相关疑难解决方法(0)

我正在尝试从ApplicationListener<AuthenticationSuccessEvent>成功登录时实现接口的类调用受保护的方法(Spring 3.2.2和Spring Security 3.2.0 M1).这是我之前的问题.

该应用程序在以下环境中运行.

• 春天3.2.2
• Spring Security 3.2.0
• JPA 2.0
• JSF 2.1.9
• MySQL 5.6.11
• JDK-7u11
• NetBeans 7.2.1

我已将以下与Spring安全性相关的库添加到类路径中.

• 弹簧安全核心3.2.0.M1.jar
• 弹簧安全配置,3.2.0.M1.jar
• 弹簧安全网络3.2.0.M1.jar

实现的类ApplicationListener<AuthenticationSuccessEvent>如下.

package loginsuccesshandler;

import admin.dao.service.StateService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.stereotype.Service;

@Service
public final class AuthSuccessHandler implements ApplicationListener<AuthenticationSuccessEvent>
{
    @Autowired
    private StateService stateService;

    @Override
    public void onApplicationEvent(AuthenticationSuccessEvent event) 
    {
        System.out.println(event.getAuthentication());
        System.out.println("rowCount = "+stateService.rowCount());
    }
}

This prevents a user from being logged in even with correct credentials with the …

我有一个典型的Spring MVC在Tomcat上运行.切换系统以在HTTPS上运行(一切正常在HTTP下运行正常)后,登录停止工作.其原因是,Spring的SecurityContextHolder.getContext().getAuthentication()对象变成null后RedirectView使用.

我已经搜索的答案,我发现的唯一一个提议设置属性redirectHttp10Compatible,以false在viewResolverbean的设置.这没有用.

我还检查了整个重定向,我的会话ID保持不变,连接仍然是安全的,即http和https之间的变化(反之亦然)不是问题(至少就我所知).

可能是什么问题呢？

<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">


  <http auto-config="true">
    <intercept-url pattern="/**" requires-channel="https" />

    <intercept-url pattern="/index*" access="ROLE_USER"/>


    <intercept-url pattern="/dashboard*" access="ROLE_USER" requires-channel="https"/>  

    <intercept-url pattern="/login*" access="ROLE_GUEST, ROLE_ANONYMOUS, ROLE_USER"/>
    <intercept-url pattern="/signin*" access="ROLE_GUEST, ROLE_ANONYMOUS, ROLE_USER"/>
    <intercept-url pattern="/signup*" access="ROLE_GUEST, ROLE_ANONYMOUS, ROLE_USER"/>    


    <form-login login-page="/home" 
                default-target-url="/home" 
                authentication-failure-url="/home?authentication_error=true"
                authentication-success-handler-ref="redefineTargetURL"
    />


    <anonymous username="guest" granted-authority="ROLE_GUEST" key="anonymousKey"/>
    <logout invalidate-session="true" logout-success-url="/logout?message=Logout Successful" />

    </http>



<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="userDetailsService" />
</authentication-manager>


<beans:bean id="redefineTargetURL" class="com.groupskeed.common.RedefineTargetURL" />
<beans:bean …