[英]Spring AuthenticationFailureHandler and WebSecurityConfigurerAdapter loginPage()
編輯:解決了。 在這篇文章后看到我的評論
我目前正在使用Spring-Security實現Web應用程序。 我已經實現了一個自定義AuthenticationFailureHandler ,它檢查用戶是否經常嘗試使用錯誤的憑據登錄(並阻止他幾分鍾)。 但正常的登錄失敗應該將用戶重定向到登錄頁面,參數錯誤( /login?error )。 此頁面顯示錯誤消息,例如“您輸入的密碼錯誤”
AutenticationFailureHandler看起來像這樣(沒有無代碼的代碼)
public class CustomAuthenticationHandler implements AuthenticationFailureHandler {
// Some variables
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
// some logic here..
request.setAttribute("param", "error");
response.sendRedirect("/login?error");
}
我的WebApplicationSecurity類看起來像這樣:
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationHandler customAuthenticationHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginPage("/login")
.permitAll()
.failureHandler(customAuthenticationHandler)
.and()
.logout()
.permitAll();
http.authorizeRequests()
.antMatchers("/css/**", "/img/**", "/js/**")
.permitAll()
.anyRequest()
.authenticated();
http
.csrf()
.disable();
}
@Bean
CustomAuthenticationHandler authenticationHandler() {
return new CustomAuthenticationHandler();
}
@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("*******")
.password("*******")
.roles("USER");
}
}
}
現在的問題是AuthenticationFailureHandler重定向到/login?error但是(我不知道為什么)對/login進行了另一次重定向。
你能幫我解決我的問題嗎?
好吧,我通過在http.authorizeRequests().antMatchers("/css/**", "/img/**", "/js/**")加入“/ login **”解決了這個問題http.authorizeRequests().antMatchers("/css/**", "/img/**", "/js/**")
帶有Java配置的Spring Security AuthenticationFailureHandler
[英]spring security AuthenticationFailureHandler with java config
沒有 WebSecurityConfigurerAdapter 的 Spring Security
[英]Spring Security without the WebSecurityConfigurerAdapter
Spring Security WebSecurityConfigurerAdapter特殊字符
[英]Spring Security WebSecurityConfigurerAdapter special characters
Spring Boot permitAll 在 WebSecurityConfigurerAdapter 中不起作用
[英]Spring Boot permitAll not working in WebSecurityConfigurerAdapter
Spring Security WebSecurityConfigurerAdapter配置問題
[英]Spring security WebSecurityConfigurerAdapter configuration issue
在 Spring Boot 中為 ResourceServerConfigurerAdapter 替換 WebSecurityConfigurerAdapter
[英]Replace WebSecurityConfigurerAdapter in Spring boot for ResourceServerConfigurerAdapter
Spring WebSecurityConfigurerAdapter 方法未注冊或調用
[英]Spring WebSecurityConfigurerAdapter methods not registered or called
如何在Spring Security中解決“ authenticationFailureHandler的未解決的編譯問題”?
[英]How can I resolve 'Unresolved compilation problems for authenticationFailureHandler' in Spring Security?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.