Spring Security 3 HTTP基本身份验证成功处理程序 [英] Spring security 3 http-basic authentication-success-handler

问题描述

我正在使用Spring Security

H i'm using spring security

我拥有表单登录

<http auto-config="true">
        <intercept-url pattern="/pages/**" access="ROLE_USER" />
        <form-login authentication-success-handler-ref="authenticationSuccessHandler" login-page="/login.html" default-target-url="/pages/index.html"
            always-use-default-target="true" authentication-failure-url="/login.html" />
        <logout logout-success-url="/login.html" invalidate-session="true" />
        <anonymous enabled='false'/>
</http>

在这里我可以设置authentication-success-handler-ref，如何将其添加到我的基本身份验证中:

here i can set an authentication-success-handler-ref, how can i add one to my basic authentication:

<http pattern="/REST/**" realm="REALM" entry-point-ref="authenticationEntryPoint">
    <intercept-url pattern="/**" access="ROLE_USER" />
    <http-basic  />
    <logout logout-url="/REST/logout" success-handler-ref="restLogoutSuccessHandler" />
</http>

我以为可以重载BasicAuthenticationFilter，但是我该如何为<http-basic />

i thought abour overriding BasicAuthenticationFilter, but how can i inject my cutom class for <http-basic />

推荐答案

您不能为BASIC身份验证设置身份验证成功处理程序.但是，您可以扩展BasicAuthenticationFilter并覆盖onSuccessfulAuthentication方法:

You cannot set an authentication success handler for BASIC authentication. You can, however, extend BasicAuthenticationFilter and override onSuccessfulAuthentication method:

@Component("customBasicAuthFilter")
public class CustomBasicAuthFilter extends BasicAuthenticationFilter {

    @Autowired
    public CustomBasicAuthFilter(AuthenticationManager authenticationManager) {
        super(authenticationManager);
    }

    protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult) {
        // Do what you want here
    }
}

将其注入您的安全配置中，例如:

Inject it in your security configuration with something like:

<http entry-point-ref="basicEntryPoint">
  <custom-filter ref="customBasicAuthFilter" position="BASIC_AUTH_FILTER"/>
</http>
<authentication-manager alias="authenticationManager">
  ...
</authentication-manager>

更新:或者使用Java配置而不是XML:

Update: Or with Java config instead of XML:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
      .addFilterAt(customBasicAuthFilter, BasicAuthenticationFilter.class)
      .exceptionHandling().authenticationEntryPoint(basicEntryPoint);
}

这篇关于Spring Security 3 HTTP基本身份验证成功处理程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！