0

我试图找到解决方案,但没有人工作。我有一些用 JSF 编写的 spring 安全配置和前端。我在意图中找到了一些配置,但他们一起不想工作

<http>
     <intercept-url pattern="/index*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
     <intercept-url pattern="/javax.faces.resource/**"
        access="IS_AUTHENTICATED_ANONYMOUSLY" />
     <intercept-url pattern="/**" access="ROLE_USER" />
     <intercept-url pattern="/admin/*" access="ROLE_SUPERVISOR" />
     <form-login login-page="/index.html" default-target-url="/home.html"
        always-use-default-target="true" authentication-failure-url="/index.xhtml?login_error=1" />
     <logout logout-url="/logout.html" />
</http>

和:

    <authentication-manager>
    <authentication-provider>               
        <user-service>
            <user name="admin" password="admin" authorities="ROLE_USER, ROLE_SUPERVISOR" />
            <user name="anonim" password="anonim" authorities="" />
            <user name="user" password="user" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>

我想做一些自定义类,就像自定义记录器一样,我找到了类似于这些的解决方案:

public class LoginBeenController {
    private static final Logger LOGGER = Logger.getLogger(LoginBeenController.class);

    private String login;
    private String password;
    @Autowired
    private AuthenticationManager authenticationManager;

    public LoginBeenController() {

    }

    public String getLogin() {
        return login;
    }

    public String getPassword() {
        return password;
    }

    public void setLogin(String login) {
        this.login = login;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public String login(){
        Authentication authentication = authenticationManager
                .authenticate(new UsernamePasswordAuthenticationToken(
                        this.login, this.password));
        if (authentication.isAuthenticated()) {
            SecurityContextHolder.getContext().setAuthentication(
                    authentication);
        }
        return new String();
    }

}

这是主要形式:

<h:form>    
    <h:panelGrid columns="2" cellpadding="5">  
        <h:outputLabel for="username" name='j_username' value="Username:" />  
        <p:inputText id="username" value="#{loginBeenController.login}" required="true" label="username" />  

        <h:outputLabel for="password" value="Password:" />  
        <h:inputSecret id="password" value='#{loginBeenController.password}' required="true" label="password" />  

        <f:facet name="footer">  
            <p:commandButton ajax='false' id="loginButton" value="Login" action="#{loginBeenController.login()}" />  
        </f:facet>  
    </h:panelGrid>            
</h:form>
4

2 回答 2

2

好的,我找到了我只需要添加的解决方案:

    @Autowired
@Qualifier("authenticationManager")
AuthenticationManager authenticationManager;
于 2012-12-18T12:57:00.537 回答
0

You should be forwarding to Spring Security authentication URL instead of using the AuthenticationManager. Try this:

public String doLogin() throws ServletException, IOException {

    FacesContext context = FacesContext.getCurrentInstance();

        String springCheckUrl = this.buildSpringSecurityCheckUrl();

        HttpServletRequest request = (HttpServletRequest) context
                .getExternalContext().getRequest();

        RequestDispatcher dispatcher = request
                .getRequestDispatcher(springCheckUrl);

        dispatcher.forward((ServletRequest) request,
                (ServletResponse) context.getExternalContext.getResponse());

        context.responseComplete();

        return null;
    }

    private String buildSpringSecurityCheckUrl() {
        StringBuilder springCheckUrl = new StringBuilder(
                "/j_spring_security_check").append("?").append("j_username")
                .append("=").append(this.userName.trim()).append("&")
                .append("j_password").append("=")
                .append(this.userPassword.trim());
        return springCheckUrl.toString();
    }
}
于 2012-12-18T02:20:44.490 回答