授权后返回上一页,Spring Security AuthenticationSuccessHundler
Posted
技术标签:
【中文标题】授权后返回上一页,Spring Security AuthenticationSuccessHundler【英文标题】:Return to the previous page after authorization, Spring Security AuthenticationSuccessHundler 【发布时间】:2016-02-20 16:57:00 【问题描述】:我有一个登录页面 (/page/login) 和每个页面中的下拉登录表单。我希望用户被重定向到他登录的页面(通过下拉登录表单),或者如果是来自登录页面的主页。
我尝试使用 AuthenticationSuccessHandler 但它似乎不起作用,每次它只是将用户重定向到主页。什么是正确的解决方法?
@Component
public class MySimpleUrlAuthenticationSuccessHendler implements AuthenticationSuccessHandler
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Authentication authentication) throws IOException
if(httpServletRequest.getContextPath().equals("/login"))
sendRedirect(httpServletRequest, httpServletResponse, "/user/profile");
else
sendRedirect(httpServletRequest, httpServletResponse,httpServletRequest.getContextPath());
private void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException
if(!response.isCommitted())
new DefaultRedirectStrategy().sendRedirect(request,response,url);
Spring 安全配置
package com.example.configuration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@Configuration
public class DemoSpringSecurityConfig extends WebSecurityConfigurerAdapter
@Autowired
AuthenticationSuccessHandler authenticationSuccessHandler;
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception
http.authorizeRequests()
.regexMatchers(HttpMethod.GET, "rating/place/[0-9]0,", "/place/[0-9]0,/liked/", "/rating/place/[0-9]0,")
.hasRole("USER")
.antMatchers(HttpMethod.GET, "/user/orders",
"/user/places")
.hasRole("USER")
.regexMatchers(HttpMethod.POST, "/menu/[0-9]0,/comment",
"/place/[0-9]0,/menu/[0-9]0,")
.hasRole("USER")
.regexMatchers(HttpMethod.POST, "/place/menu/[0-9]0,")
.hasRole("OWNER")
.antMatchers(HttpMethod.GET, "/newplace")
.authenticated()
.antMatchers(HttpMethod.POST, "/newplace")
.authenticated()
.antMatchers(HttpMethod.POST, "/registration")
.permitAll()
.antMatchers(HttpMethod.GET, "/resend", "/page/login", "/registration", "/place/")
.permitAll();
http
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/");
http
.rememberMe()
.key("rememberme");
http
.formLogin()
.loginPage("/page/login")
.failureUrl("/page/login")
.loginProcessingUrl("/login")
.usernameParameter("j_username")
.passwordParameter("j_password")
.successHandler(authenticationSuccessHandler);
http.
userDetailsService(userDetailsService);
http.
csrf().disable();
【问题讨论】:
【参考方案1】:您的AuthenticationSuccessHandler 中需要类似this 的内容。
【讨论】:
【参考方案2】:我的项目中也有类似的要求,我使用以下步骤解决了这个问题:-
提交下拉列表中的登录表单时,我还将当前 url (window.location.href) 作为隐藏请求参数发送。
在 UserNamePasswordFilter 内部,我从请求中获取此参数并将其存储在会话中(假设变量名为 redirectPrevUrl)。
现在,在身份验证成功处理程序中,如果存在此变量(即 redirectPrevUrl!=null),我将重定向到此 url 而不是默认主页。
这对我有用,我希望它也对你有用,
【讨论】:
以上是关于授权后返回上一页,Spring Security AuthenticationSuccessHundler的主要内容,如果未能解决你的问题,请参考以下文章
Spring实战----Security4.1.3实现根据请求跳转不同登录页以及登录后根据权限跳转到不同页配置