身份验证失败重定向请求参数不起作用 [英] Authentication failure redirect with request params not working

问题描述

我正在尝试配置我自己的成功和身份验证失败处理程序.在身份验证失败时，我想使用请求参数重定向回我的登录页面，此参数的存在将在我的登录页面上输出错误消息.然而，尽管出错时我被重定向回我的登录页面，但请求参数始终为 null.

I am trying to configure my own success and authentication failure handlers. On authentication failure I want to redirect back to my login page with a request parameter, the presence of this parameter will output the error message on my login page. However although on error I am getting redirected back to my login page, the request parameter is always null.

代码如下:

protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf().disable()
        .authorizeRequests()
            .antMatchers("/").permitAll()
            .antMatchers("/login").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login.html").permitAll() 
            .usernameParameter("username")
            .passwordParameter("password")                                               
            .loginProcessingUrl("/login")
            .successHandler(successHandler())
            .failureHandler(handleAuthenticationFailure());
}

@Autowired
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    //database checks
}
};
}

/**
 * Authentication success handler defines action when successfully authenticated
 * @return
 */
@Bean
public AuthenticationSuccessHandler successHandler(){
    return new AuthenticationSuccessHandler() {

        @Override
        public void onAuthenticationSuccess(HttpServletRequest httpRequest, HttpServletResponse httpResponse, Authentication authentication)
                throws IOException, ServletException {

            // custom auth success here
            httpResponse.setStatus(HttpServletResponse.SC_OK);
            SavedRequest savedRequest = (SavedRequest) httpRequest.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST");
            httpResponse.sendRedirect(savedRequest.getRedirectUrl());
        }
    };
}

@Bean
public AuthenticationFailureHandler handleAuthenticationFailure() {
    return new SimpleUrlAuthenticationFailureHandler() {

        @Override
        public void onAuthenticationFailure(HttpServletRequest httpRequest, HttpServletResponse httpResponse,
                                            AuthenticationException authenticationException) throws IOException, ServletException {

            // custom failure code here
            setDefaultFailureUrl("/login.html?error=fail");
            super.onAuthenticationFailure(httpRequest, httpResponse, authenticationException);
        }
    };
}

推荐答案

试试这个:

@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {

    // .......

    response.sendRedirect("/login.html?error=fail");    
}

更新:

将/login.html?error=fail"添加到 authorizeRequests() 部分非常重要，否则控制器将不会获取错误参数.

It's really important that the "/login.html?error=fail" is added to an authorizeRequests() section otherwise the controller won't pick up the error parameter.

将 .antMatchers("/login").permitAll() 替换为 .antMatchers("/login**").permitAll()

这篇关于身份验证失败重定向请求参数不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！