春季安全忘记自定义登录表单认证

Question

我跟着或多或少这说明创建自定义登录表单： http://technology-for-human.blogspot.com/2011/01/jsf-2-with-spring-3-protection-with.html

登录表单使用LoginBean和LoginBean使用一个的AuthenticationService：

@Service("authenticationService") 
public class AuthenticationService { 
    @Resource(name = "authenticationManager") 
    AuthenticationManager authenticationManager; 

    public boolean login(String username, String password) { 
     try { 
      Authentication authenticate = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password)); 
      if (authenticate.isAuthenticated()) { 
       SecurityContextHolder.getContext().setAuthentication(authenticate); 
       return true; 
      } 
     } catch (AuthenticationException e) { 
     } 
    return false; 
    } 
} 

通常一切都按预期工作，登录方法为我的用户返回true。但是然后登录表单再次出现，我可以看到SecurityContextHolder.getContext().getAuthentication()返回null。

Spring配置如下：

<security:http auto-config='true'> 
    <security:form-login login-page="/login.jsf" /> 
    <security:intercept-url pattern="/login.jsf" filters="none" /> 
    <security:intercept-url pattern="/**" access="ROLE_USER" /> 
    <security:logout logout-url="/logout" logout-success-url="/" /> 
</security:http> 

<security:authentication-manager alias="authenticationManager"> 
    <security:authentication-provider user-service-ref="userDetailsService" /> 
</security:authentication-manager> 

任何想法可能会是什么原因？

Answer 1

我认为安全上下文不会持久回到会话。你有没有在web.xml中配置springSecurityFilterChain作为过滤器？

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>