Java 未调用AuthenticationSuccessHandler
这是我的AuthSuccessHandlerClassJava 未调用AuthenticationSuccessHandler,java,spring,spring-security,Java,Spring,Spring Security,这是我的AuthSuccessHandlerClass public class AuthSuccessHandler implements AuthenticationSuccessHandler { public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication auth) throws IOException, S
public class AuthSuccessHandler implements AuthenticationSuccessHandler {
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication auth) throws IOException, ServletException {
response.sendRedirect("http://google.com");
}}
这是…-security.xml
<security:http use-expressions="true" auto-config="true" create-session="always" access-decision-manager-ref="accessDecisionManager">
<security:intercept-url pattern="/app/Censor.html" access="hasRole('ROLE_CENSOR')"/>
<security:intercept-url pattern="/**" filters="none"/>
<security:form-login login-page="/auth/Login.html"
authentication-success-handler-ref="authenticationSuccessHandler"/>
<security:custom-filter position="FIRST" ref="customX509Filter" />
</security:http>
<beans:bean id="authenticationSuccessHandler" class="com.test.services.security.handlers.AuthSuccessHandler"/>
<authentication-manager alias="authenticationManager">
<security:authentication-provider ref="authenticationProvider">
</security:authentication-provider>
</authentication-manager>
试着改变
<security:intercept-url pattern="/**" filters="none"/>
到
前者将阻止将安全链应用于除“/app/Censor.html”完全匹配之外的任何请求,包括登录表单提交。这看起来很奇怪,因为我希望你能得到404的登录请求
您可能还应该发布登录表单提交的调试日志,这表明您的处理程序被“跳过”
更新
您发布的日志显示,多个交叉请求正在从已通过身份验证的客户端(带有会话)提交,因此我不希望发生身份验证或重定向。Thx很多,但仍然不起作用。(您在代码方面有一个小错误-不是“过滤器”,“访问”mbe?)mbe“拒绝我的处理程序?是的,谢谢,我已经更正了。恐怕“这不管用”还不够。如果要获得解决方案,您需要提供一些分析和/或相关调试日志信息。我正在使用一些日志信息更新我的问题。现在请看一看。
<security:intercept-url pattern="/**" filters="none"/>
<security:intercept-url pattern="/**" access="permitAll"/>