0

Spring Security は初めてです。特定の理由で認証が失敗したときに、ログイン ページに表示されるエラーが必要です。

また、構成された URL への Web サービス呼び出しに基づいてユーザーを認証しています。以下は私の構成です。また、構成しましたauthentication-failure-handler-ref

<security:http auto-config="true" use-expressions="true" access-denied-page="/accessDenied.jsp">
    <security:form-login  login-page="/login.jsp" authentication-failure-handler-ref="authenticationFailureHandler"
        default-target-url="/jsp/home"   />

    <security:intercept-url pattern="/login.jsp"
        access="permitAll" />

    <security:intercept-url pattern="/jsp/home"
        access="permitAll" />

    <security:intercept-url pattern="/jsp/*"
        access="isAuthenticated()" />


    <security:logout logout-url="/j_spring_security_logout" logout-success-url="/login.jsp?logout=success" 
        invalidate-session="true"  />

</security:http> 

    <bean id="ldapAuthenticationProvider" class="com.on.transport.authentication.MyAuthenticationProvider">
    </bean>

    <security:authentication-manager alias="authenticationManager">
         <security:authentication-provider ref='ldapAuthenticationProvider'/>   
    </security:authentication-manager>

    <bean id="customUserDetailsService" class="com.service.CustomUserDetailsService">
    </bean>     

<bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
    <property name="exceptionMappings">
        <props>
            <prop key="org.springframework.security.authentication.BadCredentialsException">/errorPage.jsp?login_error=1</prop>
            <prop key="org.springframework.security.authentication.CredentialsExpiredException">/login.jsp?status=2</prop>
            <prop key="org.springframework.security.authentication.LockedException">/login.jsp?status=3</prop>
            <prop key="org.springframework.security.authentication.DisabledException">/login.jsp?status=4</prop>     
        </props>
    </property>
</bean> 

以下のように「authentication-failure-url」と書くと、すべてうまくいきますが、

<security:http  ......>
        <security:form-login  login-page="/login.jsp"
            default-target-url="/jsp/home"  authentication-failure-url="/login.jsp?status=1" />
                  ............
</security:http>

しかし、さまざまな種類の例外をチェックできるように構成する必要があります。

認証プロバイダ

   public class MyAuthenticationProvider implements AuthenticationProvider {

    public Authentication authenticate(Authentication authentication)
            throws AuthenticationException {

        UsernamePasswordAuthenticationToken auth = (UsernamePasswordAuthenticationToken) authentication;

        String username = auth.getName();
        String password = (String)auth.getCredentials();

        UserUpdated user = null;
        int status=0;
        try{
            status = webservice.authenticate(username, password); 
               //webservice is object one is used to authenticate

            if(status==1){
                List<GrantedAuthority> grantedAuthoritiesList = new ArrayList<GrantedAuthority>();

                if(username!=null && (username.equals("test") || username.equals("jp@on.com"))){
                    grantedAuthoritiesList.add(new GrantedAuthorityImpl("ROLE_ADMIN")); 
                }else{
                    grantedAuthoritiesList.add(new GrantedAuthorityImpl("ROLE_USER"));
                }

                return new UsernamePasswordAuthenticationToken(username, null, grantedAuthoritiesList);

            }else if(status==2){
                throw new BadCredentialsException("Incorrect Email Id or Password.");
            }
        }catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    @Override
    public boolean supports(Class<? extends Object> authentication) {
        return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
    }
}

次のようなエラー メッセージが表示されます。

HTTP Status 401 - Authentication Failed: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken

代わりに、エラーメッセージを表示してログインページにリダイレクトする必要があります。

ログは次のように表示されます

org.springframework.security.authentication.BadCredentialsException: Incorrect Email Id or Password
    at com.on.transport.authentication.MyAuthenticationProvider.authenticate(MyAuthenticationProvider.java:98)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
    at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)

[AbstractAuthenticationProcessingFilter.unsuccessfulAuthentication] - Authentication request failed: org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
2013-09-07 13:05:42,685 DEBUG http-8080-2 [AbstractAuthenticationProcessingFilter.unsuccessfulAuthentication] - Updated SecurityContextHolder to contain null Authentication
2013-09-07 13:05:42,686 DEBUG http-8080-2 [AbstractAuthenticationProcessingFilter.unsuccessfulAuthentication] - Delegating to authentication failure handler org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler@3aabc1
2013-09-07 13:05:42,686 DEBUG http-8080-2 [SimpleUrlAuthenticationFailureHandler.onAuthenticationFailure] - No failure URL set, sending 401 Unauthorized error
2013-09-07 13:05:42,686 DEBUG http-8080-2 [HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper.saveContext] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-09-07 13:05:42,687 DEBUG http-8080-2 [SecurityContextPersistenceFilter.doFilter] - SecurityContextHolder now cleared, as request processing completed

私が欠けているものを特定するのを手伝ってください。

4

1 に答える 1

4

こちらをご覧ください: http://www.codemarvels.com/2010/12/spring-security-3-how-to-display-login-errors/

要約すると、 で使用されるさまざまなマッピングをコントローラーでキャプチャする必要があると言われていますauthenticationFailureHandler。次に、任意の jsp にリダイレクトして、必要なメッセージを使用できます。

于 2013-09-10T17:04:18.307 に答える