[英]Spring Security Custom Authentication Provider always redirect to login page
[英]Spring Boot Custom Authentication Provider redirect after login not working
我在我的Spring Boot应用程序中实现了自定义身份验证提供程序。 这是针对第三方系统对用户进行身份验证,如果成功,我会将其重定向到/ user页面。
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.
.
.
private String privateResources[] = new String[]{"/user/**"};
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(publicResources).permitAll()
.antMatchers(privateResources).hasRole("USER").anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.failureUrl("/login?error=true")
.usernameParameter("username")
.passwordParameter("password")
.successHandler(secureAuthenticationSuccessHandler)
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login")
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.and()
.exceptionHandling().accessDeniedHandler(accessDeniedHandler());
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(this.customAuthenticationProvider);
}
以下是我的自定义身份验证提供程序
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
ResponseEntity responseEntity = postAuthRequest(name, password);
if (responseEntity != null && responseEntity.getStatusCode() == HttpStatus.OK) {
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER"));
return new UsernamePasswordAuthenticationToken(name, password, grantedAuthorities);
} else {
throw new BadCredentialsException(responseEntity.getStatusCode().toString());
}
}
然后在我的SecureAuthenticationSuccessHandler中,我有:
public class SecureAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException {
handle(request, response, authentication);
clearAuthenticationAttributes(request);
}
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
String targetUrl = "/user";
redirectStrategy.sendRedirect(request, response, targetUrl);
}
身份验证有效,我从CustomAuthenticationProvider收到OK状态。
但是当重定向到/ user时,spring返回:
用户'myuser'尝试访问受保护的URL:/ user
我已经遍历了这段代码并确定我只是遗漏了一些小东西,但却找不到问题。
感谢您的时间。
谢谢大家......我所做的就是改变这一点:
.hasRole("USER").anyRequest().authenticated()
至
.hasRole("USER").anyRequest().authenticated().and().httpBasic()
这解决了我的问题。 不确定这是否是正确的做法,但似乎工作正常。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.