1. 首頁
  2. 問答
  3. Spring自動登錄攔截URL問題

Spring自動登錄攔截URL問題

2011-03-24 95 views
0

我能夠使用下面的內容在SecurityContext中存儲用戶,並且我得到一個有效的Authentcation對象(說im已認證並且附有user_role),但是我仍然被路由到我的/ auth /login.html頁面。我採用下面的代碼,它將「/registered/home.html」返回給JSF,但由於某種原因,當Spring將攔截規則應用於/ registered/*時,它必須將其視爲未經身份驗證的請求。有任何想法嗎?Spring自動登錄攔截URL問題

@Named 
    @Scope("request") 
    public class SignUpDetail extends BaseAction{ 
     @Inject 
     private SignUpDetailBean signUpDetailBean; 
     @Inject 
     private UserManager userManager; 
     @Inject @Named("am") 
     protected AuthenticationManager authenticationManager; 

     public String login(){ 
      if(signUpDetailBean.getEmail() != null){ 
       Users currentUser = userManager.getUser(signUpDetailBean.getEmail()); 
       authenticateUserAndSetSession(currentUser, (HttpServletRequest) FacesUtils.getExternalContext().getRequest()); 

       return "/registered/home.html"; 
      }else{ 

       return "/auth/login.html"; 
      } 

     } 

    private void authenticateUserAndSetSession(Users user, 
        HttpServletRequest request) 
       { 
      UserDetails details = userManager.loadUserByUsername(user.getUsername()); 
      UsernamePasswordAuthenticationToken usernameAndPassword = 
       new UsernamePasswordAuthenticationToken(
        user.getUsername(), "pwd", details.getAuthorities()); 

      // Authenticate, just to be sure 
      Authentication auth = authenticationManager.authenticate(usernameAndPassword); 

      // Place the new Authentication object in the security context. 
      SecurityContextHolder.getContext().setAuthentication(auth); 
     } 

<context:annotation-config /> 
    <context:component-scan base-package="dc" /> 
    <global-method-security /> 
    <http security="none" pattern="/javax.faces.resource/**" /> 
    <http security="none" pattern="/services/rest-api/1.0/**" /> 
    <http security="none" pattern="/preregistered/*" /> 
    <http access-denied-page="/auth/denied.html"> 
     <intercept-url 
      pattern="/**/*.xhtml" 
      access="ROLE_NONE_GETS_ACCESS" /> 
     <intercept-url 
      pattern="/auth/**" 
      access="ROLE_ANONYMOUS,ROLE_USER" /> 
     <intercept-url 
      pattern="/auth/*" 
      access="ROLE_ANONYMOUS" /> 
     <intercept-url 
      pattern="/registered/*" 
      access="ROLE_USER" /> 
      <intercept-url 
      pattern="/*" 
      access="ROLE_ANONYMOUS" /> 
     <form-login 
      login-processing-url="/j_spring_security_check.html" 
      login-page="/auth/login.html" 
      default-target-url="/registered/home.html" 
      authentication-failure-url="/auth/login.html" /> 
     <logout invalidate-session="true" 
       logout-success-url="/" 
       logout-url="/auth/logout.html"/> 
     <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/> 
     <remember-me user-service-ref="userManager" key="dfdf"/> 
    </http> 
    <!-- Configure the authentication provider --> 
    <authentication-manager alias="am"> 
     <authentication-provider user-service-ref="userManager"> 
       <password-encoder ref="passwordEncoder" /> 
     </authentication-provider> 
    </authentication-manager>

來源

2011-03-24 c12

+0

當authenticateUserAndSetSession被稱爲目前尚不清楚。通常你必須設置你自己的過濾器來做你想做的事。 – 2011-03-24 12:56:10

+0

嗨安德魯,它從一個HTML輸入類型=「按鈕」調用,當用戶提交註冊表單時,JSF commandButton。 – c12 2011-03-24 12:58:32

回答

1

存儲在會話的上下文對象,因爲你已經設置特定的URL HTTP安全無

... 
HttpSession session = request.getSession(); 
... 
SecurityContext context = SecurityContextHolder.getContext(); 
context.setAuthentication(auth); 
session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);

來源

2013-07-10 18:54:52

相關問題

 相關問題