我已将默认身份验证提供程序更改为自定义身份验证提供程序。
这是我的 AuthenticationProvider
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
private ParamsProperties paramsProperties;
@SuppressWarnings("unchecked")
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
//Check username and passwd
String user = (String) authentication.getPrincipal();
String pass = (String) authentication.getCredentials();
if(StringUtils.isBlank(user) || StringUtils.isBlank(pass) ){
throw new BadCredentialsException("Incorrect username/password");
}
//Create SSO
SingleSignOnService service = new SingleSignOnService(paramsProperties.getServicesServer());
try {
//Check logged
service.setUsername(authentication.getName());
service.setPassword(authentication.getCredentials().toString());
ClientResponse response = service.call();
String result = response.getEntity(String.class);
ObjectMapper mapper = new ObjectMapper();
Map<String,Object> map = mapper.readValue(result, new TypeReference<Map<String,Object>>() {} );
//Read code
String code = (String)map.get("code");
log.debug(" ** [Authenticate] Result: " + code );
for (String s : (List<String>)map.get( "messages" ) ) {
log.debug(" [Authenticate] Message: " + s );
}
if ( code.equals( "SESSION_CREATED" ) || code.equals( "SESSION_UPDATED" ) || code.equals( "SESSION_VERIFIED" ) ) {
UsernamePasswordAuthenticationToken tokenSSO = LoginHelper.getuserSringTokenFromAuthService(map);
return tokenSSO;
} else {
return null;
}
} catch (Exception e) {
e.printStackTrace();
throw new AuthenticationServiceException( e.getMessage() );
}
}
public boolean supports(Class authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
这是我的 security.xml
<http>
<form-login default-target-url ="/Login.html" always-use-default-target="true" login-page="/Login.html" login-processing-url="/j_spring_security_check"
authentication-failure-url="/Login.html" />
<http-basic />
<logout logout-success-url="/Login.html" />
</http>
<beans:bean id="localeFilter" class="com.mycomp.comunes.server.spring.controller.login.MyLocaleFilter" lazy-init="true">
<custom-filter position="LAST"/>
</beans:bean>
<beans:bean id="authenticationProvider" class="com.indra.rfef.comunes.server.spring.manager.autenticacion.CustomAuthenticationProvider">
<custom-authentication-provider />
</beans:bean>
它超越了我的 CustomAuthenticationProvider,并正确验证了用户。但是当返回类型为 UsernamePasswordAuthenticationToken 的 tokenSSO 时,它似乎没有将用户保存在安全上下文中,并且当我重定向用户时(在 的回调中) authenticate) 到 index.html,我被重定向回 Login.html。
为什么会这样?我是不是忘记了什么?
最佳答案
请修复您的配置:
<http>
<intercept-url pattern="/Login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**" access="ROLE_USER"/>
<form-login login-page="/Login.html" login-processing-url="/j_spring_security_check" authentication-failure-url="/Login.html" />
<http-basic />
<logout logout-success-url="/Login.html" />
</http>
- 删除
default-target-url ="/Login.html".它在登录到同一登录页面后进行重定向。默认值为/. - 在所有 URL 上添加安全性
<intercept-url pattern="/**" access="ROLE_USER"/> - 不要从登录页面删除匿名访问
- 为什么需要 BasicAuthentication?如果不需要,请将其删除:
<http-basic />
关于java - Spring Security 2 自定义身份验证提供程序不保存安全上下文,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16447156/