Spring重定向Url:SavedRequest在会话过期时为空
我正在访问登录控制器中的SavedRequest,以在登录表单中设置重定向url。会话过期(或服务器启动后首次登录)时,savedRequest为空 如果我在新浏览器会话中访问url,则保存的请求可用 我是否可以通过登录控制器一致地访问重定向url 注意。我正在使用spring 3.2.3..从我可以看出,savedRequest不再可以从会话访问 login.jspSpring重定向Url:SavedRequest在会话过期时为空,spring,spring-mvc,spring-security,Spring,Spring Mvc,Spring Security,我正在访问登录控制器中的SavedRequest,以在登录表单中设置重定向url。会话过期(或服务器启动后首次登录)时,savedRequest为空 如果我在新浏览器会话中访问url,则保存的请求可用 我是否可以通过登录控制器一致地访问重定向url 注意。我正在使用spring 3.2.3..从我可以看出,savedRequest不再可以从会话访问 login.jsp <form action="${actionUrl}" method='POST' autocomplete='off
<form action="${actionUrl}" method='POST' autocomplete='off'>
<span class="box-label">Username:</span>
<input type="text" name="j_username" data-dojo-type="dijit/form/TextBox" data-dojo-props="style:{width:'150px'}">
<span class="box-label">Password:</span>
<input type="password" name="j_password" data-dojo-type="dijit/form/TextBox" data-dojo-props="style:{width:'150px'}">
<input type="submit" data-dojo-type="dijit/form/Button" data-dojo-props="label:'Login'"/>
<input type="hidden" name="redirect" value="${redirect}">
</form>
安全配置:
@Controller
public class LoginController {
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(final HttpSession session, final Model model, final HttpServletRequest request,
final HttpServletResponse response) {
addRedirectUrlToModel(model, request, response);
return "login";
}
private void addRedirectUrlToModel(final Model model, final HttpServletRequest request, final HttpServletResponse response) {
SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
if (savedRequest != null) {
model.addAttribute("redirect", savedRequest.getRedirectUrl());
} else {
System.out.println("saved request is null");
}
}
<sec:http auto-config="true" use-expressions="true">
<sec:form-login login-page="/login"
authentication-success-handler-ref="authSuccHandler"
authentication-failure-handler-ref="authFailHandler" />
<sec:logout delete-cookies="JSESSIONID" invalidate-session="true" />
<sec:access-denied-handler error-page="/error/not-authorised"/>
<sec:session-management session-fixation-protection="none"
invalid-session-url="/login/sessionExpired"
session-authentication-error-url="/login/alreadyLoggedIn"
>
<sec:concurrency-control max-sessions="1"
expired-url="/login/sessionExpiredDuplicateLogin"
error-if-maximum-exceeded="false"/>
</sec:session-management>
当您尝试获取过期会话的
savedrequest
时,它将为空。您可以通过创建一个新的DefaultSavedRequest
来解决这个问题。创建DefaultSavedRequest
后,您可以将设置到HttpServletRequest.getSession()
中,并在会话期间以不同的请求移动它
private void addRedirectUrlToModel(final Model model, final HttpServletRequest request, final HttpServletResponse response) {
SavedRequest savedRequest = new DefaultSavedRequest(request, new PortResolverImpl());
request.getSession().setAttribute("SPRING_SECURITY_SAVED_REQUEST", savedRequest);
if (savedRequest != null) {
model.addAttribute("redirect", savedRequest.getRedirectUrl());
} else {
System.out.println("saved request is null");
}
}
请求存储在会话中,因此在超时后,会话确实会停止,因此存储的请求也会消失。当会话在会话mngmt(由于登录到另一个浏览器/计算机)结束时,也会发生这种情况。是的,所有触发会话破坏的因素都会导致这种行为。没有会话,没有保存的请求。是否有其他方法获取重定向url?e、 g.如果我尝试访问并被重定向到。。我想在我的LoginControllers中访问它,并以隐藏参数的形式存储它(可能是加密的)。如果您存储它/依赖于会话,并且没有会话,它将失败。