@Component("MyAuthFilter")
public class MyAuthFilter extends UsernamePasswordAuthenticationFilter {
private int errCode = 0;
@Autowired
@Qualifier("authenticationManager")
//@Override
public void setAuthenticationManager(AuthenticationManager authenticationManager, AuthenticationSuccessHandler successHandler, AuthenticationFailureHandler failureHandler) {
super.setAuthenticationManager(authenticationManager);
this.setAuthenticationSuccessHandler(successHandler);
this.setAuthenticationFailureHandler(failureHandler);
}
@Override
public AuthenticationFailureHandler getFailureHandler() {
SimpleUrlAuthenticationFailureHandler handler = new SimpleUrlAuthenticationFailureHandler();
handler.setDefaultFailureUrl("/login?error=" + errCode);
return handler;
}
@Override
public AuthenticationSuccessHandler getSuccessHandler() {
SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
handler.setDefaultTargetUrl("/courses");
return handler;
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException {
System.out.println("running my own version of UsernmePasswordFilter ... ");
String login = (String) request.getParameter("login");
String password = (String) request.getParameter("password");
errCode = validate(login,password);
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(login, password);
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
return this.getAuthenticationManager().authenticate(authRequest);
}
private int validate(String login,String password){
if (login.isEmpty() && password.isEmpty()){
return 4;
}
if (login.isEmpty() && !password.isEmpty()){
return 2;
}
if (!login.isEmpty() && password.isEmpty()){
return 3;
}
return 1;
}
}
这是Myauthfilter。
和我的春季security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<http auto-config="false" use-expressions="true">
<intercept-url pattern="/courses*" access="hasRole('ROLE_USER')" />
<custom-filter before="FORM_LOGIN_FILTER" ref="MyAuthFilter" />
<form-login
login-page="/login"
default-target-url="/courses"
authentication-failure-url="/login"
username-parameter="loginField"
password-parameter="passwordField" />
<csrf disabled="true" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="ars" password="1234" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
当我尝试启动我的应用时,我得到了一个例外
没有合格的bean of type authenticationsuccesshandler
和失败手的同样错误。我将感谢任何帮助。
您的authenticationsuccesshandler并未声明为bean。您应该将其创建为bean,然后通过属性在标签中的spring-security.xml中注册 身份验证 - 核对象handler-ref =" namefyousuccesshandlerbean"
所以看起来像:某些在配置Java文件中的位置:
@Bean
public AuthenticationSuccessHandler mySuccessHandler() {
SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
handler.setDefaultTargetUrl("/courses");
return handler;
}
和spring-security.xml
<form-login
login-page="/login"
default-target-url="/courses"
authentication-failure-url="/login"
username-parameter="loginField"
authentication-success-handler-ref="mySuccessHandler"
password-parameter="passwordField" />