Lit*_*ski 4 java authentication spring spring-mvc spring-security
我在Spring Security XML中有以下内容:
<form-login login-page="/login"
authentication-failure-url="/login/failure" />
我想在身份验证失败时获取用户名.我在网上读到它可以从SPRING_SECURITY_LAST_USERNAME获得,但我的问题是:
我如何在以下方面访问它:1)spring security XML,例如
认证失败-URL = "/登录/失败/ SPRING_SECURITY_LAST_USERNAME"
2)或处理/登录/故障映射的控制器.
请帮忙.我被卡住了!:(
它已被弃用:
/**
* @deprecated If you want to retain the username, cache it in a customized {@code AuthenticationFailureHandler}
*/
@Deprecated
public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
所以你需要实现自己的AuthenticationFailureHandler.
我实现了1)策略:(记住用户名可以包含一些在URL内部不合适的字符!)
package some.package;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class UsernameInURLAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
private String urlPrefix;
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
private String formUsernameKey = UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY;
public UsernameInURLAuthenticationFailureHandler(String urlPrefix) {
this.urlPrefix = urlPrefix;
}
//Failure logic:
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
//We inherited that method:
saveException(request, exception);
//Prepare URL:
String username = request.getParameter(formUsernameKey);
String redirectUrl = urlPrefix + username;
//Redirect:
redirectStrategy.sendRedirect(request, response, redirectUrl);
}
//Getters and setters:
public String getUrlPrefix() {
return urlPrefix;
}
public void setUrlPrefix(String urlPrefix) {
this.urlPrefix = urlPrefix;
}
public String getFormUsernameKey() {
return formUsernameKey;
}
public void setFormUsernameKey(String formUsernameKey) {
this.formUsernameKey = formUsernameKey;
}
public RedirectStrategy getRedirectStrategy() {
return redirectStrategy;
}
public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
this.redirectStrategy = redirectStrategy;
}
}
豆:
<bean class="some.package.UsernameInURLAuthenticationFailureHandler">
<!-- prefix: -->
<constructor-arg value="/login/failure/"/>
</bean>
您可以轻松实施2)策略.只需将用户名保存为onAuthenticationFailure方法内的会话属性之一,而不是将用户名添加到URL.
您可以轻松设置自己的处理程序:
<form-login>属性
authentication-failure-handler-ref可用作authentication-failure-url的替代方法,使您可以在身份验证失败后完全控制导航流.该值应该是应用程序上下文中AuthenticationFailureHandler bean的名称.
更多文档:点击
| 归档时间: |
|
| 查看次数: |
3580 次 |
| 最近记录: |