stackoom
  简体   繁体   中英

Spring Security: Ignore login page by using a special URL parameter

 原文  2012-08-19 01:33:34       java/ spring/ spring-security

Question

I currently have a setup that looks something like this: 

<http auto-config="true">
    <intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login login-page="/login"
                default-target-url="/main.html"
                authentication-failure-url="/failedLogin"/>
    <logout logout-url="/logout.html" logout-success-url="/login" />
</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="foo" password="bar" authorities="ROLE_USER" />                
        </user-service>
    </authentication-provider>
</authentication-manager>


<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

This all seems to work as expected, however, in special situations I want the login page to be bypassed if the user passes in a special token. So currently, if the user goes to a url such as /dog , they will see the login page and if they pass in the credentials of foo/bar then they will be logged in and see the page corresponding to /dog .

I want the ability to use a URL such as /dog?token=abcd which will bypass the login screen and take them directly to the page corresponding to /dog . If they provide an invalid token then they would just see an access denied page.

1 answers

solution1
 9 ACCPTED  2012-08-19 12:42:13

In Spring Security the scenario you want to cover is described in reference manual, chapter Pre-Authentication Scenarios .

Basically you have to:

  • create custom filter by extending AbstractPreAuthenticatedProcessingFilter or choosing one of its implementations,
  • register custom filter <custom-filter position="PRE_AUTH_FILTER" ref="yourPreAuthFilter" /> ,
  • implement or choose one of implemented AuthenticationUserDetailsService s,
  • register the service in PreAuthenticatedAuthenticationProvider (with <property name="yourPreAuthenticatedUserDetailsService"> ).

EDIT : In this answer OP shows his way of implementig custom PRE_AUTH_FILTER .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Special Login with Spring Security Spring Security login page url parameters Spring Security: How to add a redirect query parameter to the login url to allow bookmarking of the page? spring security login url Spring Security Login Page Spring Boot security custom Login page to different url "/" not working Spring Security OAuth2 Login using External Login Page Issue creating login page with spring hibernate and mysql using spring security Spring security: Form login special characters login with param url spring security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM