我正在尝试配置自己的成功和身份验证失败处理程序。 身份验证失败时,我想使用请求参数重定向回我的登录页面,此参数的存在将在我的登录页面上输出错误消息。 但是,尽管出现错误,我被重定向回我的登录页面,但请求参数始终null。
代码如下:
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.html").permitAll()
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/login")
.successHandler(successHandler())
.failureHandler(handleAuthenticationFailure());
}
@Autowired
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//database checks
}
};
}
/**
* Authentication success handler defines action when successfully authenticated
* @return
*/
@Bean
public AuthenticationSuccessHandler successHandler(){
return new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest httpRequest, HttpServletResponse httpResponse, Authentication authentication)
throws IOException, ServletException {
// custom auth success here
httpResponse.setStatus(HttpServletResponse.SC_OK);
SavedRequest savedRequest = (SavedRequest) httpRequest.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST");
httpResponse.sendRedirect(savedRequest.getRedirectUrl());
}
};
}
@Bean
public AuthenticationFailureHandler handleAuthenticationFailure() {
return new SimpleUrlAuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest httpRequest, HttpServletResponse httpResponse,
AuthenticationException authenticationException) throws IOException, ServletException {
// custom failure code here
setDefaultFailureUrl("/login.html?error=fail");
super.onAuthenticationFailure(httpRequest, httpResponse, authenticationException);
}
};
}
试试这个:
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
// .......
response.sendRedirect("/login.html?error=fail");
}
更新:
将"/login.html?error=fail"添加到authorizeRequests((部分非常重要,否则控制器将不会选取错误参数。
将.antMatchers("/login").permitAll()替换为.antMatchers("/login**").permitAll()
参数也有问题(在我的情况下,登录失败并且一些请求参数被添加到 url 中,它重定向到没有参数的登录页面(。
这解决了我的问题
.antMatchers("/login**").permitAll()
我是springBoot的新手,如果您使用的是Spring boot 2.1.4.RELEASE,请尝试以下配置:
http.csrf().disable()
.authorizeRequests()
// URLs matching for access rights
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
// form login
.formLogin()
.loginPage("/login")
.failureUrl("/login?error=true")
.successHandler(sucessHandler)
.usernameParameter("email")
.passwordParameter("password")
.and()
// logout
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").and()
.exceptionHandling()
.accessDeniedPage("/access-denied");
要使用上面定义的 Spring 安全性配置,我们需要将其附加到 Web 应用程序。在这种情况下,我们不需要任何网络.xml:
public class SpringApplicationInitializer
extends AbstractAnnotationConfigDispatcherServletInitializer {
protected Class<?>[] getRootConfigClasses() {
return new Class[] {SecSecurityConfig.class};
}}
这意味着您创建以下类,该类将自动实例化
SecSecurityConfig.class : 是你执行所有 http.csrf((.disable((.authorizeRequests((...配置
来源 : https://www.baeldung.com/spring-security-login
希望对:)有所帮助