Spring Security —注冊

Question

我使用此模板https://github.com/hellokoding/registration-login-spring-xml-maven-jsp-mysql進行注冊。

調節器

@RequestMapping(value = "/register", method = POST)
public String registration(@ModelAttribute("userForm") User userForm) {
    userService.add(userForm);
    securityService.autologin(userForm.getUsername(), userForm.getPassword());
    return "redirect:/notes/";
}

方法自動登錄：

@Override
public void autologin(final String username, final String password) {
    UserDetails userDetails = userDetailsService.loadUserByUsername(username);
    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());

    authenticationManager.authenticate(usernamePasswordAuthenticationToken);

    if (usernamePasswordAuthenticationToken.isAuthenticated()) {
        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
    }
}

方法loadUserByUsername：

@Override
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException {
    User user = userRepository.findByName(username);

    Set<GrantedAuthority> grantedAuthorities = user.getRoles().stream().map(role -> new SimpleGrantedAuthority(role.getName())).collect(Collectors.toSet());

    return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), grantedAuthorities);
}

http配置：

<http auto-config="true" >
    <intercept-url pattern="/notes**" access="authenticated" />
    <intercept-url pattern="/" access="permitAll" />
    <intercept-url pattern="/auth**" access="permitAll" />
    <intercept-url pattern="/accessDenied" access="permitAll" />

    <access-denied-handler error-page="/accessDenied" />

    <logout logout-success-url="/auth/login?logout"  />
    <form-login
            default-target-url="/notes/"
            login-page="/auth/login"
            login-processing-url="/j_spring_security_check"
            username-parameter="username"
            password-parameter="password"
    />
    <remember-me data-source-ref="dataSource" />

    <session-management session-fixation-protection="newSession" >
        <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
    </session-management>
</http>

但是，當我創建一個帳戶時，在“注冊”頁面之后，我進入了“登錄”頁面。 並將該用戶添加到數據庫中。 但是，我必須重定向：/ notes /。

Answer 1

AuthenticationManager的authenticate(Authentication auth)方法返回一個新創建的Authentication對象，而不是您作為參數修改傳遞的對象。

實際上， autologin()方法正在做應做的事情。 我會這樣嘗試：

public void autologin(final String username, final String password) {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = 
                new UsernamePasswordAuthenticationToken(
                        username, password);

        Authentication authResult = authenticationManager.authenticate(usernamePasswordAuthenticationToken);

        if (authResult.isAuthenticated()) {
            SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
        }

    }

當您調用AuthenticationManager.authenticate(Authentication auth) ，AuthenticationManager本身將針對與AuthenticationProvider匹配的每個Authentication類嘗試進行身份驗證過程，后者本身必須調用UserDetailsService.loadUserByUsername(String username) 。

因此，首先繞過AuthenticationManager / AuthenticationProvider結構調用UserDetailsService ，然后針對Manager / Provider / UserDetailsService嘗試對服務中使用UserDetails創建的Authentication對象進行身份驗證，這有點煩人。

請嘗試使用我的“自動登錄”代碼段（而不是您自己的代碼段），看看它是否有效

Spring Security —注冊

問題描述

1 個解決方案

解決方案1
0 2017-01-04 13:18:05

Spring Security —注冊

問題描述

1 個解決方案

解決方案1 0 2017-01-04 13:18:05

解決方案1
0 2017-01-04 13:18:05