0
스프링 보안 기본 '/ j_security_check'url을 '/ check'로 변경했는데 시스템에 로그인하면 url 'http://www.example.com/users/list'이 표시되어 오른쪽으로 이동하지만 '확인'문자열을 'http://www.example.com/users/list/check'과 같이이 URL에 추가하면 사용자 정의 UsernamePasswordAuthenticationFilterCustom 필터로 이동하게됩니다. 모든 URL에 "확인"을 추가하면 그 이유를 알 수 없습니다. 의 URL/j_security_check의 봄 보안 유효성을 검사합니다 URL이기 때문에스프링 보안 UsernamePasswordAuthenticationFilter url 일치 문제
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- HTTP security configurations -->
<http pattern="/favicon.ico" security="none"/>
<http pattern="/statics/**" security="none"/>
<http pattern="/forgotPasswords/**" security="none"/>
<http pattern="/messages/**" security="none"/>
<http pattern="/sessions/**" security="none"/>
<!--<http pattern="/preferences/reLogin" security="none"/>-->
<http pattern="/javascript/message/**" security="none"/>
<http pattern="/dualLogin" security="none"/>
<http pattern="/inbound" security="none"/>
<http pattern="/twilio/**" security="none"/>
<http pattern="/download/async/**" security="none"/>
<beans:bean id="usernamePasswordAuthenticationFilterCustom" class="com.everbridge.platform.security.extension.UsernamePasswordAuthenticationFilterCustom">
<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
<beans:property name="sessionAuthenticationStrategy" ref="sas" />
<beans:property name="passwordParameter" value="password"/>
<beans:property name="usernameParameter" value="username"/>
<beans:property name="allowSessionCreation" value="true"/>
<beans:property name="filterProcessesUrl" value="/check"/>
<beans:property name="authenticationManager" ref="authenticationManagerCustom"/>
<beans:property name="authenticationFailureHandler" ref="authenticationFailureHandler"/>
<beans:property name="userService" ref="userService" />
<beans:property name="roleService" ref="roleService" />
<beans:property name="accountService" ref="accountService" />
<beans:property name="featureService" ref="featureService" />
<beans:property name="moduleService" ref="moduleService"/>
<beans:property name="permissionService" ref="permissionService"/>
</beans:bean>
<http entry-point-ref="authenticationEntryPoint" auto-config="false" use-expressions="true">
<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<custom-filter position="FORM_LOGIN_FILTER" ref="usernamePasswordAuthenticationFilterCustom" />
<custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" />
<custom-filter ref="afterLoginInterceptor" after="LAST" />
<logout logout-url="/logout" />
<intercept-url pattern="/login" access="permitAll" requires-channel="any"/>
<intercept-url pattern="/switch" access="permitAll" requires-channel="any"/>
<intercept-url pattern="/api/**" access="permitAll" requires-channel="any"/>
<intercept-url pattern="/m/switcher" access="permitAll" requires-channel="any"/>
<intercept-url pattern="/m" access="permitAll" requires-channel="any"/>
<intercept-url pattern="/logout" access="permitAll" requires-channel="any"/>
<intercept-url pattern="/check" access="permitAll" requires-channel="any"/>
<intercept-url pattern="/registers/**" access="permitAll" requires-channel="any"/>
<intercept-url pattern="/preferences/**" access="permitAll" requires-channel="any"/>
<intercept-url pattern="/information/**" access="permitAll" requires-channel="any"/>
<intercept-url pattern="/**" access="isAuthenticated()" requires-channel="any"/>
<access-denied-handler ref="accessDeniedHandlerCustom"/>
<session-management session-authentication-strategy-ref="sas" />
</http>
<beans:bean id="authenticationSuccessHandler" class="com.everbridge.platform.setting.handler.extension.AuthenticationSuccessHandlerCustom">
<beans:property name="targetUrl" value="/dashboard" />
</beans:bean>
<beans:bean id="sas"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<beans:bean id="concurrencyFilter" class="com.everbridge.platform.security.extension.CustomConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/login" />
<beans:property name="logoutHandlers">
<beans:list>
<beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></beans:bean>
<beans:bean class="com.everbridge.platform.security.extension.CustomLogoutHandler"></beans:bean>
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
<beans:bean id="authenticationFailureHandler" class="com.everbridge.platform.setting.handler.extension.AuthenticationFailureHandlerCustom"/>
<beans:bean id="authenticationEntryPoint"
class="com.everbridge.platform.security.extension.AjaxAwareAuthenticationEntryPoint">
<beans:constructor-arg value="/login"/>
</beans:bean>
<beans:bean id="filterSecurityInterceptor"
class="com.everbridge.platform.security.extension.FilterSecurityInterceptorCustom">
<beans:property name="authenticationManager" ref="authenticationManagerCustom" />
<beans:property name="accessDecisionManager" ref="accessDecisionManagerCustom" />
<beans:property name="securityMetadataSource" ref="securityMetadataSourceCustom" />
</beans:bean>
<beans:bean id="afterLoginInterceptor"
class="com.everbridge.platform.portal.filter.AfterLoginInterceptor">
<beans:property name="accountService" ref="accountService" />
<beans:property name="roleService" ref="roleService" />
<beans:property name="userService" ref="userService" />
</beans:bean>
<beans:bean id="accessDecisionManagerCustom" class="com.everbridge.platform.security.extension.AccessDecisionManagerCustom"/>
<beans:bean id="securityMetadataSourceCustom" class="com.everbridge.platform.security.extension.InvocationSecurityMetadataSourceServiceCustom" init-method="loadResources">
<beans:property name="operationService" ref="operationService"/>
<beans:property name="permissionService" ref="permissionService"/>
<beans:property name="resourceService" ref="resourceService"/>
<beans:property name="roleService" ref="roleService"/>
<beans:property name="featureService" ref="featureService"/>
</beans:bean>
<beans:bean id="accessDeniedHandlerCustom" class="com.everbridge.platform.security.extension.AccessDeniedHandlerCustom">
<beans:property name="errorPage" value="/error401" />
</beans:bean>
<authentication-manager alias="authenticationManagerCustom"/>