我使用Spring Security 3.0.3.RELEASE。我想创建一个自定义验证处理过滤器。春季安全3.0.3和自定义的认证处理过滤器
我创建了一个过滤器是这样的:
// imports ommited
public class myFilter extends AbstractAuthenticationProcessingFilter {
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
// some code here
}
}
我配置我以下列方式security.xml
:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true">
<!--<session-management session-fixation-protection="none"/>-->
<custom-filter ref="ipFilter" before="FORM_LOGIN_FILTER"/>
<intercept-url pattern="/login.jsp*" filters="none"/>
<intercept-url pattern="/**" access="ROLE_USER"/>
<form-login login-page="/login.jsp" always-use-default-target="true"/>
<logout logout-url="/logout" logout-success-url="/login.jsp" invalidate-session="true"/>
</http>
<beans:bean id="ipFilter" class="myFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
</beans:bean>
<authentication-manager alias="authenticationManager" />
</beans:beans>
一切似乎是正确的,但是当我试图访问受保护的页面被称为myFilter.doFilter
的myFilter.attemptAuthentication
。
任何想法为什么?
嗨Neeme,它是MyFilter。代码中的所有内容都按照您的建议,但不知何故,不会调用attemptAuthentication ...还有其他方法可以检查吗? – Worker 2010-11-10 16:44:59
在回复中增加了一些建议 – 2010-11-10 17:15:33
好的,我设法使everythinf工作。我不得不通过bean配置删除标准的 config和config spring security。谢谢! –
Worker
2010-11-11 09:27:39