Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

使用AngularJS和Spring的java错误路由

1 年,3 月 Questions & Answers

我有一个带有AngularJS 1.3前端和SpringAPI-REST的应用程序

对于登录,我正在使用会话(无jwt),我遇到以下问题:

  1. 我登录到应用程序
  2. 在应用程序中导航
  3. 会话丢失时,对后端的第一个请求会将我发送到登录页面
  4. 我再次登录到应用程序,但它将我重定向到最后一个请求(将我踢出应用程序的请求),有时是一个API调用,另一些是对资源的请求(例如JavaScript)

我不确定如何避免这种行为,这是我的Spring安全文件:

<sec:http use-expressions="true" auto-config="false">
    <sec:custom-filter ref="captchaFilter" before="FORM_LOGIN_FILTER" />

    <sec:custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />

    <sec:session-management session-fixation-protection="newSession"></sec:session-management>

    <sec:intercept-url pattern="/j_spring_security_switch_user" access="isAuthenticated()"/>
    <sec:intercept-url pattern="*/app/**" access="isAuthenticated()" />
    <sec:intercept-url pattern="/" access="permitAll" />

    <sec:intercept-url pattern="/login" access="permitAll" />
    <sec:intercept-url pattern="/accessDenied" access="permitAll" />
    <sec:intercept-url pattern="/loginFailed" access="permitAll" />
    <sec:intercept-url pattern="/css/**" access="permitAll" />
    <sec:intercept-url pattern="/img/**" access="permitAll" />
    <sec:intercept-url pattern="/public*" access="permitAll" />
    <sec:intercept-url pattern="/libs/**" access="permitAll" />
    <sec:intercept-url pattern="/fonts/**" access="permitAll" />

    <sec:intercept-url pattern="/*" access="permitAll" />
    <sec:intercept-url pattern="/**" access="isAuthenticated()" />

    <sec:form-login login-page="/login"
        authentication-failure-url="/accessDenied"
        authentication-success-handler-ref="authSuccessHandler"
        authentication-failure-handler-ref="authFailureHandler"
        login-processing-url="/login" />
    <sec:access-denied-handler error-page="/accessDenied" />
    <sec:logout />
</sec:http>

<!-- Authentication providers -->

<bean id="passwordEncoder"
    class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
    <constructor-arg value="512" />
</bean>

<bean id="authSuccessHandler"
    class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
</bean>

<bean id="authFailureHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
    p:defaultFailureUrl="/loginFailed" />

<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider ref="jaasAuthProvider" />
</sec:authentication-manager>

</beans>

共 (1) 个答案

  1. # 1 楼答案

    Spring Security Reference

    Setting a Default Post-Login Destination

    If a form login isn’t prompted by an attempt to access a protected resource, the default-target-url option comes into play. This is the URL the user will be taken to after successfully logging in, and defaults to "/". You can also configure things so that the user always ends up at this page (regardless of whether the login was "on-demand" or they explicitly chose to log in) by setting the always-use-default-target attribute to "true". This is useful if your application always requires that the user starts at a "home" page, for example:

    <http pattern="/login.htm*" security="none"/>
<http use-expressions="false">
    <intercept-url pattern='/**' access='ROLE_USER' />
    <form-login login-page='/login.htm' default-target-url='/home.htm' always-use-default-target='true' />
</http>