Spring 安全 HTTPBasic 故障處理程序

Question

我在我的 spring 安全性中使用 HTTPBasic 身份驗證方案，我想記錄所有失敗和成功的登錄嘗試。 似乎這樣做的一般方法是在登錄失敗時調用一個方法，有點像這樣......

.and().formLogin().failureHandler(//method to call upon failure);

但是，這需要表單登錄，而我使用的是 HTTPBasic。 我們將如何設置它以便它在 HTTPBasic 身份驗證方案上具有故障處理程序？

Answer 1

安全配置.java

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import com.service.UserService;

@SuppressWarnings("deprecation")
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserService userService;

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider auth = new DaoAuthenticationProvider();
        auth.setUserDetailsService(userService);
        auth.setPasswordEncoder(passwordEncoder());
        return auth;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/welcome").permitAll().antMatchers("/secured")
            .authenticated().and().formLogin()
            .failureHandler(new SimpleUrlAuthenticationFailureHandler()).permitAll().and().httpBasic();

    }

}

LoginFailureHandler.java

package com.config;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;

@Component
public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler {



    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException exception) throws IOException, ServletException {
        String email = request.getParameter("email");

        String redirectURL = "/login?error&email=" + email;

//       if (exception.getMessage().contains("OTP")) {
//              redirectURL = "/login?otp=true&email=" + email;
//          } else {
//              Customer customer = customerService.getCustomerByEmail(email);
//              if (customer.isOTPRequired()) {
//                  redirectURL = "/login?otp=true&email=" + email;
//              }
//          }
         
         
        super.setDefaultFailureUrl(redirectURL);

        super.onAuthenticationFailure(request, response, exception);
    }

}