弹出式登录浏览器,Spring Security

huangapple go评论81阅读模式
英文:

Pop-up login browser , spring-security

问题

我有一个使用Spring Security配置的应用程序。
我没有登录页面,所以我使用浏览器弹出窗口来为用户记录日志,弹出窗口工作正常,除了取消按钮,它会重新加载页面而不是关闭对话框。

我正在使用XML配置。

是否有任何配置可以用来阻止这种情况?Spring、JS或其他什么?

英文:

I have a application configured using Spring Security.
I don't have a login page, so I use the browser pop-up to log the users, the pop-up works fine unless for the Cancel button, that reload the page instead of close the dialog.

I am using xml configuration.

Is there any configuration that I can use, to prevent it ? Spring, JS, or something else ?

弹出式登录浏览器,Spring Security

答案1

得分: 0

在经过一些搜索后,我发现如果我不直接使用BasicAuthenticationEntryPoint,而是继承它并覆盖其中的两个方法,我可以设置我想要的返回值,从而解决我的问题。这就是页面在用户每次点击“取消”按钮时重新加载登录弹出窗口的问题。

@Component
public class CustomBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx) throws IOException  {
        //Header response
        response.addHeader("WWW-Authenticate", "Basic realm=" + getRealmName() + "");

        //Error Status, that you want to return, 401, 404, ....
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

        //Message that will be showed at screen
        PrintWriter writer = response.getWriter();
        writer.println("HTTP Status 401 - " + authEx.getMessage());
    }

    @Override
    public void afterPropertiesSet() {
        setRealmName("NO MATTER WICH NAME");
        super.afterPropertiesSet();
    }
}

我在我的security-context.xml中对其进行了配置,在<http>标签内,但你也可以在代码层面上实现相同效果。

<http-basic entry-point-ref="customBasicAuthenticationEntryPoint" />
英文:

After some search, I found that if I instead of use the BasicAuthenticationEntryPoint directly, extend it and override two of it methods, I could set the return that I wanted and it would solve my problem. That was the page reloading the login pop-up every time that the user clicked sur the Cancel button.

@Component
public class CustomBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx) throws IOException  {
        //Header response
        response.addHeader(&quot;WWW-Authenticate&quot;, &quot;Basic realm=&quot; + getRealmName() + &quot;&quot;);

        //Error Status, that you want to return, 401, 404, ....
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

        //Message that will be showed at screen
        PrintWriter writer = response.getWriter();
        writer.println(&quot;HTTP Status 401 - &quot; + authEx.getMessage());
    }

    @Override
    public void afterPropertiesSet() {
        setRealmName(&quot;NO MATTER WICH NAME&quot;);
        super.afterPropertiesSet();
    }
}

I configured it at my security-context.xml, inside < http >, but you can do the same at code level.

&lt;http-basic entry-point-ref=&quot;customBasicAuthenticationEntryPoint&quot; /&gt;

huangapple
  • 本文由 发表于 2020年10月14日 01:55:49
  • 转载请务必保留本文链接:https://go.coder-hub.com/64340618.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定