1. 首页
  2. 问答
  3. 春季安全说明“坏凭据”的错误,而不是重定向

春季安全说明“坏凭据”的错误,而不是重定向

2016-11-29 50 views
-1

这是我的弹簧security.xml文件:春季安全说明“坏凭据”的错误,而不是重定向

<http auto-config="true" use-expressions="true"> 
     <intercept-url pattern="/courses*" access="hasRole('ROLE_USER')" /> 
     <custom-filter before="FORM_LOGIN_FILTER" ref="MyAuthFilter" /> 
     <form-login 
      login-page="/login" 
      default-target-url="/courses" 
      authentication-failure-url="/login?error" 
      username-parameter="loginField" 
      password-parameter="passwordField" /> 
     <csrf disabled="true" /> 
    </http> 

    <authentication-manager alias="authenticationManager"> 
     <authentication-provider> 
      <user-service> 
       <user name="ars" password="1234" authorities="ROLE_USER" /> 
      </user-service> 
     </authentication-provider> 
    </authentication-manager>

这里是MyAuthFilter:

@Component("MyAuthFilter") 
public class MyAuthFilter extends UsernamePasswordAuthenticationFilter { 

    @Autowired 
    @Qualifier("authenticationManager") 
    @Override 
    public void setAuthenticationManager(AuthenticationManager authenticationManager) { 
     super.setAuthenticationManager(authenticationManager); 
    } 

    @Override 
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) 
      throws AuthenticationException { 

     System.out.println("running my own version of UsernmePasswordFilter ... "); 

     LoginForm loginForm = new LoginForm(); 
     loginForm.setUsername(request.getParameter("login")); 
     loginForm.setPassword(request.getParameter("password")); 
     request.setAttribute("error", 3); 
     System.out.println("login : " + loginForm.getUsername()); 
     UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(loginForm.getUsername(), loginForm.getPassword()); 
     setDetails(request, authRequest); 
     Authentication authResult = this.getAuthenticationManager().authenticate(authRequest); 

     return authResult; 
    } 
}

当我输入错误的登录名或密码就说明“错误的凭据”错误,而不是重定向到登录页面。没有自定义过滤器,它工作正常。 我只想检查登录名\密码有什么问题,并设置“错误”可以修改,我用登录表单显示具体的错误,如“空通”等。

我需要做一个登录页面女巫显示混凝土错误,如“空传递\空登录\两个空\错误的登录或传递”。如果有人能够通过示例或指导进行验证,我将会非常高兴。

来源

2016-11-29 CortezDaCardinal

回答

2

在你的过滤器

@Autowired 
    @Qualifier("authenticationManager") 
    @Override 
    public void setAuthenticationManager(AuthenticationManager authenticationManager, AuthenticationSuccessHandler successHandler, AuthenticationFailureHandler failureHandler) { 
     super.setAuthenticationManager(authenticationManager); 
     this.setAuthenticationSuccessHandler(successHandler); 
     this.setAuthenticationFailureHandler(failureHandler); 
    }

来源

2016-11-29 13:29:04 kuhajeyan

+0

型AuthenticationSuccessHandler的没有合格的bean定义成功和失败处理机

@Bean public AuthenticationSuccessHandler getSuccessHandler(){ SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler(); handler.setDefaultTargetUrl("/login.html"); return handler; } @Bean public AuthenticationFailureHandler getFailureHandler(){ SimpleUrlAuthenticationFailureHandler handler = new SimpleUrlAuthenticationFailureHandler(); handler.setDefaultFailureUrl("/login.html"); return handler; }

。 – CortezDaCardinal

+0

你需要像上面那样定义那些bean – kuhajeyan

+0

我是这样做的,它显示错误 'org.springframework.beans.factory.NoSuchBeanDefinitionException:没有提供'org.springframework.security.web.authentication.AuthenticationSuccessHandler'类型的限定bean可用:预计至少有1个符合自动导向候选人的bean。依赖注释:{} – CortezDaCardinal

相关问题

 相关问题