[英]Spring boot AuthenticationSuccessHandler ignored
你好 Stackoverflower,
我遇到了 Spring Security AuthenticationSuccessHandler 的問題。 我實現了一個自定義的 AuthenticationSuccessHandler 但當用戶登錄成功時它會被忽略。
我的自定義 AuthenticationSuccessHandler 類:
@Component("customSuccessHandler")
public class CustomSuccessHandler implements AuthenticationSuccessHandler {
/* (non-Javadoc)
* @see org.springframework.security.web.authentication.AuthenticationSuccessHandler#onAuthenticationSuccess(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.core.Authentication)
*/
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
System.out.println("***************************************************!!!!");
System.out.println("Logged Successful!!!!");
System.out.println("************************************!!!!");
//Ajout des informations utilisateur à la session
ajouterInformationsUtilisateurEnSession(request, authentication);
String urlDeRedirection = determinerUrlDeRedirection(authentication);
if (response.isCommitted()) {
System.out.println("La reponse a ete commitée, redirection vers : " + urlDeRedirection);
return;
}
response.sendRedirect(urlDeRedirection);
}
private String determinerUrlDeRedirection(Authentication auth) {
Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
List<String> roles = new ArrayList<>();
for (GrantedAuthority authority : authorities) {
System.out.println("ROLES : " + authority.getAuthority());
roles.add(authority.getAuthority());
}
if (roles.contains("ROLE_ADMIN")) {
return "/ajouterattributaire";
} else if (roles.contains("ROLE_DGA")) {
return "/home";
} else {
return "/error/403";
}
}
private void ajouterInformationsUtilisateurEnSession(HttpServletRequest request, Authentication authentication) {
//Récupération Session
HttpSession session = request.getSession();
//Définition des informations utilisateur à mettre en session : identifiant et roles
//Identifiant utilisateur
String identifiant = authentication.getName();
//Roles
List<String> roles = new ArrayList<>();
for (GrantedAuthority authority : authentication.getAuthorities()) {
roles.add(authority.getAuthority());
}
//Ajout des infomations utilisateur à la session
session.setAttribute("identifiant", identifiant);
session.setAttribute("roles", roles);
}}
我的配置類:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
/*@Autowired
private DataSource dataSource;*/
private AccessDeniedHandler accessDeniedHandler;
private AuthenticationSuccessHandler authenticationSuccessHandler;
private AuthenticationFailureHandler authenticationFailureHandler;
private UserDetailsService userDetailsService;
@Autowired
public SecurityConfiguration(
@Qualifier("customAccessDeneiedHandler")AccessDeniedHandler accessDeniedHandler,
@Qualifier("customSuccessHandler")AuthenticationSuccessHandler authenticationSuccessHandler,
@Qualifier("customAuthenticationFailureHandler")AuthenticationFailureHandler authenticationFailureHandler,
@Qualifier("customUserDetailsService")UserDetailsService userDetailsService) {
this.accessDeniedHandler = accessDeniedHandler;
this.authenticationSuccessHandler = authenticationSuccessHandler;
this.authenticationFailureHandler = authenticationFailureHandler;
this.userDetailsService = userDetailsService;
}
/* (non-Javadoc)
* @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// TODO Auto-generated method stub
//super.configure(auth);
auth.userDetailsService(userDetailsService) //auth.userDetailsService(utilisateurDetailsService)
.passwordEncoder(passwordEncoder());
}
//Authorization
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
//.antMatchers("/").permitAll()
.antMatchers("/ajouterattributaire").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
//.httpBasic()
.formLogin()
.loginPage("/login")
//.loginProcessingUrl("/login")
.usernameParameter("identifiant")
.passwordParameter("mot_de_passe")
.successHandler(authenticationSuccessHandler)
.failureHandler(authenticationFailureHandler)
.defaultSuccessUrl("/")
.permitAll()
.and()
.logout().permitAll();
http.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
}
/* (non-Javadoc)
* @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.WebSecurity)
*/
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**", "/static/**", "/css/**", "/images/**", "/var/signatures/**");
//web.ignoring().antMatchers("/static/**");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}}
我的自定義 userDetailsService :
@Service("customUserDetailsService")
public class UtilisateurDetailsService implements UserDetailsService {
@Autowired
private UtilisateurService utilisateurService;
@Autowired
private RoleService roleService;
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)
*/
@Override
public UserDetails loadUserByUsername(String identifiantUtilisateur) throws UsernameNotFoundException {
Utilisateur utilisateur = utilisateurService.rechercherParIdentifiantUtilisateur(identifiantUtilisateur);
if (utilisateur == null) {
System.out.println("Problème d'authentification : " + new UsernameNotFoundException("Utilisateur Inexistant").getMessage());
throw new UsernameNotFoundException("Ulisateur inexistant dans la base de donnees!");
}
else {
List<String> nomRoles = roleService.determinerListeDesRolesDeLUtilisateur(utilisateur.getIdUtilisateur());
List<Role> roles = new ArrayList<>();
List<SimpleGrantedAuthority> simpleGrantedAuthorities = new ArrayList<>();
for (String nomRole : nomRoles) { //"ROLE_" +
simpleGrantedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + nomRole));
}
for (String nomRole : nomRoles) {
roles.add(roleService.rechercherRoleParNomRole(nomRole));
}
//Affectation role à l'utilisateur
utilisateur.setRoles(roles);
System.out.println("*********************************************************************************");
System.out.println("Id utilisateur : " + utilisateur.getIdUtilisateur());
System.out.println("Identifiant : " + utilisateur.getIdentifiantUtilisateur());
System.out.println("Nom : " + utilisateur.getNomUtilisateur());
System.out.println("Mot de passe : " + utilisateur.getMotDePasseUtilisateur());
System.out.println("Est actif : " + utilisateur.getEstActifUtilisateur());
System.out.println("Signature utilisateur : " + utilisateur.getSignatureUtilisateur());
System.out.println("Date création : " + utilisateur.getDateHeureCreationUtilisateur());
System.out.println("Authoritises : " + utilisateur.getAuthorities());
System.out.println("Roles : " + utilisateur.getRoles().isEmpty());
System.out.println("Taille roles : " + utilisateur.getRoles().size());
System.out.println("Roles : " + utilisateur.getRoles().isEmpty());
for(Role role : utilisateur.getRoles()) {
System.out.println("Role : " + role.getAuthority());
}
System.out.println("*********************************************************************************");
//return utilisateur;
/*User user = new User(utilisateur.getIdentifiantUtilisateur(),
utilisateur.getMotDePasseUtilisateur(),
simpleGrantedAuthorities);*/
//return user;
return utilisateur;
}
}}
不知道哪里錯了我覺得校長沒問題。
您的CustomSuccessHandler被安全配置中的默認處理程序覆蓋。
只需刪除以下行: .defaultSuccessUrl("/")從SecurityConfiguration類
使用 Spring boot 2,首先刪除.defaultSuccessUrl("/")並創建 bean CustomSuccessHandler。
public AuthenticationSuccessHandler myCustomSuccessHandler(){
return CustomSuccessHandler();
}
Spring Security自定義AuthenticationSuccessHandler被忽略
[英]Spring Security custom AuthenticationSuccessHandler is ignored
Spring Boot - 使用 AuthenticationSuccessHandler 重定向到外部 URL 的問題
[英]Spring Boot - Issues redirecting to external URL with AuthenticationSuccessHandler
用於RememberMeAuthenticationFilter的Spring Security authenticationSuccessHandler
[英]Spring Security authenticationSuccessHandler for RememberMeAuthenticationFilter
Spring Security 3的AuthenticationSuccessHandler示例
[英]AuthenticationSuccessHandler example for Spring Security 3
Spring Security自定義AuthenticationSuccessHandler
[英]spring security custom AuthenticationSuccessHandler
使用Spring Boot 1.3.2(沒有spring-cloud-security)和@ EnableOAuth2Sso配置AuthenticationSuccessHandler
[英]Configuring an AuthenticationSuccessHandler with Spring Boot 1.3.2 (without spring-cloud-security) and @EnableOAuth2Sso
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.