从SpringSecurity2.0迁移到3.0:AbstractProcessingFilter.setServerSideRedirect()会发生什么变化?
我这里有一些非常旧的代码,它们是基于Spring2.5和SpringSecurity2.0的,所以我尝试将代码升级到Spring3.0(这只是第一步) 在此期间,我发现了以下代码:从SpringSecurity2.0迁移到3.0:AbstractProcessingFilter.setServerSideRedirect()会发生什么变化?,spring,spring-security,migration,Spring,Spring Security,Migration,我这里有一些非常旧的代码,它们是基于Spring2.5和SpringSecurity2.0的,所以我尝试将代码升级到Spring3.0(这只是第一步) 在此期间,我发现了以下代码: public class FormLoginFilter extends AuthenticationProcessingFilter { @Override protected void onUnsuccessfulAuthentication(final HttpServletRequest req,
public class FormLoginFilter extends AuthenticationProcessingFilter
{
@Override
protected void onUnsuccessfulAuthentication(final HttpServletRequest req, final HttpServletResponse res, final AuthenticationException authException) throws IOException
{
super.onUnsuccessfulAuthentication(req, res, authException);
if (authException instanceof CredentialsExpiredException)
{
setServerSideRedirect(true);
}
else
{
setServerSideRedirect(false);
}
}
}
对于Spring Security 3.0,AuthenticationProcessingFilter
更改为UsernamePasswordAuthenticationFilter
。但是在此更改过程中,setServerSideRedirect
方法丢失/不再需要,或者其他什么
从中,我发现其实现/使用方式如下:
if (failureUrl == null) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed:" + failed.getMessage());
} else if (serverSideRedirect){
request.getRequestDispatcher(failureUrl).forward(request, response);
} else {
sendRedirect(request, response, failureUrl);
}
对于Spring Security 3.0,处理这一问题的工作似乎落在了使用重定向策略的SimpleLauthenticationFailureHandler
上,即DefaultRedirectStrategy
。它仅适用于response.sendRedirect
所以我的问题是:setServerSideRedirect
已经过时了吗?还是我必须将找到的代码迁移到其他地方?在Spring 3.0中,AuthenticationProcessingFilter
已更改为UsernamePasswordAuthenticationFilter
UsernamePasswordAuthenticationFilter
是AbstractAuthenticationProcessingFilter
的子类
通过AbstractAuthenticationProcessingFilter.setAuthenticationSuccessHandler
可以设置AuthenticationSuccessHandler
策略
然后是SimpleRuThenticationSuccessHandler
,它实现了AuthenticationSuccessHandler
SimpleRuthenticationSuccessHandler
是AbstractAuthenticationTargetUrlRequestHandler
的子类
而AbstractAuthenticationTargetUrlRequestHandler.setRedirectStrategy(RedirectStrategy RedirectStrategy)
允许您设置重定向策略
这是通过DefaultRedirectStrategy
实现的AuthenticationProcessingFilter
在Spring 3.0中已更改为UsernamePasswordAuthenticationFilter
UsernamePasswordAuthenticationFilter
是AbstractAuthenticationProcessingFilter
的子类
通过AbstractAuthenticationProcessingFilter.setAuthenticationSuccessHandler
可以设置AuthenticationSuccessHandler
策略
然后是SimpleRuThenticationSuccessHandler
,它实现了AuthenticationSuccessHandler
SimpleRuthenticationSuccessHandler
是AbstractAuthenticationTargetUrlRequestHandler
的子类
而AbstractAuthenticationTargetUrlRequestHandler.setRedirectStrategy(RedirectStrategy RedirectStrategy)
允许您设置重定向策略
这是通过DefaultRedirectStrategy
实现的