Spring Security 3 HTTP基本身份验证成功处理程序 [英] Spring security 3 http-basic authentication-success-handler
问题描述
我正在使用Spring Security
H i'm using spring security
我拥有表单登录
<http auto-config="true">
<intercept-url pattern="/pages/**" access="ROLE_USER" />
<form-login authentication-success-handler-ref="authenticationSuccessHandler" login-page="/login.html" default-target-url="/pages/index.html"
always-use-default-target="true" authentication-failure-url="/login.html" />
<logout logout-success-url="/login.html" invalidate-session="true" />
<anonymous enabled='false'/>
</http>
在这里我可以设置authentication-success-handler-ref
,如何将其添加到我的基本身份验证中:
here i can set an authentication-success-handler-ref
, how can i add one to my basic authentication:
<http pattern="/REST/**" realm="REALM" entry-point-ref="authenticationEntryPoint">
<intercept-url pattern="/**" access="ROLE_USER" />
<http-basic />
<logout logout-url="/REST/logout" success-handler-ref="restLogoutSuccessHandler" />
</http>
我以为可以重载BasicAuthenticationFilter,但是我该如何为<http-basic />
i thought abour overriding BasicAuthenticationFilter, but how can i inject my cutom class for <http-basic />
推荐答案
您不能为BASIC身份验证设置身份验证成功处理程序.但是,您可以扩展BasicAuthenticationFilter并覆盖onSuccessfulAuthentication方法:
You cannot set an authentication success handler for BASIC authentication. You can, however, extend BasicAuthenticationFilter and override onSuccessfulAuthentication method:
@Component("customBasicAuthFilter")
public class CustomBasicAuthFilter extends BasicAuthenticationFilter {
@Autowired
public CustomBasicAuthFilter(AuthenticationManager authenticationManager) {
super(authenticationManager);
}
protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult) {
// Do what you want here
}
}
将其注入您的安全配置中,例如:
Inject it in your security configuration with something like:
<http entry-point-ref="basicEntryPoint">
<custom-filter ref="customBasicAuthFilter" position="BASIC_AUTH_FILTER"/>
</http>
<authentication-manager alias="authenticationManager">
...
</authentication-manager>
更新:或者使用Java配置而不是XML:
Update: Or with Java config instead of XML:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterAt(customBasicAuthFilter, BasicAuthenticationFilter.class)
.exceptionHandling().authenticationEntryPoint(basicEntryPoint);
}
这篇关于Spring Security 3 HTTP基本身份验证成功处理程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!