spring-security Spring安全HTTPBasic失败处理程序

svgewumm 于 2022-11-11 发布在 Spring

关注(0)|答案(1)|浏览(142)

我在我的spring security中使用HTTPBasic身份验证方案，我想记录所有失败和成功的登录尝试。似乎一般的方法是在登录失败时调用一个方法，有点像这样...

.and().formLogin().failureHandler(//method to call upon failure);

然而，这需要表单登录，而我使用的是HTTPBasic。我们如何设置它，使它在HTTPBasic身份验证方案中有一个失败处理程序？

spring-security

来源：https://stackoverflow.com/questions/73180042/spring-security-httpbasic-failure-handler

1条答案

按热度按时间

smdnsysy1#

安全配置.java

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import com.service.UserService;

@SuppressWarnings("deprecation")
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserService userService;

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider auth = new DaoAuthenticationProvider();
        auth.setUserDetailsService(userService);
        auth.setPasswordEncoder(passwordEncoder());
        return auth;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/welcome").permitAll().antMatchers("/secured")
            .authenticated().and().formLogin()
            .failureHandler(new SimpleUrlAuthenticationFailureHandler()).permitAll().and().httpBasic();

    }

}

登录失败处理程序.java

package com.config;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;

@Component
public class LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException exception) throws IOException, ServletException {
        String email = request.getParameter("email");

        String redirectURL = "/login?error&email=" + email;

//       if (exception.getMessage().contains("OTP")) {
//              redirectURL = "/login?otp=true&email=" + email;
//          } else {
//              Customer customer = customerService.getCustomerByEmail(email);
//              if (customer.isOTPRequired()) {
//                  redirectURL = "/login?otp=true&email=" + email;
//              }
//          }

        super.setDefaultFailureUrl(redirectURL);

        super.onAuthenticationFailure(request, response, exception);
    }

}

赞(0）回复(0）举报 2022-11-11

我来回答

spring-security Spring安全HTTPBasic失败处理程序

1条答案

相关问题

热门标签

最新问答