Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java创建了一个SpringMVC应用程序,该应用程序在身份验证后将每个请求重定向回以前的URL

3 月,2 周 Questions & Answers

我制作了一个简单的经过身份验证的应用程序,它有一个缺陷,即每当有人试图访问像“https://www.example.com/orders.spr”这样的安全链接时,它会将用户重定向到登录页面进行身份验证,但在身份验证之后,用户将被重定向到主页。我如何才能使我的下一个应用程序如此健壮,以至于用户在身份验证后仍保持在同一url上?我需要知道的是,如何在spring security中捕获匿名用户,如何在身份验证后将用户重定向到同一页面,以及如何将会话超时增加到1小时,以便用户能够在时间限制内访问url。任何示例、教程或代码都是值得推荐的
提前谢谢


共 (4) 个答案

  1. # 1 楼答案

    Spring Security提供了一个组件,该组件直接负责决定身份验证成功后要做什么—AuthenticationSuccessHandler:

    也许下面的代码可以帮助您理解任务流程:

     public class MySimpleUrlAuthenticationSuccessHandler
  implements AuthenticationSuccessHandler {
  
    protected Log logger = LogFactory.getLog(this.getClass());
 
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
 
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, 
      HttpServletResponse response, Authentication authentication)
      throws IOException {
  
        handle(request, response, authentication);
        clearAuthenticationAttributes(request);
    }
 
    protected void handle(HttpServletRequest request, 
      HttpServletResponse response, Authentication authentication)
      throws IOException {
  
        String targetUrl = determineTargetUrl(authentication);
 
        if (response.isCommitted()) {
            logger.debug(
              "Response has already been committed. Unable to redirect to "
              + targetUrl);
            return;
        }
 
        redirectStrategy.sendRedirect(request, response, targetUrl);
    }
 
    protected String determineTargetUrl(Authentication authentication) {
        boolean isUser = false;
        boolean isAdmin = false;
        Collection<? extends GrantedAuthority> authorities
         = authentication.getAuthorities();
        for (GrantedAuthority grantedAuthority : authorities) {
            if (grantedAuthority.getAuthority().equals("ROLE_USER")) {
                isUser = true;
                break;
            } else if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {
                isAdmin = true;
                break;
            }
        }
 
        if (isUser) {
            return "/homepage.html";
        } else if (isAdmin) {
            return "/console.html";
        } else {
            throw new IllegalStateException();
        }
    }
 
    protected void clearAuthenticationAttributes(HttpServletRequest request) {
        HttpSession session = request.getSession(false);
        if (session == null) {
            return;
        }
        session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
    }
 
    public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
        this.redirectStrategy = redirectStrategy;
    }
    protected RedirectStrategy getRedirectStrategy() {
        return redirectStrategy;
    }
}

    登录后实现重定向逻辑的最常见方法是:

    • 使用HTTP引用器头

    • 在会话中保存原始请求

    • 将原始URL附加到重定向的登录URL

      thisthis文章中,您可以看到有关spring安全性的更多详细信息:

  2. # 2 楼答案

    您可以使用SavedRequestAwareAuthenticationSuccessHandler作为身份验证成功处理程序来执行此操作

    在api文档页面中,我们可以找到以下描述:

    An authentication success strategy which can make use of the DefaultSavedRequest which may have been stored in the session by the ExceptionTranslationFilter. When such a request is intercepted and requires authentication, the request data is stored to record the original destination before the authentication process commenced, and to allow the request to be reconstructed when a redirect to the same URL occurs. This class is responsible for performing the redirect to the original URL if appropriate.

    关键点是存储请求数据以在身份验证过程开始之前记录原始目的地,并允许在重定向到同一URL时重建请求

    我在我的项目中使用了这一成功,您可以尝试一下,要使用它,您需要将其扩展如下:

    public class CustomAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler{

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request,HttpServletResponse response, Authentication authentication)
                throws IOException, ServletException {
            //...other code

            super.onAuthenticationSuccess(request, response, authentication);

        }

}
  3. # 3 楼答案

    您可能有某种过滤器来检查用户是否经过身份验证并重定向到登录页面。在该筛选器中获取请求URL,并将其作为参数添加到登录页面。登录成功后,检查该参数,如果该参数存在,则重定向到该参数。否则重定向到主页。瞧

  4. # 4 楼答案

    您可以使用cookies来实现此目的。所以基本上,从认证失败的页面,您可以将它们保存在cookie中,在认证之后,您可以重定向到之前的url

    除此之外,你也可以在这里

    http://www.baeldung.com/spring_redirect_after_login