1. 首頁
  2. 問答
  3. 春季安全 - 成功登錄處理程序訪問http會話

春季安全 - 成功登錄處理程序訪問http會話

2014-12-22 39 views
1

我試圖訪問HttpSession後登錄,使用成功的處理程序 - MySimpleUrlAuthenticationSuccessHandler - 使用request.getSession(false),但它在這個階段是空的,有什麼建議嗎?春季安全 - 成功登錄處理程序訪問http會話

beans.xml中的部分:

<security:http auto-config="false" 
       entry-point-ref="authenticationEntryPoint"> 
    <security:intercept-url pattern="/**" /> 

    <security:custom-filter position="FORM_LOGIN_FILTER" ref="authenticationFilter" /> 

    <security:remember-me /> 
    <security:anonymous enabled="false" /> 
    <security:session-management session-fixation-protection="none" /> 
</security:http> 

<bean id="authenticationEntryPoint" 
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" > 
    <constructor-arg type="java.lang.String" value="/login"/> 
</bean> 

<bean id="authenticationFilter" 
     class="com.me.filter.CustomAuthenticationFilter"> 

     <constructor-arg type="java.lang.String" value="/login"/> 

     <property name="authenticationFailureHandler" ref="authenticationFailureHandler" /> 
     <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" /> 
     <property name="authenticationManager" ref="authenticationManager"/> 
</bean> 

<bean id="authenticationFailureHandler" 
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> 
    <property name="defaultFailureUrl" value="/login/failure" /> 
</bean> 

<bean id="authenticationSuccessHandler" 
    class="com.me.web.filter.MySimpleUrlAuthenticationSuccessHandler"> 
    <property name="defaultTargetUrl" value="/login/success" /> 
</bean>

來源

2014-12-22 sami

回答

0

我們應該定義會話策略,使過濾器創建成功認證的會話,因此beans.xml的變化是這樣的:

<bean id="authenticationFilter" 
     class="com.me.filter.CustomAuthenticationFilter"> 

     <constructor-arg type="java.lang.String" value="/login"/> 

     <property name="authenticationFailureHandler" ref="authenticationFailureHandler" /> 
     <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" /> 
     <property name="authenticationManager" ref="authenticationManager"/> 
     <property name="sessionAuthenticationStrategy" ref="registerSessionStrategy" /> 
</bean> 

<bean id="registerSessionStrategy" class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy"> 
    <constructor-arg name="sessionRegistry" ref="sessionRegistry" /> 
</bean> 
<bean id="sessionRegistry" 
    class="org.springframework.security.core.session.SessionRegistryImpl" />

來源

2014-12-23 09:41:52 sami

相關問題

 相關問題