1. ホーム
  2. 質問と答え
  3. ログイン失敗後にSpringを取得する

ログイン失敗後にSpringを取得する

2016-06-24 22 views
1

ログイン失敗後(アカウントが無効の場合)にアカウントのアクティブ化トークンを再送信するURLを生成したいとします。ログイン失敗後にSpringを取得する

私はCustomAuthenticationFailureHandlerを持っている:

@Override 
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, 
    AuthenticationException exception) throws IOException, ServletException { 
    setDefaultFailureUrl("/login?error=true"); 
    super.onAuthenticationFailure(request, response, exception); 
    Locale locale = localeResolver.resolveLocale(request); 
    String errorMessage = messages.getMessage("message.badCredentials", null, locale); 

    if (exception.getMessage().equalsIgnoreCase("User is disabled")) { 
     errorMessage = messages.getMessage("auth.message.disabled", null, locale); 
    } else if (exception.getMessage().equalsIgnoreCase("User account has expired")) { 
     errorMessage = messages.getMessage("auth.message.expired", null, locale); 
    } 

    request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, errorMessage); 
    }

何があるかどうか、私はビュー(JSP)でのみ、それを必要としないので、${SPRING_SECURITY_LAST_ATTEMPT.username}のような例STHのためのビューでそれを取得する方法がある場合、私は幸せになりますが、オプション - onAuthenticationFailureからモデルに送信する方法は?

出典

2016-06-24 Wojciech Kumoń

答えて

0

まず、カスタマイズされたauthenticationProviderクラスを作成します。

@Component("authenticationProvider") 
public class DisabledLoginAuthenticationProvider extends DaoAuthenticationProvider { 

    @Autowired 
    UserDetailsDao userDetailsDao; 

    @Autowired 
    @Qualifier("userDetailsService") 
    @Override 
    public void setUserDetailsService(UserDetailsService userDetailsService) { 
     super.setUserDetailsService(userDetailsService); 
    } 

    @Override 
    public Authentication authenticate(Authentication authentication) 
      throws AuthenticationException { 

     try { 

     Authentication auth = super.authenticate(authentication); 

     //if reach here, means login success, else an exception will be thrown 
     //reset the user_attempts 

     return auth; 

     } catch (DisabledException e){ 

     //this user is disabled! 
     String error = ""; 

    //this will db to check the no of attempts 
      UserAttempts userAttempts = 
         userDetailsDao.getUserAttempts(authentication.getName()); 

       if(userAttempts!=null){ 
      Date lastAttempts = userAttempts.getLastModified(); 
      error = "User account is locked! <br><br>Username : " 
          + authentication.getName() + "<br>Last Attempts : " + lastAttempts; 
     }else{ 
      error = e.getMessage(); 
     } 

     throw new LockedException(error); 
    } 

    } 

}

次に、セキュリティxml内に、カスタマイズした認証プロバイダを添付します。

<authentication-manager> 
     <authentication-provider ref="authenticationProvider"/> 
    </authentication-manager>

出典

2016-06-24 20:07:35 Mudassar

+0

@Entity @Table(name="PERSISTENT_LOGINS") public class PersistentLogin implements Serializable{ @Id private String series; @Column(name="USERNAME", unique=true, nullable=false) private String username; @Column(name="TOKEN", unique=true, nullable=false) private String token; @Temporal(TemporalType.TIMESTAMP) private Date last_used; public String getSeries() { return series; } public void setSeries(String series) { this.series = series; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getToken() { return token; } public void setToken(String token) { this.token = token; } public Date getLast_used() { return last_used; } public void setLast_used(Date last_used) { this.last_used = last_used; } }

セキュリティ構成で使用UserDetailsS​​erviceの実装、:アプリケーション戦争でspringSecurityFilterを

@Service("customUserDetailsService") public class CustomUserDetailsService implements UserDetailsService{ static final Logger logger = LoggerFactory.getLogger(CustomUserDetailsService.class); @Autowired private UserService userService; @Transactional(readOnly=true) public UserDetails loadUserByUsername(String ssoId) throws UsernameNotFoundException { User user = userService.findBySSO(ssoId); logger.info("User : {}", user); if(user==null){ logger.info("User not found"); throw new UsernameNotFoundException("Username not found"); } return new org.springframework.security.core.userdetails.User(user.getSsoId(), user.getPassword(), true, true, true, true, getGrantedAuthorities(user)); } private List<GrantedAuthority> getGrantedAuthorities(User user){ List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); for(UserProfile userProfile : user.getUserProfiles()){ logger.info("UserProfile : {}", userProfile); authorities.add(new SimpleGrantedAuthority("ROLE_"+userProfile.getType())); } logger.info("authorities : {}", authorities); return authorities; } }

最終ステップ を登録します。この回答に感謝します。 –

0

アプリケーションに春のセキュリティを追加するための最初のステップ

は、例えば春のセキュリティのJava設定 を作成することです:

@Configuration 
@EnableWebSecurity 
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { 

    @Autowired 
    @Qualifier("customUserDetailsService") 
    UserDetailsService userDetailsService; 

    @Autowired 
    PersistentTokenRepository tokenRepository; 

    @Autowired 
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(userDetailsService); 
     auth.authenticationProvider(authenticationProvider()); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.authorizeRequests().antMatchers("/", "/list") 
       .access("hasRole('USER') or hasRole('ADMIN') or hasRole('DBA')") 
       .antMatchers("/newuser/**", "/delete-user-*").access("hasRole('ADMIN')").antMatchers("/edit-user-*") 
       .access("hasRole('ADMIN') or hasRole('DBA')").and().formLogin().loginPage("/login") 
       .loginProcessingUrl("/login").usernameParameter("ssoId").passwordParameter("password").and() 
       .rememberMe().rememberMeParameter("remember-me").tokenRepository(tokenRepository) 
       .tokenValiditySeconds(86400).and().csrf().and().exceptionHandling().accessDeniedPage("/Access_Denied"); 
    } 

    @Bean 
    public PasswordEncoder passwordEncoder() { 
     return new BCryptPasswordEncoder(); 
    } 

    @Bean 
    public DaoAuthenticationProvider authenticationProvider() { 
     DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); 
     authenticationProvider.setUserDetailsService(userDetailsService); 
     authenticationProvider.setPasswordEncoder(passwordEncoder()); 
     return authenticationProvider; 
    } 

    @Bean 
    public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices() { 
     PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
       "remember-me", userDetailsService, tokenRepository); 
     return tokenBasedservice; 
    } 

    @Bean 
    public AuthenticationTrustResolver getAuthenticationTrustResolver() { 
     return new AuthenticationTrustResolverImpl(); 
    } 

}

第二段階

PersistentTokenRepository 01の実装例:実装上

@Repository("tokenRepositoryDao") 
@Transactional 
public class HibernateTokenRepositoryImpl extends AbstractDao<String, PersistentLogin> 
     implements PersistentTokenRepository { 

    static final Logger logger = LoggerFactory.getLogger(HibernateTokenRepositoryImpl.class); 

    @Override 
    public void createNewToken(PersistentRememberMeToken token) { 
     logger.info("Creating Token for user : {}", token.getUsername()); 
     PersistentLogin persistentLogin = new PersistentLogin(); 
     persistentLogin.setUsername(token.getUsername()); 
     persistentLogin.setSeries(token.getSeries()); 
     persistentLogin.setToken(token.getTokenValue()); 
     persistentLogin.setLast_used(token.getDate()); 
     persist(persistentLogin); 

    } 

    @Override 
    public PersistentRememberMeToken getTokenForSeries(String seriesId) { 
     logger.info("Fetch Token if any for seriesId : {}", seriesId); 
     try { 
      Criteria crit = createEntityCriteria(); 
      crit.add(Restrictions.eq("series", seriesId)); 
      PersistentLogin persistentLogin = (PersistentLogin) crit.uniqueResult(); 

      return new PersistentRememberMeToken(persistentLogin.getUsername(), persistentLogin.getSeries(), 
        persistentLogin.getToken(), persistentLogin.getLast_used()); 
     } catch (Exception e) { 
      logger.info("Token not found..."); 
      return null; 
     } 
    } 

    @Override 
    public void removeUserTokens(String username) { 
     logger.info("Removing Token if any for user : {}", username); 
     Criteria crit = createEntityCriteria(); 
     crit.add(Restrictions.eq("username", username)); 
     PersistentLogin persistentLogin = (PersistentLogin) crit.uniqueResult(); 
     if (persistentLogin != null) { 
      logger.info("rememberMe was selected"); 
      delete(persistentLogin); 
     } 

    } 

    @Override 
    public void updateToken(String seriesId, String tokenValue, Date lastUsed) { 
     logger.info("Updating Token for seriesId : {}", seriesId); 
     PersistentLogin persistentLogin = getByKey(seriesId); 
     persistentLogin.setToken(tokenValue); 
     persistentLogin.setLast_used(lastUsed); 
     update(persistentLogin); 
    } 

}

は[PersistentLogin] persistent_loginsテーブルにマッピングされたエンティティを使用して、以下に示すエンティティ自体です。私は明日それを試してみましょう

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { 

}

出典

2016-06-24 21:21:03 FuSsA

+0

'私を覚えている'実装をありがとうが、私はすでにそれを行っている:) –

関連する問題

 関連する問題