[英]spring security custom AuthenticationSuccessHandler
我正在將Spring Security用於電子商務項目。 我們要求維護登錄歷史記錄。 由於j_spring_security_check在內部處理身份驗證和授權。 我能找到的唯一方法是擁有一個自定義AuthenticationSuccessHandler來保存成功登錄的歷史記錄。 我讀了一些帖子,得到了一個完美的答案,但有一個錯誤。 以下是我的配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<bean id="encoder" class="com.web.auth.CustomPasswordEncoder">
<constructor-arg value="512"/>
</bean>
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/products/**" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/orders/**" access="hasRole('ROLE_USER')" />
<security:access-denied-handler error-page="/403" />
<security:form-login
login-page="/users/login"
default-target-url="/products/list"
authentication-failure-url="/users/login?error"
username-parameter="username"
password-parameter="password"
authentication-success-handler-ref="myAuthenticationSuccessHandler"/>
<security:logout invalidate-session="true" logout-success-url="/users/login?logout" />
<!-- enable csrf protection -->
<security:csrf/>
</security:http>
<bean id ="customUserDetailsService" class="com.web.auth.UserDetailService"></bean>
<security:authentication-manager>
<security:authentication-provider user-service-ref="customUserDetailsService">
<security:password-encoder ref="encoder">
<security:salt-source user-property="salt"/>
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<bean id="myAuthenticationSuccessHandler" class="com.web.auth.AuthenticationSuccessHandler">
<property name="useReferer" value="true" />
</bean>
</beans>
以下是我對customauthenticationfilter的實現
package com.web.auth;
import com.aws.sns.mobilepush.model.Platform;
import com.loginhistory.UserLoginHistoryService;
import com.loginhistory.model.UserLoginHistory;
import com.user.UserService;
import com.user.model.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.StringUtils;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Optional;
/**
* Created by root on 18/5/15.
*/
public class AuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Autowired
UserLoginHistoryService userLoginHistoryService;
@Autowired
UserService userService;
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) throws IOException,ServletException {
CustomUserDetails customUserDetails = (CustomUserDetails)authentication.getPrincipal();
Optional<User> user = userService.findUserById(customUserDetails.getUserID());
if (!user.isPresent()) {
return;
}
UserLoginHistory userLoginHistory = new UserLoginHistory();
userLoginHistory.setPlatform(Platform.WEB);
userLoginHistory.setUser(user.get());
userLoginHistory.setArnEndPoint("na");
userLoginHistory.setTokenId("na");
userLoginHistoryService.saveLoginHistoryForWeb(userLoginHistory);
super.onAuthenticationSuccess(request,response,authentication);
}
}
現在,我可以保留歷史記錄,並且如果用戶需要受保護的頁面,一切都可以正常工作。 但是,當用戶顯式轉到登錄頁面並放置憑據時,他將再次重定向到同一登錄頁面,而根據我的配置,應將其重定向到默認的登錄后頁面。
請幫助我找出問題並提出可能的解決方案
謝謝,Rohit Mishra
Spring Security自定義AuthenticationSuccessHandler被忽略
[英]Spring Security custom AuthenticationSuccessHandler is ignored
用於RememberMeAuthenticationFilter的Spring Security authenticationSuccessHandler
[英]Spring Security authenticationSuccessHandler for RememberMeAuthenticationFilter
Spring Security 3的AuthenticationSuccessHandler示例
[英]AuthenticationSuccessHandler example for Spring Security 3
Spring Security以編程方式登錄(AuthenticationSuccessHandler)
[英]Spring Security login programmatically (AuthenticationSuccessHandler)
春季安全性沒有類型為AuthenticationSuccessHandler和AuthenticationFalureHandler的合格Bean
[英]spring security No qualifying bean of type AuthenticationSuccessHandler and AuthenticationFalureHandler
Spring Security - AuthenticationSuccessHandler中的身份驗證用戶名為null
[英]Spring Security - Authentication's username is null in AuthenticationSuccessHandler
如何在Spring Security的SAML擴展中注冊AuthenticationSuccessHandler或SAMLRelayStateSuccessHandler?
[英]How to register AuthenticationSuccessHandler or SAMLRelayStateSuccessHandler in Spring Security's SAML extension?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.