spring security3用户登录有关

spring security3用户登录相关

package com.security;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.springframework.security.core.AuthenticationException;import org.springframework.security.web.authentication.AuthenticationFailureHandler;public class OnLoginFaild implements AuthenticationFailureHandler {@Overridepublic void onAuthenticationFailure(HttpServletRequest request,HttpServletResponse response, AuthenticationException exception)throws IOException, ServletException {String errorMSG=exception.getMessage();//User is disabled//Bad credentialsSystem.out.println("errorMSG:"+exception.getMessage());if(!("".equals(errorMSG)))response.sendRedirect(request.getContextPath()+"/others_handler/login_faild/"+errorMSG);}}

spring-security.xml配置中的修改

<http pattern="/login.jsp" security="none"/>    <http access-denied-page="/others_handler/no_power_access"><!-- 当访问被拒绝时，会转到403.jsp --><form-login login-page="/login.jsp"authentication-failure-handler-ref="onLoginFaild"authentication-failure-url="/others_handler/login_faild/*"default-target-url="/others_handler/login_success" /><!-- 登录成功跳转到index.jsp --><logout logout-success-url="/login.jsp" /><custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="myFilter" /></http>

以上配置中authentication-failure-handler-ref="onLoginFaild"
表示登录失败时候跳转到anLoginFaild这个bean中

<http pattern="/login.jsp" security="none"/>这个配置当请求/login.jsp时，security不会去拦截，也就不过org.springframework.security.access.intercept.AbstractSecurityInterceptor
拦截器，所以在/login.jsp页面用org.springframework.security.core.context.SecurityContextHolder.getContext().getAuthentication()
也就获得不了用户信息

查看更多 下一篇