0

我已将默认身份验证提供程序更改为自定义身份验证提供程序。

这是我的 AuthenticationProvider 

public class CustomAuthenticationProvider implements AuthenticationProvider {

@Autowired
private ParamsProperties paramsProperties;  

@SuppressWarnings("unchecked")
public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    //Check username and passwd
    String user = (String) authentication.getPrincipal();
    String pass = (String) authentication.getCredentials();
    if(StringUtils.isBlank(user) || StringUtils.isBlank(pass) ){
        throw new BadCredentialsException("Incorrect username/password");
    }

    //Create SSO
    SingleSignOnService service = new SingleSignOnService(paramsProperties.getServicesServer());
    try {
        //Check logged
        service.setUsername(authentication.getName());
        service.setPassword(authentication.getCredentials().toString());
        ClientResponse response = service.call();
        String result = response.getEntity(String.class);

        ObjectMapper mapper = new ObjectMapper();
        Map<String,Object> map = mapper.readValue(result, new TypeReference<Map<String,Object>>() {} );
        //Read code
        String code = (String)map.get("code");
        log.debug(" ** [Authenticate] Result: " + code );
        for (String s : (List<String>)map.get( "messages" ) ) {
            log.debug(" [Authenticate] Message: " + s );
        }

        if ( code.equals( "SESSION_CREATED" ) || code.equals( "SESSION_UPDATED" ) || code.equals( "SESSION_VERIFIED" ) ) {              
            UsernamePasswordAuthenticationToken tokenSSO = LoginHelper.getuserSringTokenFromAuthService(map);            
            return tokenSSO;                
        } else {
            return null;
        }
    } catch (Exception e) {
        e.printStackTrace();
        throw new AuthenticationServiceException( e.getMessage() );
    }
}


public boolean supports(Class authentication) {
    return authentication.equals(UsernamePasswordAuthenticationToken.class);
}

这是我的 security.xml 

<http>
  <form-login default-target-url ="/Login.html" always-use-default-target="true" login-page="/Login.html" login-processing-url="/j_spring_security_check"
        authentication-failure-url="/Login.html" />  
  <http-basic />
  <logout logout-success-url="/Login.html" />
</http>

<beans:bean id="localeFilter" class="com.mycomp.comunes.server.spring.controller.login.MyLocaleFilter" lazy-init="true">
    <custom-filter position="LAST"/>
</beans:bean>  

<beans:bean id="authenticationProvider" class="com.indra.rfef.comunes.server.spring.manager.autenticacion.CustomAuthenticationProvider">
  <custom-authentication-provider />
</beans:bean>

它通过了我的 CustomAuthenticationProvider,并正确地验证了用户。但是当返回tokenSSO类型时UsernamePasswordAuthenticationToken,它似乎没有将用户保存在安全上下文中,并且当我将用户(在 的回调上authenticate)重定向到 index.html 时,我被重定向回 Login.html。

为什么会发生这种情况?我是不是忘记了什么?

4

1 回答 1

0

请修复您的配置:

<http>
    <intercept-url pattern="/Login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>        
    <intercept-url pattern="/**" access="ROLE_USER"/>
    <form-login login-page="/Login.html" login-processing-url="/j_spring_security_check" authentication-failure-url="/Login.html" />  
    <http-basic />
    <logout logout-success-url="/Login.html" />
</http>
  1. 删除default-target-url ="/Login.html". 它在登录到同一登录页面后进行重定向。默认值为/.
  2. 在所有 URL 上添加安全性<intercept-url pattern="/**" access="ROLE_USER"/>
  3. 不要从登录页面中删除匿名访问
  4. 为什么需要 BasicAuthentication?如果不需要,请将其删除:<http-basic />
于 2013-05-09T03:37:58.047 回答