0
我有一個關於彈簧安全性的問題。Spring Security:如何添加添加失敗處理程序
現在我用一個賽普爾siteMinderFilter來限制訪問多個頁面:
RequestHeaderAuthenticationFilter siteMinderFilter = new RequestHeaderAuthenticationFilter (ignored);
siteMinderFilter.setPrincipalRequestHeader("SM_USER");
siteMinderFilter.setAuthenticationManager(authenticationManager());
在這種情況下,當SM_USER是錯了,我想使用我的SmUserFailureHandler:
@Component
public class SmUserFailureHandler extends SimpleUrlAuthenticationFailureHandler {
private Logger log = Logger.getLogger(SmUserFailureHandler.class);
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
super.onAuthenticationFailure(request, response, exception);
log.debug("got AuthenticationException");
if(exception.getClass().isAssignableFrom(PreAuthenticatedCredentialsNotFoundException.class)) {
log.debug("got PreAuthenticatedCredentialsNotFoundException");
}
}
}
,然後在春天配置類
@Bean
public SmUserFailureHandler smUserFailureHandler(){
return new SmUserFailureHandler();
}
但現在我不明白如何我可以將其包含在我的authenticationProvider中。單位置使用了這樣的FailureHandler,我發現是一個登錄表單
http.formLogin().loginPage("/my/login/page/").failureHandler(smUserFailureHandler());
,但我希望它被應用於所有需要SM_USER的資源。
我該如何實現它?