Java Spring总是在成功登录后重拨到默认的目标URL
SpringFramework安全性在成功登录后将我重定向到我定义的默认目标URL(场景1),但我用户将指定其他位置,结果表明需要登录SpringFramework也将重定向到默认位置,而不是用户指定的位置(场景2) 情景1:Java Spring总是在成功登录后重拨到默认的目标URL,java,spring,redirect,login,spring-security,Java,Spring,Redirect,Login,Spring Security,SpringFramework安全性在成功登录后将我重定向到我定义的默认目标URL(场景1),但我用户将指定其他位置,结果表明需要登录SpringFramework也将重定向到默认位置,而不是用户指定的位置(场景2) 情景1: 用户输入: 用户被重定向到登录页面 成功登录后,将重定向到默认位置: 情景2: 用户输入: 用户被重定向到登录页面 成功登录后,它被重定向到默认位置:(错误!) 我一直使用seDefaultTargetUrl=false。这还不够吗? 我使用自定义过滤器链而不是h
- 用户输入:
- 用户被重定向到登录页面
- 成功登录后,将重定向到默认位置:
- 用户输入:
- 用户被重定向到登录页面
- 成功登录后,它被重定向到默认位置:(错误!)
<bean id="httpSessionContextIntegrationFilterWithASCFalse" class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<!--property name="allowSessionCreation" value="false" TODO no property like this exist any more - probably not needed /-->
</bean>
<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter" />
<bean id="basicAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
<property name="realmName" value="Spring Security Application" />
</bean>
<bean id="basicAuthenticationFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
<property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint" />
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<bean id="accessDeniedHandlerImpl" class="org.springframework.security.web.access.AccessDeniedHandlerImpl" />
<bean id="basicExceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint" />
<property name="accessDeniedHandler" ref="accessDeniedHandlerImpl" />
</bean>
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg index="0" value="/" />
<constructor-arg index="1">
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</constructor-arg>
</bean>
<bean id="formLoginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<!--property name="defaultTargetUrl" value="/login!login.action" / to be investigated ! -->
<property name="authenticationFailureHandler" ref="customAuthenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="customAuthenticationSuccessHandler" />
</bean>
<bean id="customAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login.action?authenticationFailed=true" />
</bean>
<bean id="customAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/search.action" />
<property name="alwaysUseDefaultTargetUrl" value="false" />
</bean>
<bean id="formLoginEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login.action" />
</bean>
<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter" />
<bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="formLoginEntryPoint" />
<property name="accessDeniedHandler" ref="accessDeniedHandlerImpl" />
</bean>
<bean id="accessManager" class="org.springframework.security.access.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
<bean class="org.springframework.security.access.vote.RoleVoter" />
</list>
</property>
</bean>
<bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="accessManager" />
<property name="securityMetadataSource">
<security:filter-security-metadata-source>
<security:intercept-url pattern="/bsh*" access="ROLE_Bsh"/>
<security:intercept-url pattern="/admin/**" access="ROLE_Administrators"/>
<security:intercept-url pattern="/**" access="ROLE_Users,ROLE_Administrators"/>
</security:filter-security-metadata-source>
</property>
</bean>
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/c/**" filters="none" />
<security:filter-chain pattern="/i/**" filters="none" />
<security:filter-chain pattern="/j/**" filters="none" />
<security:filter-chain pattern="/accessdenied.jsp" filters="none" />
<security:filter-chain pattern="/login.action*" filters="none" />
<security:filter-chain pattern="/services/**"
filters="httpSessionContextIntegrationFilterWithASCFalse,logoutFilter,
basicAuthenticationFilter,basicExceptionTranslationFilter,
filterSecurityInterceptor" />
<security:filter-chain pattern="/**"
filters="httpSessionContextIntegrationFilter,logoutFilter,formLoginFilter,
securityContextHolderAwareRequestFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
</security:filter-chain-map>
</bean>
明白了!当身份验证成功时,我必须用SavedRequestStataWareAuthenticationSuccessHandler替换SimpleRulAuthenticationSuccessHandler,以解决不正确的URL:
- 查找用户“Mircea Stanciu”的响应
它说,您必须创建一个类来重写Spring安全性的LoginSuccessHandler类,并在您的应用程序Security.xml中为该类创建一个bean
- 在application-security.xml中,必须在内部的标记中放置以下内容: 身份验证成功处理程序ref=“loginsucesshandler”