我有一个关于弹簧安全性的问题。Spring Security:如何添加添加失败处理程序
现在我用一个赛普尔siteMinderFilter
来限制访问多个页面:
RequestHeaderAuthenticationFilter siteMinderFilter = new RequestHeaderAuthenticationFilter (ignored);
siteMinderFilter.setPrincipalRequestHeader("SM_USER");
siteMinderFilter.setAuthenticationManager(authenticationManager());
在这种情况下,当SM_USER是错了,我想使用我的SmUserFailureHandler:
@Component
public class SmUserFailureHandler extends SimpleUrlAuthenticationFailureHandler {
private Logger log = Logger.getLogger(SmUserFailureHandler.class);
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
super.onAuthenticationFailure(request, response, exception);
log.debug("got AuthenticationException");
if(exception.getClass().isAssignableFrom(PreAuthenticatedCredentialsNotFoundException.class)) {
log.debug("got PreAuthenticatedCredentialsNotFoundException");
}
}
}
,然后在春天配置类
@Bean
public SmUserFailureHandler smUserFailureHandler(){
return new SmUserFailureHandler();
}
但现在我不明白如何我可以将其包含在我的authenticationProvider中。单位置使用了这样的FailureHandler,我发现是一个登录表单
http.formLogin().loginPage("/my/login/page/").failureHandler(smUserFailureHandler());
,但我希望它被应用于所有需要SM_USER的资源。
我该如何实现它?