Spring security redirection after login

Question

Spring security redirection after login

After successfull login, it doesn't redirects to "index.php". It redirects same page which is "login.php". Is there something wrong with my spring-security.xml page?

顺便说一下,当我运行应用程序时,它会将我重定向到"login.php",这很好.但它没有显示primefaces组件,但显示html组件.在我成功登录后,它重定向同一页面,但这次它显示的是Primefaces组件而不是html组件.

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans" 
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/pages/login.xhtml*" access="permitAll"/>
    <intercept-url pattern="/**" access="hasRole('admin')" />
    <form-login login-page='/pages/login.xhtml' default-target-url="/pages/index.xhtml"                    
                authentication-failure-url="/pages/login.xhtml"/>
    <logout logout-success-url="/pages/logout.xhtml" />

</http>
<!--Authentication Manager Details -->    
<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="customUserDetailsService">
<!--            <password-encoder hash="md5"/>-->
    </authentication-provider>
</authentication-manager>

Run Code Online (Sandbox Code Playgroud)

我的web.xml

<welcome-file-list>
    <welcome-file>pages/index.xhtml</welcome-file>
</welcome-file-list>

Run Code Online (Sandbox Code Playgroud)

我的登录页面

<p:outputPanel id="loginOutputPanelId" style="border: navy">
                        <p:panelGrid id="loginInformationPanel" columns="2">
                            <h:outputText value="Username: "/>
                            <p:inputText value="#{loginController.userName}"/>
                            <h:outputText value="Password: "/>
                            <p:inputText value="#{loginController.password}"/>
                        </p:panelGrid>
                        <p:commandButton value="Login" actionListener="#{loginController.login()}"/>
                    </p:outputPanel>

Run Code Online (Sandbox Code Playgroud)

我的loginController.login()方法返回"index"字符串和我的faces.config;

<navigation-rule>
        <from-view-id>/pages/login.xhtml</from-view-id>
        <navigation-case>
            <from-outcome>index</from-outcome>
            <to-view-id>/pages/index.xhtml</to-view-id>
            <redirect />
        </navigation-case>
    </navigation-rule>

Run Code Online (Sandbox Code Playgroud)

编辑: 没有组件它运行没有任何问题.当我添加form-login时,它说"网页http://localhost:8080/myApplication/pages/login.xhtml已经导致了太多的重定向".

<http auto-config='true' use-expressions="true">
<intercept-url pattern="/**" access="hasRole('admin')" />
<logout logout-success-url="/pages/logout.xhtml" />
<form-login login-page="/pages/login.xhtml"
                login-processing-url="/j_spring_security_check"                                                       
                default-target-url="/pages/index.xhtml"                                                        
                authentication-failure-url="/pages/login.xhtml"/>
</http>

Run Code Online (Sandbox Code Playgroud)

我的登录页面

<p:outputPanel id="loginOutputPanelId" style="border: navy">
                        <p:panelGrid id="loginInformationPanel" columns="2">
                            <h:outputText value="Kullan?c? Ad?: "/>
                            <p:inputText id="j_username" required="true" value="#{loginController.userName}"/>
                            <h:outputText value="?ifre: "/>
                            <p:inputText id="j_password" required="true" value="#{loginController.password}"/>
                        </p:panelGrid>
                        <p:commandButton id="login" type="submit" ajax="false" value="Login" actionListener="#{loginController.login()}"/>
                    </p:outputPanel>

Run Code Online (Sandbox Code Playgroud)

我新的loginController.login()方法;

ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();

        RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
         .getRequestDispatcher("/j_spring_security_check");

        dispatcher.forward((ServletRequest) context.getRequest(),
         (ServletResponse) context.getResponse());

        FacesContext.getCurrentInstance().responseComplete();

Run Code Online (Sandbox Code Playgroud)

Answer 1

bar*_*ber 16

要强制执行spring-security /pages/index.xhtml,可以使用以下属性always-use-default-target:

<form-login login-page='/pages/login.xhtml' 
            default-target-url="/pages/index.xhtml"
            always-use-default-target="true"                    
            authentication-failure-url="/pages/login.xhtml"/>

Run Code Online (Sandbox Code Playgroud)

否则,当用户调用安全资源时,应通过spring security自动显示登录页面,登录完成后,继续访问最初请求的安全资源.

在您的情况下,一些混乱似乎来自于您希望Spring安全性来处理登录,并且您尝试使用jsf actionListener和导航规则自己处理它.

<form-login [...]在配置中放置" "基本上告诉spring激活一个filter(UsernamePasswordAuthenticationFilter)来监听发出的请求/j_spring_security_check.如果您希望spring处理登录,默认情况下,您的表单登录必须请求此URL,并传递两个参数:j_username和j_password.

这样,spring UsernamePasswordAuthenticationFilter将启动并尝试使用您在AuthenticationProvider中配置的UserDetailsService来验证提供的凭据.

我认为你必须删除你的jsf控制器登录并使用spring-security来处理身份验证.

希望这可以帮助.

PS:确保您的web.xml在所有其他servlet过滤器之前定义DelegatingFilterProxy:

<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

Run Code Online (Sandbox Code Playgroud)

归档时间：	12 年，7 月前
查看次数：	28005 次
最近记录：	7 年，4 月前