堆栈内存溢出
  简体   繁体   English

Spring Boot,默认身份验证失败处理程序如何工作

[英]spring boot, how does default authentication failure handler work

 原文  2019-07-19 18:03:30       java/ spring-boot/ spring-mvc/ handler

问题描述

This is the thing, I have developed a simple spring boot security app using a in memory DB. 这就是事实,我使用内存数据库开发了一个简单的spring boot security应用程序。 On successfull authentication it redirects to another site, my problem comes on authentication failure because it shows me a blank screen. 身份验证成功后,它将重定向到另一个站点,我的问题来自身份验证失败,因为它向我显示了一个空白屏幕。

I have set up a single spring security app and implemented an AuthenticationFailureHandler and an AuthenticationSuccessHandler. 我已经设置了一个单独的spring安全应用程序,并实现了AuthenticationFailureHandler和AuthenticationSuccessHandler。 When I'm not using a custom AuthenticationFailureHandler I do get a BAD CREDENTIALS message on the screen. 当我不使用自定义AuthenticationFailureHandler时,在屏幕上会收到一条BAD CREDENTIALS消息。 

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;

import com.tech.app.security.handler.CsegAuthenticationFailureHandler;
import com.tech.app.security.handler.CsegAuthenticationSuccessHandler;

@SuppressWarnings("deprecation")
@Configuration
@EnableWebSecurity
public class CsegSecurityConfig extends WebSecurityConfigurerAdapter{

    @Autowired
    private CsegAuthenticationSuccessHandler successHandler;
    @Autowired
    private CsegAuthenticationFailureHandler failureHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests().antMatchers(HttpMethod.POST, "/login").permitAll()
            .anyRequest().authenticated().and()
            .formLogin()
            .successHandler(successHandler)
            .failureHandler(failureHandler);

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance()).withUser("user").password("password").roles("USER");
    }



}

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;

import com.fasterxml.jackson.databind.ObjectMapper;

@Component
public class CsegAuthenticationFailureHandler implements AuthenticationFailureHandler{

    private ObjectMapper objectMapper = new ObjectMapper();
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException exception) throws IOException, ServletException {

        System.out.println("credenciales invalidas");
        response.setStatus(HttpStatus.UNAUTHORIZED.value());
        Map<String, Object> data = new HashMap<>();
        data.put("timestamp", Calendar.getInstance().getTime());
        data.put("exception", exception.getMessage());

        response.getOutputStream()
          .println(objectMapper.writeValueAsString(data));
        redirectStrategy.sendRedirect(request, response, "/login?error=true");

    }

}

What I want is that on authentication failure save a record in the DB and return to the default login page generated by spring with the corresponding BAD CREDENTIALS message on the screen. 我想要的是在身份验证失败时将记录保存在DB中,并返回spring生成的默认登录页面,并在屏幕上显示相应的BAD CREDENTIALS消息。 Also I want to know where is that default AuthenticationFailureHandler and how it works. 我也想知道默认的AuthenticationFailureHandler在哪里以及它如何工作。 All I get is a blank screen 我所得到的只是一个空白屏幕

所需消息

空白页

1 个解决方案

解决方案1
 0  2019-07-19 20:06:33

Redirection is made by setting proper Location header to the response. 通过将适当的Location标头设置为响应来进行重定向。 Having youtput stream, you must first write protocol, headers, response body - in that specific order. 具有youtput流后,您必须首先以该特定顺序编写协议,标头,响应主体。

You cannot write headers if you started writing body (unless you are buffering the output). 如果您开始编写正文,则不能编写标头(除非您正在缓冲输出)。 So either write body, or do redirection. 因此,要么写正文,要么做重定向。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 Spring Boot 2 中定义默认处理程序 - How to define a default handler in Spring Boot 2 Spring Authentication如何工作? - How does Spring Authentication work? Spring SAML身份验证失败处理程序和日志记录 - Spring SAML Authentication Failure handler and logging Spring 启动安全 JDBC 基本认证失败 - Spring Boot Security JDBC Basic Authentication Failure spring 启动基本认证不起作用 - spring boot basic authentication not work @SpringBootApplication如何在spring boot中实际工作? - how does @SpringBootApplication actually work in spring boot? spring-boot @ConditionalOnClass 如何工作? - How does spring-boot @ConditionalOnClass work? 如何在 BearerTokenAuthenticationFilter 上设置身份验证失败处理程序? - How to set authentication failure handler on BearerTokenAuthenticationFilter? Webflux 安全登录失败处理程序不起作用 - Webflux security login failure handler does not work Spring Boot 异常处理程序:用户不存在 - Spring Boot Exception Handler: User Does not exist
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM