我或多或少地遵循此描述来创建自定义登录表单: http://technology-for-human.blogspot.com/2011/01/jsf-2-with-spring-3-protection-with.html
登录表单使用LoginBean,而LoginBean使用AuthenticationService:
@Service("authenticationService")
public class AuthenticationService {
@Resource(name = "authenticationManager")
AuthenticationManager authenticationManager;
public boolean login(String username, String password) {
try {
Authentication authenticate = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
if (authenticate.isAuthenticated()) {
SecurityContextHolder.getContext().setAuthentication(authenticate);
return true;
}
} catch (AuthenticationException e) {
}
return false;
}
}
通常一切都按预期工作,登录方法对我的用户返回true。但随后再次出现登录表单,我可以看到SecurityContextHolder.getContext().getAuthentication()
返回null。
Spring配置如下所示:
<security:http auto-config='true'>
<security:form-login login-page="/login.jsf" />
<security:intercept-url pattern="/login.jsf" filters="none" />
<security:intercept-url pattern="/**" access="ROLE_USER" />
<security:logout logout-url="/logout" logout-success-url="/" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="userDetailsService" />
</security:authentication-manager>
任何想法可能是什么原因?
答案 0 :(得分:0)
我认为安全上下文不会持久化回会话。您是否已将springSecurityFilterChain配置为web.xml中的过滤器?
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>