成功处理程序和失败处理程序不称为spring安全性
我试图在令牌成功或失败时保存数据,但我的成功和失败处理程序没有被Spring调用 我已经添加了成功处理程序和失败处理程序不称为spring安全性,spring,spring-security,spring-oauth2,Spring,Spring Security,Spring Oauth2,我试图在令牌成功或失败时保存数据,但我的成功和失败处理程序没有被Spring调用 我已经添加了CustomAuthenticationFailureHandler和CustomAuthenticationSuccessHandler,但是没有调用它们 这是myWebSecurity配置适配器: @Configuration @EnableWebSecurity public class Authentication extends WebSecurityConfigurerAdapter {
CustomAuthenticationFailureHandler
和CustomAuthenticationSuccessHandler
,但是没有调用它们
这是myWebSecurity配置适配器
:
@Configuration
@EnableWebSecurity
public class Authentication extends WebSecurityConfigurerAdapter
{
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private BcaAuthenticationProvider authenticationProvider;
@Autowired
private CustomLdapAuthProvider ldapProvider;
@Autowired
private LoginAttemptsService loginAttemptsService;
@Autowired
private UserService userService;
@Autowired
private BcaAuthenticationProviderLocal authenticationProviderLocal;
@Bean
public AuthenticationSuccessHandler customAuthenticationSuccessHandler(){
CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler = new CustomAuthenticationSuccessHandler();
customAuthenticationSuccessHandler.setLoginAttemptsService(loginAttemptsService);
// customAuthenticationSuccessHandler.setDefaultTargetUrl(defaultTargetUrl);
customAuthenticationSuccessHandler.setUserService(userService);
return customAuthenticationSuccessHandler;
}
@Bean
public AuthenticationFailureHandler customAuthenticationFailureHandler() {
CustomAuthenticationFailureHandler customAuthenticationFailureHandler = new CustomAuthenticationFailureHandler();
customAuthenticationFailureHandler.setLoginAttemptsService(loginAttemptsService);
customAuthenticationFailureHandler.setUserService(userService);
return customAuthenticationFailureHandler;
}
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
}
@Override
protected void configure (AuthenticationManagerBuilder auth) throws Exception
{
// auth.authenticationProvider(authenticationProvider); // bca ldap webservice
// auth.authenticationProvider(authenticationProviderLocal); //local ldap webservice
auth
.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); // username password
// auth.ldapAuthentication()
// .userSearchFilter("(uid={0})")
// .userSearchBase("dc=example,dc=com")
// .groupSearchBase("dc=example,dc=com")
// .userDnPatterns("uid={0}")
// .contextSource()
// .url("ldap://ldap.forumsys.com:389");
/*LDAP AUTHENTITICATION*/
// auth.authenticationProvider(ldapProvider);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean () throws Exception
{
return super.authenticationManagerBean();
}
@Override
protected void configure (HttpSecurity http) throws Exception
{
http.authorizeRequests().antMatchers("/login").permitAll()
.antMatchers("/oauth/**").permitAll()
.antMatchers("/swagger**").permitAll()
.antMatchers(HttpMethod.GET).permitAll().anyRequest()
.authenticated().and().formLogin().permitAll()
.successHandler(customAuthenticationSuccessHandler())
.failureHandler(customAuthenticationFailureHandler());
// http.addFilterAfter(
// new CustomFilter(), BasicAuthenticationFilter.class);
}
}
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
private UserService userService;
public void setUserService(UserService userService) {
this.userService = userService;
}
private LoginAttemptsService loginAttemptsService;
public LoginAttemptsService getLoginAttemptsService() {
return loginAttemptsService;
}
public void setLoginAttemptsService(LoginAttemptsService loginAttemptsService) {
this.loginAttemptsService = loginAttemptsService;
}
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
System.out.println("THIS IS FAIL");
Account user = userService.findByUsername(request.getParameter("username"));
loginAttemptsService.InfoUser(user, false);
super.onAuthenticationFailure(request, response, exception);
}
}
public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
private UserService userService;
public void setUserService(UserService userService) {
this.userService = userService;
}
private LoginAttemptsService loginAttemptsService;
public LoginAttemptsService getLoginAttemptsService() {
return loginAttemptsService;
}
public void setLoginAttemptsService(LoginAttemptsService loginAttemptsService) {
this.loginAttemptsService = loginAttemptsService;
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
System.out.println("THIS SUCCESS");
Account user = userService.findByUsername(authentication.getName());
loginAttemptsService.InfoUser(user, true);
super.onAuthenticationSuccess(request, response, authentication);
}
}
这是我的CustomAuthenticationFailureHandler
:
@Configuration
@EnableWebSecurity
public class Authentication extends WebSecurityConfigurerAdapter
{
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private BcaAuthenticationProvider authenticationProvider;
@Autowired
private CustomLdapAuthProvider ldapProvider;
@Autowired
private LoginAttemptsService loginAttemptsService;
@Autowired
private UserService userService;
@Autowired
private BcaAuthenticationProviderLocal authenticationProviderLocal;
@Bean
public AuthenticationSuccessHandler customAuthenticationSuccessHandler(){
CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler = new CustomAuthenticationSuccessHandler();
customAuthenticationSuccessHandler.setLoginAttemptsService(loginAttemptsService);
// customAuthenticationSuccessHandler.setDefaultTargetUrl(defaultTargetUrl);
customAuthenticationSuccessHandler.setUserService(userService);
return customAuthenticationSuccessHandler;
}
@Bean
public AuthenticationFailureHandler customAuthenticationFailureHandler() {
CustomAuthenticationFailureHandler customAuthenticationFailureHandler = new CustomAuthenticationFailureHandler();
customAuthenticationFailureHandler.setLoginAttemptsService(loginAttemptsService);
customAuthenticationFailureHandler.setUserService(userService);
return customAuthenticationFailureHandler;
}
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
}
@Override
protected void configure (AuthenticationManagerBuilder auth) throws Exception
{
// auth.authenticationProvider(authenticationProvider); // bca ldap webservice
// auth.authenticationProvider(authenticationProviderLocal); //local ldap webservice
auth
.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); // username password
// auth.ldapAuthentication()
// .userSearchFilter("(uid={0})")
// .userSearchBase("dc=example,dc=com")
// .groupSearchBase("dc=example,dc=com")
// .userDnPatterns("uid={0}")
// .contextSource()
// .url("ldap://ldap.forumsys.com:389");
/*LDAP AUTHENTITICATION*/
// auth.authenticationProvider(ldapProvider);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean () throws Exception
{
return super.authenticationManagerBean();
}
@Override
protected void configure (HttpSecurity http) throws Exception
{
http.authorizeRequests().antMatchers("/login").permitAll()
.antMatchers("/oauth/**").permitAll()
.antMatchers("/swagger**").permitAll()
.antMatchers(HttpMethod.GET).permitAll().anyRequest()
.authenticated().and().formLogin().permitAll()
.successHandler(customAuthenticationSuccessHandler())
.failureHandler(customAuthenticationFailureHandler());
// http.addFilterAfter(
// new CustomFilter(), BasicAuthenticationFilter.class);
}
}
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
private UserService userService;
public void setUserService(UserService userService) {
this.userService = userService;
}
private LoginAttemptsService loginAttemptsService;
public LoginAttemptsService getLoginAttemptsService() {
return loginAttemptsService;
}
public void setLoginAttemptsService(LoginAttemptsService loginAttemptsService) {
this.loginAttemptsService = loginAttemptsService;
}
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
System.out.println("THIS IS FAIL");
Account user = userService.findByUsername(request.getParameter("username"));
loginAttemptsService.InfoUser(user, false);
super.onAuthenticationFailure(request, response, exception);
}
}
public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
private UserService userService;
public void setUserService(UserService userService) {
this.userService = userService;
}
private LoginAttemptsService loginAttemptsService;
public LoginAttemptsService getLoginAttemptsService() {
return loginAttemptsService;
}
public void setLoginAttemptsService(LoginAttemptsService loginAttemptsService) {
this.loginAttemptsService = loginAttemptsService;
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
System.out.println("THIS SUCCESS");
Account user = userService.findByUsername(authentication.getName());
loginAttemptsService.InfoUser(user, true);
super.onAuthenticationSuccess(request, response, authentication);
}
}
这是我的CustomAuthenticationSuccessHandler
:
@Configuration
@EnableWebSecurity
public class Authentication extends WebSecurityConfigurerAdapter
{
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private BcaAuthenticationProvider authenticationProvider;
@Autowired
private CustomLdapAuthProvider ldapProvider;
@Autowired
private LoginAttemptsService loginAttemptsService;
@Autowired
private UserService userService;
@Autowired
private BcaAuthenticationProviderLocal authenticationProviderLocal;
@Bean
public AuthenticationSuccessHandler customAuthenticationSuccessHandler(){
CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler = new CustomAuthenticationSuccessHandler();
customAuthenticationSuccessHandler.setLoginAttemptsService(loginAttemptsService);
// customAuthenticationSuccessHandler.setDefaultTargetUrl(defaultTargetUrl);
customAuthenticationSuccessHandler.setUserService(userService);
return customAuthenticationSuccessHandler;
}
@Bean
public AuthenticationFailureHandler customAuthenticationFailureHandler() {
CustomAuthenticationFailureHandler customAuthenticationFailureHandler = new CustomAuthenticationFailureHandler();
customAuthenticationFailureHandler.setLoginAttemptsService(loginAttemptsService);
customAuthenticationFailureHandler.setUserService(userService);
return customAuthenticationFailureHandler;
}
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
}
@Override
protected void configure (AuthenticationManagerBuilder auth) throws Exception
{
// auth.authenticationProvider(authenticationProvider); // bca ldap webservice
// auth.authenticationProvider(authenticationProviderLocal); //local ldap webservice
auth
.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); // username password
// auth.ldapAuthentication()
// .userSearchFilter("(uid={0})")
// .userSearchBase("dc=example,dc=com")
// .groupSearchBase("dc=example,dc=com")
// .userDnPatterns("uid={0}")
// .contextSource()
// .url("ldap://ldap.forumsys.com:389");
/*LDAP AUTHENTITICATION*/
// auth.authenticationProvider(ldapProvider);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean () throws Exception
{
return super.authenticationManagerBean();
}
@Override
protected void configure (HttpSecurity http) throws Exception
{
http.authorizeRequests().antMatchers("/login").permitAll()
.antMatchers("/oauth/**").permitAll()
.antMatchers("/swagger**").permitAll()
.antMatchers(HttpMethod.GET).permitAll().anyRequest()
.authenticated().and().formLogin().permitAll()
.successHandler(customAuthenticationSuccessHandler())
.failureHandler(customAuthenticationFailureHandler());
// http.addFilterAfter(
// new CustomFilter(), BasicAuthenticationFilter.class);
}
}
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
private UserService userService;
public void setUserService(UserService userService) {
this.userService = userService;
}
private LoginAttemptsService loginAttemptsService;
public LoginAttemptsService getLoginAttemptsService() {
return loginAttemptsService;
}
public void setLoginAttemptsService(LoginAttemptsService loginAttemptsService) {
this.loginAttemptsService = loginAttemptsService;
}
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
System.out.println("THIS IS FAIL");
Account user = userService.findByUsername(request.getParameter("username"));
loginAttemptsService.InfoUser(user, false);
super.onAuthenticationFailure(request, response, exception);
}
}
public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
private UserService userService;
public void setUserService(UserService userService) {
this.userService = userService;
}
private LoginAttemptsService loginAttemptsService;
public LoginAttemptsService getLoginAttemptsService() {
return loginAttemptsService;
}
public void setLoginAttemptsService(LoginAttemptsService loginAttemptsService) {
this.loginAttemptsService = loginAttemptsService;
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
System.out.println("THIS SUCCESS");
Account user = userService.findByUsername(authentication.getName());
loginAttemptsService.InfoUser(user, true);
super.onAuthenticationSuccess(request, response, authentication);
}
}
当有人试图获取OAuth令牌时,成功或失败将被持久化到数据库中,我该怎么办?当通过表单进行身份验证失败时会发生什么?只是想检查是否有人调用我的OAuth/令牌,并将其保存到我的数据库中,如果失败,我将其保存为失败访问,因此,我可以跟踪oauth令牌中的每个调用,但您将其配置为:http.antMatchers(“/oauth/**”).permitAll()。。。没有对/oauth/token的身份验证检查我已经解决了这个问题,我使用事件侦听器检查用户调用我的令牌当通过表单的身份验证失败时会发生什么?只是想检查是否有人调用我的oauth/token,它将保存到我的数据库中,如果失败,我将保存为失败访问,因此,我可以跟踪oauth令牌中的每个调用,但您将其配置为:http.antMatchers(“/oauth/**”).permitAll()。。。没有对/oauth/token进行身份验证检查我已经解决了这个问题,我使用事件侦听器检查用户调用我的令牌