Spring security 重定向到无状态会话的原始URL
我正在尝试创建无状态安全性,其中JWT令牌存储在Cookie中而不是会话中 问题在于,如果没有会话,Spring security 重定向到无状态会话的原始URL,spring-security,Spring Security,我正在尝试创建无状态安全性,其中JWT令牌存储在Cookie中而不是会话中 问题在于,如果没有会话,SavedRequestAwareAuthenticationSuccessHandler就不知道原始请求(在身份验证页面弹出之前)。所以在第行savedRequest为null 这看起来很奇怪,我想我做错了什么。如何允许页面重定向到登录无状态会话后请求的原始URL 我禁用会话 @Override protected void configure(HttpSecurity http
SavedRequestAwareAuthenticationSuccessHandler
就不知道原始请求(在身份验证页面弹出之前)。所以在第行savedRequest为null
这看起来很奇怪,我想我做错了什么。如何允许页面重定向到登录无状态会话后请求的原始URL
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
....formLogin().loginPage("/login").permitAll().successHandler(authenticationSuccessHandler)
}
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>1.5.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
</dependency>
</dependencies>
org.springframework.boot
spring启动依赖项
1.5.2.1发布
聚甲醛
进口
org.springframework.boot
弹簧启动安全
org.springframework.boot
SpringBootStarterWeb
org.springframework.boot
弹簧起动试验
测试
org.springframework.security
弹簧安全性试验
测试
org.springframework.security.oauth
spring-security-oauth2
在配置中,添加:
.requestCache().requestCache(new CookieRequestCache())
完整示例:
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().csrfTokenRepository(new CookieCsrfTokenRepository())
.and()
.authorizeRequests()
.antMatchers("/about").permitAll()
.antMatchers("/accounts").hasRole("ADMINISTRATOR")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.requestCache().requestCache(new CookieRequestCache())
.and()
.logout()
.permitAll()
.and()
.sessionManagement()
.maximumSessions(1)
.sessionRegistry(sessionRegistry())
.and()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.securityContext()
.securityContextRepository(securityContextRepository);
嗨,你找到解决办法了吗?同样的问题:/
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().csrfTokenRepository(new CookieCsrfTokenRepository())
.and()
.authorizeRequests()
.antMatchers("/about").permitAll()
.antMatchers("/accounts").hasRole("ADMINISTRATOR")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.requestCache().requestCache(new CookieRequestCache())
.and()
.logout()
.permitAll()
.and()
.sessionManagement()
.maximumSessions(1)
.sessionRegistry(sessionRegistry())
.and()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.securityContext()
.securityContextRepository(securityContextRepository);