些原因,当我尝试使用自定义sucessHandler或failureHandler时,spring会忽略它们。我错过什么了吗 我在internet上查看了很多示例,但找不到此配置的错误: @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .addFilterB

我正在将我的Spring安全配置从xml移动到Java配置。 然而,由于某些原因,当我尝试使用自定义sucessHandler或failureHandler时,spring会忽略它们。我错过什么了吗

我在internet上查看了很多示例,但找不到此配置的错误:

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.csrf().disable()
        .addFilterBefore(concurrentFilter, ConcurrentSessionFilter.class)
        .addFilterAfter(myFilter(), UsernamePasswordAuthenticationFilter.class)
        .sessionManagement()
        .sessionAuthenticationStrategy(sessionAuthenticationStrategy());

    http
        .authorizeRequests()
        .accessDecisionManager(accessDecisionManager())

        .antMatchers("/login.xhtml").permitAll()
        .antMatchers("/403.xhtml").access("IS_AUTHENTICATED_ANONYMOUSLY")   
        .antMatchers("/wrecked-db.xhtml").access("ROLE_USER")   
        .antMatchers("/admin.xhtml").access("ROLE_ADMIN")   

        .antMatchers("/**.xhtml").access("NO_ACCESS")

        .and().formLogin()
        .loginPage("/login.xhtml")
        .successHandler(customAuthenticationSuccessHandler)
        .failureHandler(customAuthenticationFailureHandler)
        .usernameParameter("j_username")
        .passwordParameter("j_password")

        .and().logout().logoutUrl("/logout.xhtml")
        .logoutSuccessUrl("/login.xhtml")
        .deleteCookies("JSESSIONID")

        .and().exceptionHandling().accessDeniedHandler(customAccessDeniedHandler);
}
我拿了你的,修改了一点,这个对我来说很好

http
  .csrf().disable()
  .authorizeRequests()
  .antMatchers("/403.xhtml").access("IS_AUTHENTICATED_ANONYMOUSLY")   
  .antMatchers("/wrecked-db.xhtml").access("ROLE_USER")   
  .antMatchers("/admin.xhtml").access("ROLE_ADMIN")   
  .antMatchers("/**.xhtml").access("NO_ACCESS")
  .antMatchers("/login*").permitAll().anyRequest().authenticated()
  .and().formLogin()
  .loginPage("/login.html")
  .loginProcessingUrl("/login")
  .successHandler(new AuthenticationSuccessHandler() {
      @Override
      public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
          System.out.println("AuthenticationSuccessHandler");

      }
  })
  .failureHandler(new AuthenticationFailureHandler() {
      @Override
      public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
          System.out.println("AuthenticationFailureHandler");

      }
  })
  .and().logout().logoutUrl("/logout.xhtml")
  .logoutSuccessUrl("/login.xhtml")
  .deleteCookies("JSESSIONID");
我的登录页面将是

<form action="login" method='POST'>
    <table>
       <tr>
          <td>UN</td>
          <td><input type='text' name='username' value=''></td>
       </tr>
       <tr>
          <td>Pass</td>
          <td><input type='password' name='password' /></td>
       </tr>
       <tr>
          <td><input name="submit" type="submit" value="submit" /></td>
       </tr>
    </table>
</form>


联合国
通过
您好,谢谢您的努力:)我能够解决这个问题。问题出在这一行。addFilterAfter(myFilter(),UsernamePasswordAuthenticationFilter.class)此“myFilter()”以某种方式重写了配置。一旦我在过滤器中声明了CustomHandler,它们就开始工作了。我不确定我是否能用这些信息回答我自己的问题。不过还是谢谢你!