那些遇到过的问题

相关疑难解决方法(0)

Spring security 3 http-basic authentication-success-handler

我正在使用弹簧安全

我有表格登录

<http auto-config="true">
        <intercept-url pattern="/pages/**" access="ROLE_USER" />
        <form-login authentication-success-handler-ref="authenticationSuccessHandler" login-page="/login.html" default-target-url="/pages/index.html"
            always-use-default-target="true" authentication-failure-url="/login.html" />
        <logout logout-success-url="/login.html" invalidate-session="true" />
        <anonymous enabled='false'/>
</http>
Run Code Online (Sandbox Code Playgroud)

在这里我可以设置一个authentication-success-handler-ref,如何在我的基本身份验证中添加一个:

<http pattern="/REST/**" realm="REALM" entry-point-ref="authenticationEntryPoint">
    <intercept-url pattern="/**" access="ROLE_USER" />
    <http-basic  />
    <logout logout-url="/REST/logout" success-handler-ref="restLogoutSuccessHandler" />
</http>
Run Code Online (Sandbox Code Playgroud)

我认为abour会覆盖BasicAuthenticationFilter,但我怎么能注入我的cutom类 <http-basic />

spring-security basic-authentication

wut*_*aer
2014 06-20
7
推荐指数
1
解决办法
1万
查看次数

如何在spring应用程序中进行用户授权后添加自定义过滤器

我是Spring Security 3的新手.我正在使用角色供用户登录.

我想在用户被授权进入应用程序后添加一些会话值.也许我需要一些过滤器,以便重定向到我的方法,这会增加一些会话值.我已经配置了我的security.xml文件,但我不确定我是否正在做正确的事情.这方面的任何例子都会有所帮助.我应该使用哪种过滤器类?我应该如何配置security.xml文件?

<custom-filter ref="authenticationFilter" after="FORM_LOGIN_FILTER "/>

<beans:bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <beans:property name="filterProcessesUrl" value="/j_spring_security_check" />
    <beans:property name="authenticationManager" ref="authenticationManager" />
    <beans:property name="authenticationSuccessHandler" ref="successHandler" />
</beans:bean> 

<beans:bean id="successHandler" class="org.dfci.sparks.datarequest.security.CustomAuthorizationFilter"/>
Run Code Online (Sandbox Code Playgroud)

我的过滤器类方法我需要添加一些会话值.

public class CustomAuthorizationFilter implements AuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request,
            HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {
        Set<String> roles = AuthorityUtils.authorityListToSet(authentication
                .getAuthorities());
        if (roles.contains("ROLE_USER")) {
            request.getSession().setAttribute("myVale", "myvalue");
        }
    }
}
Run Code Online (Sandbox Code Playgroud)

编辑代码

我修改了我的security.xml文件和类文件

<custom-filter ref="authenticationFilter" after="FORM_LOGIN_FILTER "/>
Run Code Online (Sandbox Code Playgroud) 
public class CustomAuthorizationFilter extends GenericFilterBean {

    /*
     * ServletRequestAttributes attr = (ServletRequestAttributes)
     * RequestContextHolder.currentRequestAttributes(); …
Run Code Online (Sandbox Code Playgroud)

spring spring-security

Raj*_*aje
2017 11-28
6
推荐指数
1
解决办法
3万
查看次数

标签 统计

spring-security ×2

basic-authentication ×1

spring ×1