SpringSecurity + JSF自定义身份验证

我试图找到解决方案，但没有人工作。我有一些用JSF编写的spring安全配置和前端。我发现在一些intenter但CONFIGS一起，他们不想要工作SpringSecurity + JSF自定义身份验证

<http> 
    <intercept-url pattern="/index*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    <intercept-url pattern="/javax.faces.resource/**" 
     access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    <intercept-url pattern="/**" access="ROLE_USER" /> 
    <intercept-url pattern="/admin/*" access="ROLE_SUPERVISOR" /> 
    <form-login login-page="/index.html" default-target-url="/home.html" 
     always-use-default-target="true" authentication-failure-url="/index.xhtml?login_error=1" /> 
    <logout logout-url="/logout.html" /> 
</http>

和：

<authentication-manager> 
    <authentication-provider>    
     <user-service> 
      <user name="admin" password="admin" authorities="ROLE_USER, ROLE_SUPERVISOR" /> 
      <user name="anonim" password="anonim" authorities="" /> 
      <user name="user" password="user" authorities="ROLE_USER" /> 
     </user-service> 
    </authentication-provider> 
</authentication-manager>

我想做出一些自定义的类，它会像自定义记录器，我发现的解决方案，将类似于这些：

public class LoginBeenController { 
    private static final Logger LOGGER = Logger.getLogger(LoginBeenController.class); 

    private String login; 
    private String password; 
    @Autowired 
    private AuthenticationManager authenticationManager; 

    public LoginBeenController() { 

    } 

    public String getLogin() { 
     return login; 
    } 

    public String getPassword() { 
     return password; 
    } 

    public void setLogin(String login) { 
     this.login = login; 
    } 

    public void setPassword(String password) { 
     this.password = password; 
    } 

    public String login(){ 
     Authentication authentication = authenticationManager 
       .authenticate(new UsernamePasswordAuthenticationToken(
         this.login, this.password)); 
     if (authentication.isAuthenticated()) { 
      SecurityContextHolder.getContext().setAuthentication(
        authentication); 
     } 
     return new String(); 
    } 

}

这里是主要的形式：

<h:form>  
    <h:panelGrid columns="2" cellpadding="5"> 
     <h:outputLabel for="username" name='j_username' value="Username:" /> 
     <p:inputText id="username" value="#{loginBeenController.login}" required="true" label="username" /> 

     <h:outputLabel for="password" value="Password:" /> 
     <h:inputSecret id="password" value='#{loginBeenController.password}' required="true" label="password" /> 

     <f:facet name="footer"> 
      <p:commandButton ajax='false' id="loginButton" value="Login" action="#{loginBeenController.login()}" /> 
     </f:facet> 
    </h:panelGrid>    
</h:form>

来源

2012-12-17 vermer

请告诉我你的问题，究竟什么问题？ – micha

我不知道如何链接这些作品如何使用primefaces自定义授权 – vermer

您应该转发到Spring Security身份验证URL，而不是使用AuthenticationManager。试试这个：

public String doLogin() throws ServletException, IOException { 

    FacesContext context = FacesContext.getCurrentInstance(); 

     String springCheckUrl = this.buildSpringSecurityCheckUrl(); 

     HttpServletRequest request = (HttpServletRequest) context 
       .getExternalContext().getRequest(); 

     RequestDispatcher dispatcher = request 
       .getRequestDispatcher(springCheckUrl); 

     dispatcher.forward((ServletRequest) request, 
       (ServletResponse) context.getExternalContext.getResponse()); 

     context.responseComplete(); 

     return null; 
    } 

    private String buildSpringSecurityCheckUrl() { 
     StringBuilder springCheckUrl = new StringBuilder(
       "/j_spring_security_check").append("?").append("j_username") 
       .append("=").append(this.userName.trim()).append("&") 
       .append("j_password").append("=") 
       .append(this.userPassword.trim()); 
     return springCheckUrl.toString(); 
    } 
}

来源

2012-12-18 02:20:44 ElderMael

但这些是基于servlet重定向maby的解决方案，也是JSF的另一个严格 – vermer

好，我找到解决办法，我只好只添加：

@Autowired 
@Qualifier("authenticationManager") 
AuthenticationManager authenticationManager;

来源

2012-12-18 12:57:00 vermer

SpringSecurity + JSF自定义身份验证

回答

相关问题