1
私はSpring Security 3.0.7を使用しています。Springセキュリティ処理同時実行例外
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="false" use-expressions="true"
access-denied-page="/nazir/auth/denied"
entry-point-ref="authenticationEntryPoint">
<intercept-url pattern="/nazir/auth/login" access="permitAll"/>
<intercept-url pattern="/nazir/main/admin" access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/nazir/main/common" access="hasRole('ROLE_USER')"/>
<logout invalidate-session="true" logout-url="/nazir/auth/logout"
logout-success-url="/nazir/auth/login"/>
<custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>
<custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER"/>
<session-management session-authentication-strategy-ref="sas"/>
</http>
<beans:bean id="authenticationFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy" ref="sas"/>
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationFailureHandler" ref="customAuthenticationFailureHandler"/>
<beans:property name="authenticationSuccessHandler" ref="customAuthenticationSuccessHandler"/>
</beans:bean>
<beans:bean id="customAuthenticationFailureHandler1"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/nazir/auth/login"/>
</beans:bean>
<beans:bean id="customAuthenticationSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/nazir/main/common" />
</beans:bean>
<beans:bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/nazir/auth/login"/>
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetailsService">
<password-encoder ref="passwordEncoder"/>
</authentication-provider>
</authentication-manager>
<beans:bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
id="passwordEncoder"/>
<user-service id="userDetailsService">
<user name="username" password="ee11cbb19052e40b07aac0ca060c23ee"
authorities="ROLE_USER, ROLE_ADMIN" />
<user name="test" password="21232f297a57a5a743894a0e4a801fc3"
authorities="ROLE_USER" />
</user-service>
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry"/>
<beans:property name="expiredUrl" value="/nazir/auth/session-expired" />
</beans:bean>
<beans:bean id="sas"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:property name="maximumSessions" value="1" />
<beans:property name="exceptionIfMaximumExceeded" value="true" />
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
</beans:bean>
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
<beans:bean id="customAuthenticationFailureHandler"
class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler" >
<beans:property name="exceptionMappings">
<beans:props>
<beans:prop key="org.springframework.security.authentication.CredentialsExpiredException">/nazir/auth/login?error=resetPassword</beans:prop>
<beans:prop key="org.springframework.security.authentication.BadCredentialsException">/nazir/auth/login?error=BadCredentials</beans:prop>
<beans:prop key="org.springframework.security.authentication.AccountExpiredException">/nazir/auth/login?error=AccountExpired</beans:prop>
<beans:prop key="org.springframework.security.authentication.AccountStatusException">/nazir/auth/login?error=AccountStatus</beans:prop>
<beans:prop key="org.springframework.security.authentication.AuthenticationCredentialsNotFoundException">/nazir/auth/login?error=AuthenticationCredentialsNotFound</beans:prop>
<beans:prop key="org.springframework.security.authentication.AuthenticationServiceException">/nazir/auth/login?error=AuthenticationService</beans:prop>
<beans:prop key="org.springframework.security.authentication.DisabledException">/nazir/auth/login?error=Disabled</beans:prop>
<beans:prop key="org.springframework.security.authentication.InsufficientAuthenticationException">/nazir/auth/login?error=InsufficientAuthentication</beans:prop>
<beans:prop key="org.springframework.security.authentication.LockedException">/nazir/auth/login?error=Locked</beans:prop>
<beans:prop key="org.springframework.security.authentication.ProviderNotFoundException">/nazir/auth/login?error=ProviderNotFound</beans:prop>
<beans:prop key="org.springframework.security.authentication.SessionAuthenticationException">/nazir/auth/login?error=SessionAuthenticationException</beans:prop>
</beans:props>
</beans:property>
</beans:bean>
質問(ヘルプ):以下は私のセキュリティ設定ファイルはどのようにすることができます私のルートに私customAuthenticationFailureHandlerフィルタを介しSessionAuthenticationException?上記のシナリオのすべての例外は、401を経由しているSessionAuthenticationExceptionを除いて、うまく処理されます。 org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandlerの代わりにorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandlerを使用すると、SessionAuthenticationExceptionが正常に機能します。
よろしく、解決 Nazir
を次のプロパティを追加しましたあなたは、私がcustomAuthenticationFailureHandlerを使用しなかった場合は、それが適切にルーティングされた」この少し明確に説明することができますthrough customAuthenticationFailureHandler! " – Ravi
申し訳ありませんが、私はあなたのコミットがあまりにも長い応答を待っています。私は私の質問を更新しました。 – Nazir
解決済み...私はcustomAuthenticationFailureHandler bean設定で次のプロパティを追加しました: