如何在Spring Security中将自定义过滤器与authentication-success-handler-ref等效使用 [英] How to use custom filter with authentication-success-handler-ref equivalent in spring security
问题描述
我想将一些带有登录详细信息的参数传递给Spring Security,例如某些项目ID. 然后,我想根据用户类型重定向到页面. 为此,我正在使用自定义过滤器发送其他参数. 要重定向,我正在使用 authentication-success-handler-ref . 我的问题是,我在使用 和自定义过滤器时遇到位置冲突. 请帮我完成任务.
I want to pass some parameters with login details to spring security such as some item id. then after i want to redirect to page according to the user type. For this i am using custom filter to send additional parameter. And to redirection i am using authentication-success-handler-ref. My problem is, I am geting position conflict as i am using along with custom filter. Please help me out to do my task.
这是我的配置
<http use-expressions="true">
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/accessdenied" access="permitAll" />
<custom-filter ref="ddAuthenticationFilter" position="FORM_LOGIN_FILTER" />
<form-login authentication-failure-url="/accessdenied"
authentication-success-handler-ref="ddAuthenticationSuccessHandler"/>
</http>
<beans:bean id="ddAuthenticationFilter" class="com.dd.security.ExUsernamePasswordAuthenticationFilter"/>
<beans:bean id="ddAuthenticationSuccessHandler" class="com.dd.security.DDAuthenticationSuccessHandler" />
推荐答案
我理解您的问题如下:我想以成功登录后用于重定向的登录名形式提交itemId
I understood your question as follows: I want to submit an itemId in the form login which is used after a successful login for redirection.
要建立这样的过程,您需要做以下事情.
In order to establish such a process you need to do following things.
从您的配置中删除<form-login ...>.您应该具有:
Remove <form-login ...> from your configuration. You should have:
<http use-expressions="true" entry-point-ref="authenticationEntryPoint">
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/accessdenied" access="permitAll" />
<custom-filter ref="ddAuthenticationFilter" position="FORM_LOGIN_FILTER" />
<security:logout />
</http>
不要忘记添加<security:logout />进行注销,并且entry-point-ref属性指向authenticationEntryPoint.
Don't forget to add a <security:logout /> for logout and the entry-point-ref attribute points to an authenticationEntryPoint.
为entry-point-ref添加一个LoginUrlAuthenticationEntryPoint,该c4>指向您的登录页面:
Add a LoginUrlAuthenticationEntryPoint for entry-point-ref which points to your login page:
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<constructor-arg name="loginFormUrl" value="/login" />
</bean>
重构您的ddAuthenticationFilter以满足以下配置:
Refactor your ddAuthenticationFilter to meet the following configuration:
<bean id="ddAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="filterProcessesUrl" value="/j_spring_security_check" />
<property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="ddAuthenticationSuccessHandler" />
<property name="authenticationDetailsSource">
<bean class="security.CustomWebAuthenticationDetailsSource" />
</property>
</bean>
<bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/accessdenied" />
</bean>
创建一个新的类CustomWebAuthenticationDetailsSource:
package security;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import javax.servlet.http.HttpServletRequest;
public class CustomWebAuthenticationDetailsSource implements AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> {
@Override
public WebAuthenticationDetails buildDetails(HttpServletRequest context) {
return new CustomWebAuthenticationDetails(context);
}
}
和相关的CustomWebAuthenticationDetails:
package security;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import javax.servlet.http.HttpServletRequest;
public class CustomWebAuthenticationDetails extends WebAuthenticationDetails {
private final String itemId;
public CustomWebAuthenticationDetails(HttpServletRequest request) {
super(request);
itemId = request.getParameter("itemId");
}
public String getItemId() {
return itemId;
}
//TODO override hashCode, equals and toString to include itemId
@Override
public int hashCode() { /* collapsed */ }
@Override
public boolean equals(Object obj) { /* collapsed */ }
@Override
public String toString() { /* collapsed */ }
}
您的ddAuthenticationSuccessHandler应该具有类似以下示例的逻辑:
Your ddAuthenticationSuccessHandler should have a similiar logic like in this example:
package com.dd.security;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.util.StringUtils;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class DDAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
CustomWebAuthenticationDetails details = (CustomWebAuthenticationDetails) authentication.getDetails();
if(StringUtils.hasText(details.getItemId())) {
//TODO sanity and security check for itemId needed
String redirectUrl = "item/" + details.getItemId();
response.sendRedirect(redirectUrl);
}
throw new IllegalStateException("itemId in authentication details not found");
}
}
可以在此处找到一个工作示例
A working example can be found here
这篇关于如何在Spring Security中将自定义过滤器与authentication-success-handler-ref等效使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
