当前位置:网站首页>Failureforwardurl and failureurl
Failureforwardurl and failureurl
2022-04-23 09:50:00 【Engage in money self-discipline】
The same thing
All of them deal with the situation of jumping to the page after authentication failure
Difference
- failureForwardUrl yes forward Jump ,failureUrl yes redirect Jump
- failureForwardUrl Exception information is stored in request in ,failureUrl The authentication failure exception information is stored in session in
failureForwardUrl
Because it's form authentication , So from formLogin() Method to enter and have a look , The bottom is through UsernamePasswordAuthenticationFilter The of this filter attemptAuthentication Method for certification , So in attemptAuthentication Break point in method , It can be debugged . Find that you will enter ForwardAuthenticationFailureHandler processor .
package com.example.config;
import com.example.handler.MyAuthenticationSuccessHandler;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
//【 matters needing attention 】 Release resources should be put in front , The certified ones are in the back
http.authorizeRequests()
.mvcMatchers("/index").permitAll() // On behalf of release index All requests for
.mvcMatchers("/loginHtml").permitAll() // release loginHtml request
.anyRequest().authenticated()// Authentication is required on behalf of other requests
.and()
.formLogin()// Indicates that other requests requiring authentication have passed the form authentication
//loginPage Once you customize this login page , Then you have to make it clear SpringSecurity Which one in the future url Process your login request
.loginPage("/loginHtml")// Used to specify user-defined login interface , Don't use SpringSecurity Default login interface Be careful : Once you customize the login page , Login must be specified url
//loginProcessingUrl This doLogin The request itself is not , Because we just need to tell SpringSecurity, In the future, as long as the front-end initiates a doLogin Such a request ,
// that SpringSecurity You should be username and password To capture
.loginProcessingUrl("/doLogin")// Specified login request processing url
.usernameParameter("uname") // Specifies the name of the login interface user name text box name value , If not specified , The default property name must be username
.passwordParameter("passwd")// Specify the password box of the login interface name value , If not specified , The default property name must be password
// .successForwardUrl("/index")// Authentication success forward Jump path ,forward Represents the jump inside the server , The address bar doesn't change Always jump to the specified request after successful authentication
// .defaultSuccessUrl("/index")// Authentication success Then jump , Redirect redirect After the jump , The address will change Successfully jump according to the last save request
.successHandler(new MyAuthenticationSuccessHandler()) // Handle when authentication is successful Front and back end separation solution
.failureForwardUrl("/loginHtml")// After the authentication fails forward Jump
// .failureUrl("/login.html")// After the authentication fails redirect Jump
.and()
.csrf().disable(); // prohibit csrf Cross site request protection
}
}
matters needing attention
failureForwardUrl
Set to /login.html, Can't get exception information , Because when the browser initiates doLogin When the request reaches the server , After we enter the wrong authentication message , The server will initiate /login.html request , But this /login.html Although there is an interface , But it is not open in our configuration , So we'll find out he's a 302 The return code of
mvcMatchers
Acting only on the back-end interface is controller, image html,js,img Resources are written without controller Jump , It's invalid
Actually failureUrl Set up /login.html It's the same
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org/" lang="en">
<head>
<meta charset="UTF-8">
<title> The user login </title>
</head>
<body>
<h2 th:text="${#request.getAttribute('SPRING_SECURITY_LAST_EXCEPTION')}">
</h2>
<h1> The user login </h1>
<form th:action="@{/doLogin}" method="post">
user name :<input type="text" name="uname"> <br>
password :<input type="text" name="passwd"><br>
<input type="submit" value=" Sign in ">
</form>
</body>
</html>
failureUrl
Because it's form authentication , So from formLogin() Method to enter and have a look , The bottom is through UsernamePasswordAuthenticationFilter The of this filter attemptAuthentication Method for certification , So in attemptAuthentication Break point in method , It can be debugged . Find that you will enter SimpleUrlAuthenticationFailureHandler processor .
package com.example.config;
import com.example.handler.MyAuthenticationSuccessHandler;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
//【 matters needing attention 】 Release resources should be put in front , The certified ones are in the back
http.authorizeRequests()
.mvcMatchers("/index").permitAll() // On behalf of release index All requests for
.mvcMatchers("/loginHtml").permitAll() // release loginHtml request
.anyRequest().authenticated()// Authentication is required on behalf of other requests
.and()
.formLogin()// Indicates that other requests requiring authentication have passed the form authentication
//loginPage Once you customize this login page , Then you have to make it clear SpringSecurity Which one in the future url Process your login request
.loginPage("/loginHtml")// Used to specify user-defined login interface , Don't use SpringSecurity Default login interface Be careful : Once you customize the login page , Login must be specified url
//loginProcessingUrl This doLogin The request itself is not , Because we just need to tell SpringSecurity, In the future, as long as the front-end initiates a doLogin Such a request ,
// that SpringSecurity You should be username and password To capture
.loginProcessingUrl("/doLogin")// Specified login request processing url
.usernameParameter("uname") // Specifies the name of the login interface user name text box name value , If not specified , The default property name must be username
.passwordParameter("passwd")// Specify the password box of the login interface name value , If not specified , The default property name must be password
// .successForwardUrl("/index")// Authentication success forward Jump path ,forward Represents the jump inside the server , The address bar doesn't change Always jump to the specified request after successful authentication
// .defaultSuccessUrl("/index")// Authentication success Then jump , Redirect redirect After the jump , The address will change Successfully jump according to the last save request
.successHandler(new MyAuthenticationSuccessHandler()) // Handle when authentication is successful Front and back end separation solution
// .failureForwardUrl("/login.html")// After the authentication fails forward Jump
.failureUrl("/login.html")// After the authentication fails redirect Jump
.and()
.csrf().disable(); // prohibit csrf Cross site request protection
}
}
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org/" lang="en">
<head>
<meta charset="UTF-8">
<title> The user login </title>
</head>
<body>
<h2 th:text="${#httpSession.getAttribute('SPRING_SECURITY_LAST_EXCEPTION')}">
</h2>
<h1> The user login </h1>
<form th:action="@{/doLogin}" method="post">
user name :<input type="text" name="uname"> <br>
password :<input type="text" name="passwd"><br>
<input type="submit" value=" Sign in ">
</form>
</body>
</html>
版权声明
本文为[Engage in money self-discipline]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204230946224782.html
边栏推荐
- PHP笔记(一):开发环境配置
- JS DOM learn three ways to create elements
- Two methods of building Yum source warehouse locally
- [COCI] Vje š TICA (subset DP)
- Integral function and Dirichlet convolution
- Leetcode question bank 78 Subset (recursive C implementation)
- High paid programmer & interview question series 91 limit 20000 loading is very slow. How to solve it? How to locate slow SQL?
- Your guide to lowering your cholesterol with TLC (continuously updated)
- MySQL of database -- overview and installation
- JS scope, scope chain, global variables and local variables
猜你喜欢
JSON input of Chapter 14 of kettle paoding jieniu
Example of data object mask used by SAP translate
Sql1 [geek challenge 2019]
Redis 异常 read error on connection 解决方案
MySQL of database -- basic common query commands
Go language learning notes - array | go language from scratch
Epidemic prevention registration applet
ABAP implementation publishes restful services for external invocation example
Dropout技术之随机神经元与随机深度
重载、重写、隐藏的对比
随机推荐
JS node operation, why learn node operation
NEC红外遥控编码说明
Exclusive thoughts and cases of JS
代码源每日一题 div1 (701-707)
Comparative analysis of meta universe from the dimension of knowledge dissemination
云身份过于宽松,为攻击者打开了大门
Introduction to graph theory -- drawing
[ACM-ICPC 2018 Shenyang Network preliminaries] J. Ka Chang (block + DFS sequence)
SAP RFC_ CVI_ EI_ INBOUND_ Main BP master data creation example (Demo customer only)
Less than 100 secrets about prime numbers
[lnoi2014] LCA - tree chain subdivision - multipoint LCA depth and problems
Pre parsing of JS
P1446 [hnoi2008] cards (Burnside theorem + DP count)
JS scope, scope chain, global variables and local variables
Canary publishing using ingress
MacOS下使用CLion编译调试MySQL8.x
亚马逊云科技入门资源中心,从0到1轻松上云
[CF 1425d] danger of mad snakes
Easy to understand subset DP
Dropout技术之随机神经元与随机深度