0

このような質問を見たことがありますが、私の特定の質問に対する回答はありません。

私は春のセキュリティ 2.1 と jsf 2.1 を使用しています。xhtmlファイルからのログインを処理するために開発したカスタムjsfログインコントローラーがあります。

ログイン方法は次のとおりです。

public String login() throws ServletException, IOException {

    ExternalContext context = FacesContext.getCurrentInstance()
            .getExternalContext();

    RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
            .getRequestDispatcher("/j_spring_security_check");

    dispatcher.forward((ServletRequest) context.getRequest(),
            (ServletResponse) context.getResponse());

    FacesContext.getCurrentInstance().responseComplete();

    Exception e = (Exception) FacesContext.getCurrentInstance().
              getExternalContext().getSessionMap().get(WebAttributes.AUTHENTICATION_EXCEPTION);




    // It's OK to return null here because Faces is just going to exit.
    return null;

}

サンプルコードは別の投稿から引っ張ってきました。

これが私の春の構成です:

    <http use-expressions="true" auto-config="true">
    <!-- <intercept-url pattern="/signin.xhtml" access="permitAll" /> -->

    <intercept-url pattern="/internal/private/**" access="hasRole('USER')" />
    <!-- <intercept-url pattern="/scheduling/internal/private/**" access="hasAnyRole('ADMIN','USER')" 
        /> -->
    <!--<intercept-url pattern="/javax.faces.resource/**" access="permitAll"/> 
        <intercept-url pattern="/**" access="permitAll" /> -->

    <form-login default-target-url="/internal/private/landing.xhtml"
        login-page="/signin.xhtml" />
</http>

ご覧のとおり、デフォルトのターゲット URL は「/internal/private/landing.xhtml」です。デバッグをオンにして、認証が成功したことを確認できますが、デフォルト ページにリダイレクトされません。

以下は、Spring からのリダイレクト呼び出しを示すログから抜粋したものです。

    08:58:03,701 DEBUG [org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy] (http-localhost-127.0.0.1-8080-2) Invalidating session with Id 'qPg2MdmRgSpTcV6CVT7cb-9M.undefined' and migrating attributes.
08:58:03,703 DEBUG [org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy] (http-localhost-127.0.0.1-8080-2) Started new session: GFoQyvUtbd+lmZiNw0QKRrI-.undefined
08:58:03,705 DEBUG [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] (http-localhost-127.0.0.1-8080-2) Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d9fa0ad7: Principal: org.springframework.security.core.userdetails.User@da682271: Username: roland.jones; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN,USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: qPg2MdmRgSpTcV6CVT7cb-9M.undefined; Granted Authorities: ADMIN, USER
08:58:03,714 DEBUG [org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler] (http-localhost-127.0.0.1-8080-2) Using default Url: /internal/private/landing.html
08:58:03,716 DEBUG [org.springframework.security.web.DefaultRedirectStrategy] (http-localhost-127.0.0.1-8080-2) Redirecting to '/scheduling/internal/private/landing.html'
08:58:03,718 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-2) SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@d9fa0ad7: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d9fa0ad7: Principal: org.springframework.security.core.userdetails.User@da682271: Username: roland.jones; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN,USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: qPg2MdmRgSpTcV6CVT7cb-9M.undefined; Granted Authorities: ADMIN, USER'
08:58:03,727 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http-localhost-127.0.0.1-8080-2) SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@d9fa0ad7: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d9fa0ad7: Principal: org.springframework.security.core.userdetails.User@da682271: Username: roland.jones; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN,USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: qPg2MdmRgSpTcV6CVT7cb-9M.undefined; Granted Authorities: ADMIN, USER'
08:58:05,156 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] (http-localhost-127.0.0.1-8080-2) Chain processed normally

ログインを試みた後、アドレスにデフォルトの URL を入力すると、問題なくアクセスできるため、認証が成功したことがわかります。

助けてください。ありがとう!

4

1 に答える 1