身份验证失败重定向请求参数不起作用

Question

身份验证失败重定向请求参数不起作用

qwe*_*rty 3 spring spring-security spring-boot

我正在尝试配置我自己的成功和身份验证失败处理程序。在身份验证失败时，我想使用请求参数重定向回我的登录页面，此参数的存在将在我的登录页面上输出错误消息。但是，尽管出错时我被重定向回我的登录页面，但请求参数始终为null.

代码如下：

protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf().disable()
        .authorizeRequests()
            .antMatchers("/").permitAll()
            .antMatchers("/login").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login.html").permitAll() 
            .usernameParameter("username")
            .passwordParameter("password")                                               
            .loginProcessingUrl("/login")
            .successHandler(successHandler())
            .failureHandler(handleAuthenticationFailure());
}

@Autowired
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    //database checks
}
};
}

/**
 * Authentication success handler defines action when successfully authenticated
 * @return
 */
@Bean
public AuthenticationSuccessHandler successHandler(){
    return new AuthenticationSuccessHandler() {

        @Override
        public void onAuthenticationSuccess(HttpServletRequest httpRequest, HttpServletResponse httpResponse, Authentication authentication)
                throws IOException, ServletException {

            // custom auth success here
            httpResponse.setStatus(HttpServletResponse.SC_OK);
            SavedRequest savedRequest = (SavedRequest) httpRequest.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST");
            httpResponse.sendRedirect(savedRequest.getRedirectUrl());
        }
    };
}

@Bean
public AuthenticationFailureHandler handleAuthenticationFailure() {
    return new SimpleUrlAuthenticationFailureHandler() {

        @Override
        public void onAuthenticationFailure(HttpServletRequest httpRequest, HttpServletResponse httpResponse,
                                            AuthenticationException authenticationException) throws IOException, ServletException {

            // custom failure code here
            setDefaultFailureUrl("/login.html?error=fail");
            super.onAuthenticationFailure(httpRequest, httpResponse, authenticationException);
        }
    };
}

Run Code Online (Sandbox Code Playgroud)

Answer 1

Mon*_*mul 5

试试这个：

@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {

    // .......

    response.sendRedirect("/login.html?error=fail");    
}

Run Code Online (Sandbox Code Playgroud)

更新：

将“/login.html?error=fail”添加到 authorizeRequests() 部分非常重要，否则控制器将不会获取错误参数。

替换.antMatchers("/login").permitAll()为 .antMatchers("/login**").permitAll()

归档时间：	8 年，10 月前
查看次数：	3282 次
最近记录：	6 年，8 月前