Spring Security登录失败

Question

我正在使用JSF Mojarra 2.1.18和Primefaces 3.5的Spring Security 3.0.6。

我创建了一个LoginManagedBean，它注入了Spring Security的AuthenticationManager。

@ManagedBean 
    @SessionScoped 
    public class LoginManagedBean implements Serializable { 

     private static final long serialVersionUID = 1L; 

     private static transient final Log logger = LogFactory.getLog(LoginManagedBean.class); 

     private LoginDTO login; 

     private String username; 

     private String password; 

     @ManagedProperty(value = "#{authenticationManager}") 
     private transient AuthenticationManager authenticationManager = null; 

... 

它的工作原理。但是，如果登录失败，我无法再以正确的值重新登录。我想我需要清除/重置authenticationManager对象，但我不知道如何。有什么建议么？提前致谢！

Answer 1

你应该是另一种方式。

1）定义AUTH经理

<s:authentication-manager> 
    <s:authentication-provider> 
     <s:user-service> 
      <s:user name="root" password="root"/> 
     </s:user-service> 
    </s:authentication-provider> 
</s:authentication-manager> 

2）定义安全配置和形式登录

<s:http auto-config="true" use-expressions="true"> 
    <s:intercept-url pattern="/favicon.ico" access="permitAll"/> 
    <s:intercept-url pattern="/resources/**" access="permitAll"/> 
    <s:intercept-url pattern="/login**" access="isAnonymous"/> 
    <s:intercept-url pattern="/pages/*" access="hasAuthority('ROLE_USER')"/>  
    <s:form-login login-page="/login.xhtml" default-target-url="/" 
        authentication-failure-url="/login.xhtml?loginFailed=true"/> 
</s:http> 

3）放@EnableWebMvc一些@Configuration

4）创建在login.xml表来发表数据（字段j_username和j_password）至/j_spring_security_check

5）添加到过滤器web.xml

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 
<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
    <dispatcher>FORWARD</dispatcher> 
    <dispatcher>REQUEST</dispatcher> 
</filter-mapping>