[英]Spring Security HTTPBasic Failure Handler
我在我的 spring 安全性中使用 HTTPBasic 身份驗證方案,我想記錄所有失敗和成功的登錄嘗試。 似乎這樣做的一般方法是在登錄失敗時調用一個方法,有點像這樣......
.and().formLogin().failureHandler(//method to call upon failure);
但是,這需要表單登錄,而我使用的是 HTTPBasic。 我們將如何設置它以便它在 HTTPBasic 身份驗證方案上具有故障處理程序?
安全配置.java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import com.service.UserService;
@SuppressWarnings("deprecation")
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider auth = new DaoAuthenticationProvider();
auth.setUserDetailsService(userService);
auth.setPasswordEncoder(passwordEncoder());
return auth;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/welcome").permitAll().antMatchers("/secured")
.authenticated().and().formLogin()
.failureHandler(new SimpleUrlAuthenticationFailureHandler()).permitAll().and().httpBasic();
}
}
LoginFailureHandler.java
package com.config;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;
@Component
public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
String email = request.getParameter("email");
String redirectURL = "/login?error&email=" + email;
// if (exception.getMessage().contains("OTP")) {
// redirectURL = "/login?otp=true&email=" + email;
// } else {
// Customer customer = customerService.getCustomerByEmail(email);
// if (customer.isOTPRequired()) {
// redirectURL = "/login?otp=true&email=" + email;
// }
// }
super.setDefaultFailureUrl(redirectURL);
super.onAuthenticationFailure(request, response, exception);
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.