我创建了我的自定义身份验证筛选器,provider和successHandler,它们都可以工作,但SuccessHandler除外。我设置了uo authentication-success-handler-ref,但是看起来好像没有被调用。在日志中使用默认的SavedRequestAwareAuthenticationSuccessHandler。我使用Spring Security 4.2.2和mitreid openid coennect项目。我看到了许多示例,这些示例如何设置您的自定义successHandler,但是它们不起作用。
我的过滤器
<?php
use PHPUnit\Framework\TestCase;
final class SomeTest extends TestCase
{
/**
* @requires PHP 5.3
*/
public function testSome()
{
}
}
我的提供者
@Component("custAuthRequestFilter")
public class custAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
public static final String SPRING_SECURITY_FORM_SESSION_KEY = "custSession";
private String sessionParameter = SPRING_SECURITY_FORM_SESSION_KEY;
private static final Logger LOG = LoggerFactory.getLogger(CustAuthenticationFilter.class);
protected CustAuthenticationFilter() {
super(new AntPathRequestMatcher("/custlogin", "POST"));
}
@Override
public Authentication attemptAuthentication(final HttpServletRequest request, final HttpServletResponse response) {
if (isCustSession(request)) {
final CustAuthenticationToken authRequest = getAuthRequest(request);
return getAuthenticationManager().authenticate(authRequest);
} else {
throw new AuthenticationServiceException("Authentication is not possible, CustSession is missing");
}
}
@Autowired
@Qualifier("custAuthenticationManager")
@Override
public void setAuthenticationManager(final AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
private CustAuthenticationToken getAuthRequest(final HttpServletRequest request) {
final String session = obtainSession(request);
return new CustAuthenticationToken(session);
}
private boolean isCustSession(final HttpServletRequest request) {
return !StringUtils.isEmpty(request.getParameter(sessionParameter));
}
private String obtainSession(final HttpServletRequest request) {
return request.getParameter(sessionParameter);
}
}
我的自定义successHandler
@Component("custAuthenticationProvider")
public class CustAuthenticationProvider
implements AuthenticationProvider {
private final static Logger LOG = LoggerFactory.getLogger(CustAuthenticationProvider.class);
@Autowired
private CoreClient coreClient;
@Autowired
private InMemoryRepository db;
@Override
public Authentication authenticate(final Authentication auth)
throws AuthenticationException {
LOG.debug("Get user info by session from core service");
try {
final List<SimpleGrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
final UserDataMap result = coreClient.getUserDataMap(custToken.getPrincipal().toString());
return new CustAuthenticationToken(custToken.getPrincipal().toString(), authorities);
} catch(final Exception exc) {
throw new InternalAuthenticationServiceException("Internal error", exc);
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(CustAuthenticationToken.class);
}
}
user-context.xml
@Component("custSuccessHandler")
public class CustAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
private static final Logger LOG = LoggerFactory.getLogger(CustAuthenticationSuccessHandler.class);
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
LOG.debug(">>>>>>>>>>>>>>>>>>>>> success handler");
HttpSession session = request.getSession();
super.onAuthenticationSuccess(request, response, authentication);
}
}
日志
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<context:component-scan base-package="io.oidcconnector.auth" />
<security:authentication-manager id="custAuthenticationManager">
<security:authentication-provider ref="custAuthenticationProvider"/>
</security:authentication-manager>
<security:authentication-manager id="authenticationManager">
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"/>
</security:authentication-provider>
</security:authentication-manager>
<mvc:view-controller path="/login" view-name="login" />
<security:http authentication-manager-ref="authenticationManager" >
<security:intercept-url pattern="/authorize" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/**" access="permitAll" />
<security:form-login login-page="/custlogin" authentication-failure-url="/custlogin?error=failure" authentication-success-handler-ref="custSuccessHandler" />
<security:form-login login-page="/login" authentication-failure-url="/login?error=failure" authentication-success-handler-ref="authenticationTimeStamper" />
<security:custom-filter ref="authRequestFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="custAuthRequestFilter" before="FORM_LOGIN_FILTER" />
<security:logout logout-url="/logout" />
<security:anonymous />
<security:expression-handler ref="oauthWebExpressionHandler" />
<security:headers>
<security:frame-options policy="DENY" />
</security:headers>
<security:csrf />
</security:http>
<mvc:view-controller path="/custlogin" view-name="custlogin" />
我不知道为什么这不起作用。