스프링 보안 UsernamePasswordAuthenticationFilter url 일치 문제

Question

스프링 보안 기본 '/ j_security_check'url을 '/ check'로 변경했는데 시스템에 로그인하면 url 'http://www.example.com/users/list'이 표시되어 오른쪽으로 이동하지만 '확인'문자열을 'http://www.example.com/users/list/check'과 같이이 URL에 추가하면 사용자 정의 UsernamePasswordAuthenticationFilterCustom 필터로 이동하게됩니다. 모든 URL에 "확인"을 추가하면 그 이유를 알 수 없습니다. 의 URL/j_security_check의 봄 보안 유효성을 검사합니다 URL이기 때문에

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 
<!-- HTTP security configurations --> 
<http pattern="/favicon.ico" security="none"/> 
<http pattern="/statics/**" security="none"/> 
<http pattern="/forgotPasswords/**" security="none"/> 
<http pattern="/messages/**" security="none"/> 
<http pattern="/sessions/**" security="none"/> 
<!--<http pattern="/preferences/reLogin" security="none"/>--> 
<http pattern="/javascript/message/**" security="none"/> 
<http pattern="/dualLogin" security="none"/> 
<http pattern="/inbound" security="none"/> 
<http pattern="/twilio/**" security="none"/> 
<http pattern="/download/async/**" security="none"/> 
<beans:bean id="usernamePasswordAuthenticationFilterCustom" class="com.everbridge.platform.security.extension.UsernamePasswordAuthenticationFilterCustom"> 
    <beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/> 
    <beans:property name="sessionAuthenticationStrategy" ref="sas" /> 
    <beans:property name="passwordParameter" value="password"/> 
    <beans:property name="usernameParameter" value="username"/> 
    <beans:property name="allowSessionCreation" value="true"/> 
    <beans:property name="filterProcessesUrl" value="/check"/> 
    <beans:property name="authenticationManager" ref="authenticationManagerCustom"/> 
    <beans:property name="authenticationFailureHandler" ref="authenticationFailureHandler"/> 
    <beans:property name="userService" ref="userService" /> 
    <beans:property name="roleService" ref="roleService" /> 
    <beans:property name="accountService" ref="accountService" /> 
    <beans:property name="featureService" ref="featureService" /> 
    <beans:property name="moduleService" ref="moduleService"/> 
    <beans:property name="permissionService" ref="permissionService"/> 
</beans:bean> 

<http entry-point-ref="authenticationEntryPoint" auto-config="false" use-expressions="true"> 
    <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" /> 
    <custom-filter position="FORM_LOGIN_FILTER" ref="usernamePasswordAuthenticationFilterCustom" /> 
    <custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" /> 
    <custom-filter ref="afterLoginInterceptor" after="LAST" /> 
    <logout logout-url="/logout" /> 
    <intercept-url pattern="/login" access="permitAll" requires-channel="any"/> 
    <intercept-url pattern="/switch" access="permitAll" requires-channel="any"/> 
    <intercept-url pattern="/api/**" access="permitAll" requires-channel="any"/> 
    <intercept-url pattern="/m/switcher" access="permitAll" requires-channel="any"/> 
    <intercept-url pattern="/m" access="permitAll" requires-channel="any"/> 
    <intercept-url pattern="/logout" access="permitAll" requires-channel="any"/> 
    <intercept-url pattern="/check" access="permitAll" requires-channel="any"/> 
    <intercept-url pattern="/registers/**" access="permitAll" requires-channel="any"/> 
    <intercept-url pattern="/preferences/**" access="permitAll" requires-channel="any"/> 
    <intercept-url pattern="/information/**" access="permitAll" requires-channel="any"/> 
    <intercept-url pattern="/**" access="isAuthenticated()" requires-channel="any"/> 

    <access-denied-handler ref="accessDeniedHandlerCustom"/> 
    <session-management session-authentication-strategy-ref="sas" /> 
</http> 

<beans:bean id="authenticationSuccessHandler" class="com.everbridge.platform.setting.handler.extension.AuthenticationSuccessHandlerCustom"> 
    <beans:property name="targetUrl" value="/dashboard" /> 

</beans:bean> 

<beans:bean id="sas" 
      class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> 
    <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /> 
    <beans:property name="maximumSessions" value="1" /> 
</beans:bean> 

<beans:bean id="concurrencyFilter" class="com.everbridge.platform.security.extension.CustomConcurrentSessionFilter"> 
    <beans:property name="sessionRegistry" ref="sessionRegistry" /> 
    <beans:property name="expiredUrl" value="/login" /> 
    <beans:property name="logoutHandlers"> 
     <beans:list> 
      <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></beans:bean> 
      <beans:bean class="com.everbridge.platform.security.extension.CustomLogoutHandler"></beans:bean> 
     </beans:list> 
    </beans:property> 
</beans:bean> 
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> 


<beans:bean id="authenticationFailureHandler" class="com.everbridge.platform.setting.handler.extension.AuthenticationFailureHandlerCustom"/> 


<beans:bean id="authenticationEntryPoint" 
     class="com.everbridge.platform.security.extension.AjaxAwareAuthenticationEntryPoint"> 
    <beans:constructor-arg value="/login"/> 
</beans:bean> 

<beans:bean id="filterSecurityInterceptor" 
    class="com.everbridge.platform.security.extension.FilterSecurityInterceptorCustom"> 
    <beans:property name="authenticationManager" ref="authenticationManagerCustom" /> 
    <beans:property name="accessDecisionManager" ref="accessDecisionManagerCustom" /> 
    <beans:property name="securityMetadataSource" ref="securityMetadataSourceCustom" /> 
</beans:bean> 

<beans:bean id="afterLoginInterceptor" 
    class="com.everbridge.platform.portal.filter.AfterLoginInterceptor"> 
    <beans:property name="accountService" ref="accountService" /> 
    <beans:property name="roleService" ref="roleService" /> 
    <beans:property name="userService" ref="userService" /> 
</beans:bean> 

<beans:bean id="accessDecisionManagerCustom" class="com.everbridge.platform.security.extension.AccessDecisionManagerCustom"/> 

<beans:bean id="securityMetadataSourceCustom" class="com.everbridge.platform.security.extension.InvocationSecurityMetadataSourceServiceCustom" init-method="loadResources"> 
    <beans:property name="operationService" ref="operationService"/> 
    <beans:property name="permissionService" ref="permissionService"/> 
    <beans:property name="resourceService" ref="resourceService"/> 
    <beans:property name="roleService" ref="roleService"/> 
    <beans:property name="featureService" ref="featureService"/> 
</beans:bean> 

<beans:bean id="accessDeniedHandlerCustom" class="com.everbridge.platform.security.extension.AccessDeniedHandlerCustom"> 
    <beans:property name="errorPage" value="/error401" /> 
</beans:bean> 

<authentication-manager alias="authenticationManagerCustom"/> 

Answer 1

토니, 먼저, 사용자가 인증 될 페이지를 정의해야합니다.

<security:form-login login-page="/login" always-use-default-target="true" login-processing-url="/check" default-target-url="/dashboard" authentication-failure-url="/login.jsp?login_error=1" /> 

:

는 인증에 로직을 정의하십시오