使用请求生成器来验证用户：在春季安全不工作 [英] using request builder to authenticate user: Not working in spring security

问题描述

我需要一个用户的基础上，还记得我的cookie的网页进行验证，
本网站所启发：教程检查春季认证，
我想出了用于检查验证的解决方案。

I need to authenticate a user in a page based on the remember me cookie, inspired by this site: Tutorial for checking spring authentication, I came up with a solution for checking the authentication.

在我的应用程序中所做的更改

的applicationContext-security.xml文件：

applicationContext-security.xml:

<intercept-url pattern='/**AuthenticationChecker.html' access="ROLE_ADMIN"/>
...
<form-login login-page="/Login.html" authentication-failure-url="/Login.html" always-use-default-target="true" default-target-url="/Main.html"/>

GWT code：

Gwt code:

try
{
    RequestBuilder rb = new RequestBuilder(
    RequestBuilder.POST, "AuthenticationChecker.html");
            rb.sendRequest(null, new RequestCallback() 
            {
                public void onError(Request request, Throwable exception)
                {
                    RootPanel.get().add(new HTML("[error]" + exception.getMessage()));
                }
                public void onResponseReceived(Request request, Response response)
                {
                    RootPanel.get()
                   .add(new HTML("[success (" + response.getStatusCode() + "," + response.getStatusText() + ")]"));
                }
            }
    );
}
catch (Exception e)
{
    RootPanel.get().add(new HTML("Error sending request " + e.getMessage()));
}

AuthenticationChecker.html是一个简单的空白html页面，
从我个人理解，作为AuthenticationChecker.html需要以管理员的角色，我应该有一个401未授权，如果还记得我的cookie是不是present和200 OK，如果用户通过身份验证，他的饼干是present。

AuthenticationChecker.html is a simple blank html page, from what I understand, as AuthenticationChecker.html requires role as admin, I should have got a 401 Unauthorized if remember me cookie was not present and a 200 OK if the user was authenticated and his cookie was present.

但是，输出总是显示：[成功（200，OK）]

However, the output always shows: [success (200,OK)]

要交叉检查，我只是输入authenticaionChecker.html（无需登录），并返回到login.html的指示春天的确是认证用户。

To cross check, i simply typed authenticaionChecker.html (without logging in) and it returned back to Login.html indicating that spring is indeed authenticating the user.

难道我做错了吗？

推荐答案

如果你在本教程中，你会看到一个401，当你使用基本身份验证才会返回。随着基于表单的认证，你必须检查是否有错误消息的响应文本。例如：

If you look at the tutorial, you'll see that a 401 is only returned when you're using Basic Authentication. With form-based authentication, you have to check the response text for an error message. For example:

public void onResponseReceived(Request request, Response response) {
    if (response.getStatusCode() != Response.SC_OK) {
        onError(request, new RequestException(response.getStatusText() + ":\n" + response.getText()));
        return;
    }

    if (response.getText().contains("Access Denied")) {
        Window.alert("You have entered an incorrect username or password. Please try again.");
    } else {
        // authentication worked, show a fancy dashboard screen
    }
}

这篇关于使用请求生成器来验证用户：在春季安全不工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！