spring security 无法执行 authentication-success-handler-ref
spring security can't execute authentication-success-handler-ref
这是我的春天-security.xml,
<http auto-config="true">
<access-denied-handler error-page="/accessDenied" />
<form-login login-page="/login"
authentication-success-handler-ref="mySuccessHandler"
authentication-failure-url="/loginError" />
<logout invalidate-session="true" logout-success-url="/main"
logout-url="/logout" delete-cookies="JSESSIONID" />
<remember-me key="j_spring_security_rememberme"/>
<intercept-url pattern="/**" access="ROLE_ADMIN"/>
<session-management invalid-session-url="/login"
session-fixation-protection="none">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="false" />
</session-management>
<session-management
session-authentication-strategy-ref="sas" />
</http>
<!-- 验证成功后跳转的方法 -->
<beans:bean id="mySuccessHandler" class="mocha.cms.security.LoginSuccessHandle" >
</beans:bean>
<!-- authentication-manager 设置alias别名 -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="defaultUserDetailServiceImpl">
<password-encoder hash="md5" base64="false">
<salt-source user-property="username" />
</password-encoder>
</authentication-provider>
</authentication-manager>
<beans:bean id="defaultUserDetailServiceImpl" class="mocha.cms.security.MyUserDetailServiceImpl" />
然后我点击"login"按钮后,它跳转到MyUserDetailServiceImpl,并完成它,但是不能执行LoginSuccessHandle,这是怎么回事?
这是MyUserDetailServiceImpl.java
Collection<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
AdminVo loginAdmin = adminService.getAdminByName(username);
if(loginAdmin == null){
throw new UsernameNotFoundException(username);
}
List<String> permissionIdList = ImmutableList.copyOf(Splitter. on( ",").omitEmptyStrings().split(loginAdmin.getPermissionId()));
for (String permissionId : permissionIdList) {
auths.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
}
boolean enables = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
User user = new User(username, loginAdmin.getPassword(), enables, accountNonExpired, credentialsNonExpired, accountNonLocked,
auths);
return user;
这是LoginSuccessHandle.java
public class LoginSuccessHandle implements AuthenticationSuccessHandler{
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication) throws IOException,ServletException {
String path = request.getContextPath() ;
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
response.sendRedirect(basePath+"manage/folder/allList.htm");
}
}
我解决了,问题是加密的方式,我用的是md5,不是salt,所以,删除<salt-source user-property="username" />的代码就可以了
这是我的春天-security.xml,
<http auto-config="true">
<access-denied-handler error-page="/accessDenied" />
<form-login login-page="/login"
authentication-success-handler-ref="mySuccessHandler"
authentication-failure-url="/loginError" />
<logout invalidate-session="true" logout-success-url="/main"
logout-url="/logout" delete-cookies="JSESSIONID" />
<remember-me key="j_spring_security_rememberme"/>
<intercept-url pattern="/**" access="ROLE_ADMIN"/>
<session-management invalid-session-url="/login"
session-fixation-protection="none">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="false" />
</session-management>
<session-management
session-authentication-strategy-ref="sas" />
</http>
<!-- 验证成功后跳转的方法 -->
<beans:bean id="mySuccessHandler" class="mocha.cms.security.LoginSuccessHandle" >
</beans:bean>
<!-- authentication-manager 设置alias别名 -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="defaultUserDetailServiceImpl">
<password-encoder hash="md5" base64="false">
<salt-source user-property="username" />
</password-encoder>
</authentication-provider>
</authentication-manager>
<beans:bean id="defaultUserDetailServiceImpl" class="mocha.cms.security.MyUserDetailServiceImpl" />
然后我点击"login"按钮后,它跳转到MyUserDetailServiceImpl,并完成它,但是不能执行LoginSuccessHandle,这是怎么回事?
这是MyUserDetailServiceImpl.java
Collection<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
AdminVo loginAdmin = adminService.getAdminByName(username);
if(loginAdmin == null){
throw new UsernameNotFoundException(username);
}
List<String> permissionIdList = ImmutableList.copyOf(Splitter. on( ",").omitEmptyStrings().split(loginAdmin.getPermissionId()));
for (String permissionId : permissionIdList) {
auths.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
}
boolean enables = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
User user = new User(username, loginAdmin.getPassword(), enables, accountNonExpired, credentialsNonExpired, accountNonLocked,
auths);
return user;
这是LoginSuccessHandle.java
public class LoginSuccessHandle implements AuthenticationSuccessHandler{
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication) throws IOException,ServletException {
String path = request.getContextPath() ;
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
response.sendRedirect(basePath+"manage/folder/allList.htm");
}
}
我解决了,问题是加密的方式,我用的是md5,不是salt,所以,删除<salt-source user-property="username" />的代码就可以了