1

当有会话时,我试图从登录页面重定向。org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint我的spring xml下面的类中有任何选项吗?请提供您的意见以实现这一目标

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

    <beans:bean id="springSecurityFilterChain"
        class="org.springframework.security.web.FilterChainProxy">
        <filter-chain-map path-type="ant">
            <filter-chain pattern="/resources/template/img/**"
                filters="none" />
            <filter-chain pattern="/resources/template/css/**"
                filters="none" />
            <filter-chain pattern="/resources/template/js/**"
                filters="none" />
            <filter-chain pattern="/resources/template/misc/**"
                filters="none" />
            <filter-chain pattern="/resources/js/**"
                filters="none" />
            <filter-chain pattern="/resources/tiles/**"
                filters="none" />
            <filter-chain pattern="/resources/img/**"
                filters="none" />
            <filter-chain pattern="/**"
                filters="
            securityContextPersistenceFilter,
            logoutFilter,
            authenticationProcessingFilter,
            exceptionTranslationFilter,
            filterSecurityInterceptor" />
        </filter-chain-map>

    </beans:bean>

    <beans:bean id="securityContextPersistenceFilter"
        class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
    </beans:bean>

    <beans:bean id="exceptionTranslationFilter"
        class="org.springframework.security.web.access.ExceptionTranslationFilter">
        <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
        <beans:property name="accessDeniedHandler" ref="accessDeniedHandler" />
    </beans:bean>

    <beans:bean id="authenticationEntryPoint"
        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <!-- <property name="loginFormUrl" value="/login.jsp?error=entryPoint" 
            /> -->
        <beans:property name="loginFormUrl" value="/login" />
    </beans:bean>

    <beans:bean id="accessDeniedHandler"
        class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
        <!-- <property name="errorPage" value="/login.jsp?error=access_denied" 
            /> -->
        <beans:property name="errorPage" value= "/loginfail" />
    </beans:bean>

    <beans:bean id="authenticationProcessingFilter"
        class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
        <beans:property name="authenticationManager" ref="authenticationManager" />
        <beans:property name="authenticationFailureHandler">
        <beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <beans:property name="defaultFailureUrl" value="/loginfail" />
        </beans:bean>
    </beans:property>
    <beans:property name="authenticationSuccessHandler">
        <beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
            <beans:property name="defaultTargetUrl" value="/frame_design" />
        </beans:bean>
    </beans:property>
    </beans:bean>

    <beans:bean id="filterSecurityInterceptor"
        class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <beans:property name="authenticationManager" ref="authenticationManager" />
        <beans:property name="accessDecisionManager" ref="accessDecisionManager" />
        <beans:property name="securityMetadataSource">
            <filter-security-metadata-source
                path-type="ant" id="securityDefinitionSource">
                <intercept-url pattern="/frame_design*"
                    access="ADMIN" />

            </filter-security-metadata-source>
        </beans:property>
    </beans:bean>


    <beans:bean id="logoutFilter"
        class="org.springframework.security.web.authentication.logout.LogoutFilter">
        <beans:constructor-arg value="/logout" />
        <beans:constructor-arg ref="logoutHandler">
        </beans:constructor-arg>
    </beans:bean>

    <beans:bean id="logoutHandler"
        class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">

    </beans:bean>
    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="authenticationProvider">

        </authentication-provider>
    </authentication-manager>

    <beans:bean id="authenticationProvider"
        class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <beans:property name="userDetailsService" ref="employAuthDetailsService" />
        <beans:property name="passwordEncoder" ref="passwordEncoder"/>
            <beans:property name="saltSource" ref="saltSource"/>


    </beans:bean>

    <beans:bean id ="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" >
 <beans:constructor-arg value="512"/>
 <beans:property name="iterations" value="1024"/> 
 </beans:bean>
 <beans:bean id="saltSource"
    class="org.springframework.security.authentication.dao.ReflectionSaltSource">
 <beans:property name="userPropertyToUse" value="username"></beans:property>

 </beans:bean>

    <beans:bean id="employAuthDetailsService" class="com.app.myapp.security.UserDetailsServiceImp">
    </beans:bean>


        <beans:bean id="accessDecisionManager"
            class="org.springframework.security.access.vote.AffirmativeBased">
            <beans:property name="decisionVoters">
                <beans:list>
                    <beans:ref bean="roleVoter" />
                </beans:list>
            </beans:property>
        </beans:bean>
        <beans:bean id="roleVoter"
            class="org.springframework.security.access.vote.RoleHierarchyVoter">
            <beans:property name="rolePrefix" value="" />
            <beans:constructor-arg ref="roleHierarchy" />
        </beans:bean>

        <beans:bean id="roleHierarchy"
            class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl">
            <beans:property name="hierarchy">
                <beans:value>
                    ADMIN
<!--                    ADMIN > ROLE_OWNER -->
<!--                    ROLE_OWNER > ROLE_DISTRIBUTOR -->
<!--                    ROLE_DISTRIBUTOR > ROLE_RESELLER -->
<!--                    ROLE_RESELLER > ROLE_USER -->

                </beans:value>
            </beans:property>
    </beans:bean>

</beans:beans>
4

2 回答 2

2

防止已经登录的用户再次访问登录页面。

  • 最干净的方法:您可以实现一个过滤器(HandlerInterceptorHandlerInterceptorAdapter),它重定向已经登录的用户

  • 更多 hack:<sec:authenticate>在登录页面中使用来触发重定向用户的 java 脚本,当他已经登录时。

我的 LoginPageRedirectInterceptor:

public class LoginPageRedirectInterceptor extends HandlerInterceptorAdapter {

    private String[] loginPagePrefixes = new String[] { "/login" };

    private String redirectUrl =  "/";

    private UrlPathHelper urlPathHelper = new UrlPathHelper();

    @Override
    public boolean preHandle(HttpServletRequest request,
                             HttpServletResponse response,
                             Object handler) throws Exception {

        if (isInLoginPaths(this.urlPathHelper.getLookupPathForRequest(request))
                && isAuthenticated()) {                
            response.setContentType("text/plain");
            sendRedirect(request, response);
            return false;
        } else {
            return true;
        }
    }


    private boolean isAuthenticated() {
        Authentication authentication = SecurityContextHolder.getContext()
                                             .getAuthentication();
        if (authentication == null) {
            return false;
        }
        if (authentication instanceof AnonymousAuthenticationToken) {
            return false;
        }
        return authentication.isAuthenticated();
    }

    private void sendRedirect(HttpServletRequest request,
                              HttpServletResponse response) {

        String encodedRedirectURL = response.encodeRedirectURL(
                           request.getContextPath() + this.redirectUrl);
        response.setStatus(HttpStatus.SC_TEMPORARY_REDIRECT);
        response.setHeader("Location", encodedRedirectURL);
    }

    private boolean isInLoginPaths(String requestUrl) {

        for (String login : this.loginPagePrefixes) {
            if (requestUrl.startsWith(login)) {
                return true;
            }
        }
        return false;
    }
}
于 2013-08-31T07:57:29.043 回答
0

请参阅:SimpleUrlAuthenticationSuccessHandler#AlwaysuseDefaultTargeturl

<beans:property name="authenticationSuccessHandler">
    <beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/frame_design" />
        <beans:property name="alwaysUseDefaultTargetUrl" value="true" />
    </beans:bean>
</beans:property>
于 2013-08-31T09:43:02.867 回答