Spring security 如何扩展LoginRuThenticationEntryPoint或如何实现AuthenticationEntryPoint
我正在尝试这样做:,即:让spring告诉登录页面我来自哪里。我有一些SSO集成。。因此,我会将url发送给他们,或者他们会为我附加referer,这样我就知道用户应该登录并发送到Spring security 如何扩展LoginRuThenticationEntryPoint或如何实现AuthenticationEntryPoint,spring-security,Spring Security,我正在尝试这样做:,即:让spring告诉登录页面我来自哪里。我有一些SSO集成。。因此,我会将url发送给他们,或者他们会为我附加referer,这样我就知道用户应该登录并发送到/some/url。那都是花花公子。我遇到的问题是扩展loginuraluthenticationentrypoint(除非您能告诉我一个实施AuthenticationEntryPoint的好理由)。我只需要修改登录页面的请求,如下所示: RedirectStrategy redirectStrategy = new
/some/urlloginuraluthenticationentrypointAuthenticationEntryPointRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
// only append returnto to '/login' urls
if(request.getServletPath() == "/login") {
// indicates we want to return to this page after login
redirectStrategy.sendRedirect(request, response, "/login?returnto=" + request.getServletPath());
}
因为这会让我们陷入重定向循环。不管它看起来如何。我很困惑。在我的
LoginUrlAuthenticationEntryPointstartLoginUrlAuthenticationEntryPoint@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException) throws IOException, ServletException {
RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
redirectStrategy.sendRedirect(request, response, "/login?returnto=" + request.getServletPath());
}
这很有用:Josh的代码正是我在JavaScript中捕获AJAX身份验证错误所需要的,同时仍然保留了所有其他请求的默认登录重定向逻辑。因为我所有的AJAX请求都以“/rest”开头,所以我能够在此基础上进行过滤
if(request.getRequestURI().contains("/rest/"))
response.sendError(403);
else
new DefaultRedirectStrategy().sendRedirect(request, response, "/login");
if(request.getRequestURI().contains("/rest/"))
response.sendError(403);
else
new DefaultRedirectStrategy().sendRedirect(request, response, "/login");