0

在其他一些帖子之后,我尝试覆盖 spring-security 处理程序的身份验证成功方法,但它从未被调用。我的代码如下所示:

src/groovy/mypackage/MyAuthenticationSuccessHandler.groovy

package mypackage

import org.springframework.security.core.Authentication
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

import javax.servlet.ServletException
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse

public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    public MyAuthenticationSuccessHandler() {
        println("constructed!")
    }
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
        println("override called")
        super.onAuthenticationSuccess(request, response, authentication);
    }
}

资源.groovy:

authenticationSuccessHandler(MyAuthenticationSuccessHandler) {
    def conf = SpringSecurityUtils.securityConfig
    requestCache = ref('requestCache')
    defaultTargetUrl = conf.successHandler.defaultTargetUrl
    alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
    targetUrlParameter = conf.successHandler.targetUrlParameter
    useReferer = conf.successHandler.useReferer
    redirectStrategy = ref('redirectStrategy')
}

没有错误,构造函数肯定被调用并被MyAuthenticationSuccessHandler注入测试控制器,但从onAuthenticationSuccess未被调用。我在超类版本中放置了一个断点,并且有效。我也尝试用 java 重写我的自定义类,但这没有用。

我究竟做错了什么?

4

1 回答 1

1

原来另一个登录过滤器已经处于活动状态,它阻止了正常方法的工作。有问题的过滤器是org.mitre.openid.connect.client.OIDCAuthenticationFilter,解决方法是通过该过滤器注入您的成功处理程序,例如:

    authenticationSuccessHandler(apipulse.MyAuthenticationSuccessHandler) {
        clientRegistrationTemplate = ref(clientRegistrationTemplate)
    }

    ...

    openIdConnectAuthenticationFilter(OIDCAuthenticationFilter) {
        ...
        authenticationSuccessHandler = ref('authenticationSuccessHandler')
    }

只是浪费了一天的时间看这个 - 非常感谢,春天。

于 2019-01-22T10:25:25.713 回答