1

我在 spring security 3.1 中遇到了麻烦。

我将使用带有gmail的spring security openid-login,并且我想使用attribute-exchange获取用户信息。但如果我使用它,它总是在用户登录我的网站时被调用。

如何在用户登录我的网站时只调用一次?我在 openIdAuthFailureHandler 管理登录,我想在这个 bean 中获取用户信息......请帮助我!

(我找到了安全性:记住我,但它不起作用..)

安全.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:global-method-security
    secured-annotations="enabled" proxy-target-class="true" />

<security:http auto-config="true" access-denied-page="/denied/accessDenied">

    <security:intercept-url pattern="/admin/**"
        access="ROLE_ADMIN" />
    <security:intercept-url pattern="/reservation/**"
        access="ROLE_USER, ROLE_ADMIN" />
    <security:intercept-url pattern="/board/**"
        access="ROLE_ADMIN, ROLE_USER" />

    <security:openid-login login-page="/"
        login-processing-url="/j_spring_openid_security_check.do"
        authentication-success-handler-ref="customAuthenticationHandler"
         authentication-failure-handler-ref="openIdAuthFailureHandler">
         <security:attribute-exchange identifier-match="https://www.google.com/.*" >
            <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
            <security:openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true" />
         </security:attribute-exchange>
    </security:openid-login>

    <security:logout logout-url="/j_spring_openid_security_logout.do"
        logout-success-url="/" invalidate-session="true" />
    <!-- <security:http-basic /> -->
</security:http>

<security:authentication-manager>
    <security:authentication-provider>
        <!-- <security:user-service properties="/WEB-INF/resources/users.xml" 
            /> -->
        <security:password-encoder ref="passwordEncoder" />
        <security:jdbc-user-service id="userDetailsService"
            data-source-ref="dataSource"
            users-by-username-query="SELECT id as id, passwd as passwd, 1 as enabled FROM user WHERE id=?"
            authorities-by-username-query="SELECT id as id, power as authority FROM user WHERE id=?" />
<!--            <security:password-encoder hash="sha-256"></security:password-encoder> -->
    </security:authentication-provider>
</security:authentication-manager>

    <bean id="customTokenRepository"   class="com.jinyoung.reservation.openid.CustomTokenRepository" />            
    <bean id="openIdAuthFailureHandler" class="com.jinyoung.reservation.openid.OpenIDAuthenticationFailureHandler"/>
    <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" /> 



    </beans>

OpenIDAuthenticationFailureHandler

   public class OpenIDAuthenticationFailureHandler extends
        SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request,
        HttpServletResponse response, AuthenticationException exception)

                throws IOException, ServletException {

    if (exception instanceof UsernameNotFoundException && exception.getAuthentication() instanceof OpenIDAuthenticationToken && ((OpenIDAuthenticationToken) exception.getAuthentication()).getStatus().equals(OpenIDAuthenticationStatus.SUCCESS)) {

        DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

        request.getSession(true).setAttribute("USER_OPENID_CREDENTIAL", ((UsernameNotFoundException)exception).getExtraInformation());
        OpenIDAuthenticationToken openIdAuth = (OpenIDAuthenticationToken)exception.getAuthentication();
        request.getSession(true).setAttribute("USER_OPENID_CREDENTIAL_EXTRA", openIdAuth);


        for(OpenIDAttribute attr : openIdAuth.getAttributes()) {

            System.out.printf("AX Attribute: %s, Type: %s, Count: %d\n", attr.getName(), attr.getType(), attr.getCount());

            for(String value : attr.getValues()) {
                System.out.printf(" Value: %s\n", value);
            }
        }
        redirectStrategy.sendRedirect(request, response, "/login/registrationOpenid");

        // redirect to create account page
        /*redirectStrategy.sendRedirect(request, response,
                "/?fail=true");*/

    } else {
        super.onAuthenticationFailure(request, response, exception);
    }
    }
      }
4

2 回答 2

0

遇到了一个类似的问题,我通过为注册/登录页面设置两个不同的表单目标(j_spring_openid_security_check_signup和)来解决这个问题。j_spring_openid_security_check一种在注册时使用,一种在登录时使用。在 spring-security.xml 中,我们使用两种不同的配置,一种要求属性,另一种不要求:

<!-- Configure attribute-exchange for signup -->
<!-- will only match /j_spring_openid_security_check_signup -->
<security:http auto-config="true" use-expressions="true" path-type="ant" pattern="/j_spring_openid_security_check_signup">
    <security:openid-login
        login-processing-url="/j_spring_openid_security_check_signup"
        user-service-ref="userDetailsService"
        authentication-failure-handler-ref="authenticationFailureHandler"
        authentication-success-handler-ref="authenticationSuccessHandler">
        <security:attribute-exchange identifier-match="https://www.google.com/.*" >
            <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
            <security:openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true" />
        </security:attribute-exchange>
    </security:openid-login>
</security:http>


<!-- Skip attribute-exchange at log-in -->
<!-- match everything else -->
<security:http auto-config="true" use-expressions="true" path-type="ant">
    <security:openid-login
        login-processing-url="/j_spring_openid_security_check"
        user-service-ref="userDetailsService"
        authentication-failure-handler-ref="authenticationFailureHandler"
        authentication-success-handler-ref="authenticationSuccessHandler"
    />
</security:http>

然后在 authenticationSuccessHandler 中,您将可以在登录时访问属性,但不能在登录时访问。

于 2014-05-15T07:02:28.553 回答
-3

-------------------------------我解决了!!!-------------- ----------------------------

我修改了 spring-security-openid-3.1.1.RELEASE.jar,并且在用户第一次访问我的站点时我只调用了一次属性更改。如果有人想知道,请给我电子邮件 kjy30532@gmail.com !

于 2013-07-04T03:16:52.017 回答