我有一个问题与Spring Security身份验证失败处理程序重定向参数.
在我使用的安全配置中
failureUrl("/login.html?error=true")
有用.但是当我使用自定义身份验证失败处理程序(如下所示)时,它总是返回:url/login.html
getRedirectStrategy().sendRedirect(request, response, "/login.html?error=true");
要么
response.sendRedirect(request.getContextPath() + "/login.html?error=true");
我不知道什么是错的.为什么不显示参数?error=true?
信息:我使用的是Spring + JSF + Hibernate + Spring Security
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.html")
.usernameParameter("j_username")
.passwordParameter("j_password")
.loginProcessingUrl("/j_spring_security_check")
.failureHandler(customAuthenticationFailureHandler)// .failureUrl("/login.html?error=true")//.successHandler(authSuccsessHandler)
.defaultSuccessUrl("/dashboard.html")
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.logoutSuccessUrl("/")
.permitAll()
.and()
.exceptionHandling()
.accessDeniedPage("/access.html")
.and()
.headers()
.defaultsDisabled()
.frameOptions()
.sameOrigin()
.cacheControl();
http
.csrf().disable();
}
这是自定义身份验证失败处理程
@Component
public class CustomAuthFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws …