小贝子编程

如何在Spring Security中定义多个<security:form-login>?



我正在使用Spring Security来实现系统登录功能。系统中有多个登录页面,如果登录时出现任何错误,该页面将重定向到xxx?error=true。我已经在xml文件中成功配置了一个<security:form-login>,如下所示:

<!-- Default security config -->
<security:http disable-url-rewriting="true">
<security:anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS"  />
<!-- session stealing is prevented by using secure GUID cookie -->
<security:session-management session-fixation-protection="none" />
<security:intercept-url pattern="/login" requires-channel="https"  />
<security:intercept-url pattern="/login/**" requires-channel="https" />
<security:form-login
login-page="/login"
authentication-failure-handler-ref="loginAuthenticationFailureHandler" 
authentication-success-handler-ref="loginGuidAuthenticationSuccessHandler"
always-use-default-target="false" 
default-target-url="/"  />
<security:logout logout-url="/logout" invalidate-session="true" success-handler-ref="logoutSuccessHandler"/>
<security:port-mappings>
<security:port-mapping http="#{configurationService.configuration.getProperty('tomcat.http.port')}"
https="#{configurationService.configuration.getProperty('tomcat.ssl.port')}" />
<security:port-mapping http="80" https="443" />
</security:port-mappings>
<security:request-cache ref="httpSessionRequestCache" />
</security:http>
<bean id="loginAuthenticationFailureHandler" class="com.xxx.xxx.xxx.xxx.LoginAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login?error=true"/>
</bean>

但是还有一个名为facebook-login的登录页面,如何定义另一个<security:form-login/>来实现如果/facebook-login 中存在错误,该页面将重定向到/facebook-loginerror=true?(我只想通过在我的 xml 片段上配置 xml 文件来实现它,而不是通过注释)

您应该在 xml 中附加一个新的<security:http>标记,并使用pattern="/facebook-login/**"来过滤您的登录页面。在标签<security:form-login>登录处理网址不能也是"/j_spring_security_check">,您可以使用"/facebook-login/j_spring_security_check"。例如:

<!-- Security config for Facebook login - it has its own login page -->
<security:http disable-url-rewriting="true" pattern="/facebook-login/**">
<security:anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS"  />
<!-- session stealing is prevented by using secure GUID cookie -->
<security:session-management session-fixation-protection="none" />
<!-- SSL / AUTHENTICATED pages -->
<security:intercept-url pattern="/facebook-login*" requires-channel="https" />
<security:intercept-url pattern="/facebook-login/**" requires-channel="https" />
<security:form-login
login-page="/facebook-login"
login-processing-url="/facebook-login/j_spring_security_check"
authentication-failure-handler-ref="loginFacebookAuthenticationFailureHandler" 
authentication-success-handler-ref="loginGuidAuthenticationSuccessHandler"
always-use-default-target="false"
default-target-url="/" />
<security:logout logout-url="/logout" invalidate-session="true" success-handler-ref="logoutSuccessHandler"/>
<security:port-mappings>
<security:port-mapping http="#{configurationService.configuration.getProperty('tomcat.http.port')}"
https="#{configurationService.configuration.getProperty('tomcat.ssl.port')}" />
<security:port-mapping http="80" https="443" />
</security:port-mappings>
<security:request-cache ref="httpSessionRequestCache" />
</security:http>
<bean id="loginFacebookAuthenticationFailureHandler" class="com.xxx.xxx.xxx.xxx.LoginAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/facebook-link?error=true"/>
</bean>

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium