stackoom
  简体   繁体   中英

How to override default spring security XML configuration?

 原文  2014-05-16 03:18:34       java/ spring/ spring-mvc/ spring-security

Question

We have a internal framework which does the login authentication process for our application using spring security 3.1.4 Here is a part of a security-applicationContext.xml 

<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:aop="http://www.springframework.org/schema/aop"
  xsi:schemaLocation="http://www.springframework.org/schema/beans  
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.1.xsd
       http://www.springframework.org/schema/aop    http://www.springframework.org/schema/aop/spring-aop-3.1.xsd"> 
//some other beans....
<http use-expressions="true" auto-config="false" disable-url-rewriting="true" entry-point-ref="loginUrlAuthenticationEntryPoint"
        request-matcher-ref="localAuthRequestMatcher">
  <intercept-url pattern="/admin/**" access="hasRole('ADMIN_PERMISSION')" />
  <intercept-url pattern="/system/**" access="hasRole('ADMIN_PERMISSION')" />
  <intercept-url pattern="/enduser/**" access="isAuthenticated()" />
  <intercept-url pattern="/changePassword.do" access="isAuthenticated()"/>      
  <intercept-url pattern="/index.do" access="isAnonymous()" />
  <custom-filter after="SECURITY_CONTEXT_FILTER" ref="welcomePageRedirectFilter" />
  <custom-filter before="LOGOUT_FILTER" ref="internalAuthenticationFilter" />
  <form-login login-page="/index.do" authentication-failure-handler-ref="DCAuthenticationFailureHandler" authentication-success-handler-ref="DCAuthenticationSuccessHandler" />
  <http-basic />
  <anonymous />      
  <session-management session-authentication-strategy-ref="customSessionFixationProtectionStrategy" />  
  <logout success-handler-ref="localLogoutSuccessHandler" />       
</http> 
</beans:beans>

We reference this security-applicationContext.xml configuration in our applicationContext as below 

<import resource="classpath:/security-applicationContext.xml" />

I need to extend the functionality of DCAuthenticationSuccessHandler so I created a new class CPAuthenticationSuccessHandler by extending DCAuthenticationSuccessHandler.

How do i configure my CPAuthenticationSuccessHandler as authentication-success-handler to override the functionality of DCAuthenticationSuccessHandler without touching the security-applicationContext.xml. I really appreciate someone's help on this

I created CPAuthenticationHandler as below 

@Component
@Primary
public class CPAuthenticationSuccessHandler extends DCAuthenticationSuccessHandler {
 @Override
public void onAuthenticationSuccess(final HttpServletRequest request, HttpServletResponse response,
        Authentication authentication) throws IOException, ServletException {
    new DefaultRedirectStrategy().sendRedirect(request, response,
            this.onAuthenticationSuccessUrl(request, response, authentication));
}

    @Override
    public String onAuthenticationSuccessUrl(final HttpServletRequest request, HttpServletResponse response,
        Authentication authentication) throws IOException, ServletException {
.......
}

But CPAuthenticationSuccessHandler is not invoked, i have a breakpoint in both the handlers but control is always going to DCAuthenticationSuccessHandler.

1 answers

solution1
 1 ACCPTED  2014-05-16 05:26:01

See my answer on this post here for an example of how to wire in a custom AuthenticationSuccessHandler into your security context.

However, in your case, instead of implementing AuthenticationSuccessHandler , you want to extend DCAuthenticationSuccessHandler and call super.onAuthenticationSuccess(request, response, authentication) on the last line of your CPAuthenticationSuccessHandler .

Something like this: 

public class CPAuthenticationSuccessHandler extends DCAuthenticationSuccessHandler{
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, 
        HttpServletResponse response, Authentication authentication){
        /* Do anything that you want to do here. Any changes to the HttpServletResponse
         * will be overwritten when you call super. So when you call super will
         * depend on what logic you want to implement.
         */

        super.onAuthenticationSuccess(request, response, authentication);
    }
}

If there is anything you don't understand, let me know

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to override Spring Security default configuration in Spring Boot how to override default hazlecast.xml configuration? How to override parent method in spring xml configuration? How to convert these spring security xml configuration to java configuration spring-security xml configuration How to use configuration from spring-security.xml in spring boot? How to override the default activiti spring-boot configuration How to override spring bean definition defined in xml with @Configuration class for jerseytest Spring Social and Spring Security using XML configuration XML configuration of Spring Security in Spring Boot
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM