Spring Security x509 身份验证成功
使用 x509 时有没有办法设置默认目标?例如,如果我使用常规表单身份验证,我会得到类似的内容:
<security:form-login login-page="/login" always-use-default-target="true" authentication-failure-url="/login?error=1" default-target-url="/summarylogin"/>
以下是我的配置设置:
<security:http auto-config="true" use-expressions="true" entry-point ref="forbiddenAuthEntryPoint">
<security:x509 subject-principal-regex="CN=(.*?)," user-service-ref="dashboardUserDetailsService" />
<security:intercept-url pattern="/static/**" filters="none"/>
<security:intercept-url pattern="/**" access="hasAnyRole('ADMIN', 'USER')" />
<security:session-management invalid-session-url="/login" />
<security:session-management>
<security:concurrency-control max-sessions="5" error-if-maximum-exceeded="true" />
</security:session-management>
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="dashboardUserDetailsService">
</security:authentication-provider>
</security:authentication-manager>
Is there a way to set a default-target when using x509? For example if I was using regular form auth I would have something like:
<security:form-login login-page="/login" always-use-default-target="true" authentication-failure-url="/login?error=1" default-target-url="/summarylogin"/>
Below are my config settings:
<security:http auto-config="true" use-expressions="true" entry-point ref="forbiddenAuthEntryPoint">
<security:x509 subject-principal-regex="CN=(.*?)," user-service-ref="dashboardUserDetailsService" />
<security:intercept-url pattern="/static/**" filters="none"/>
<security:intercept-url pattern="/**" access="hasAnyRole('ADMIN', 'USER')" />
<security:session-management invalid-session-url="/login" />
<security:session-management>
<security:concurrency-control max-sessions="5" error-if-maximum-exceeded="true" />
</security:session-management>
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="dashboardUserDetailsService">
</security:authentication-provider>
</security:authentication-manager>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
使用 form-auth,您可以在身份验证之前获得用户访问的登录页面。因此,您指定默认目标 - 成功验证后将用户发送到哪里。
但使用客户端 X.509 证书身份验证时,您没有登录页面。用户在浏览器中输入一些网址,容器检查他的证书,成功后允许用户访问他输入的网址。
如果您想显示类似“问候”页面的内容(应始终在登录时显示),您可以编写 servlet 过滤器,该过滤器将检查会话中的某些标志,如果未设置标志,则将用户重定向到“问候”页面。
With form-auth you have Login page which user accesses before authentication. So you specify default-target - where to send user after successful auth.
But with client X.509 certificate authentication you have no login page. User types some url in his browser, container checks his certificate and on success allows user to access url he typed.
If you want to show something like "greetings" page, that should be always displayed on login, you can write servlet filter which will check some flag in session, and redirect user to "greetings" page if flag is not set.