我第一次使用 Java 和 Spring MVC 实现 Web 应用程序。我还为其实现了登录功能。但是,我遇到了一个问题。
问题:成功登录后,我的页面会重定向到目标页面,但如果我在浏览器中输入登录页面,那么尽管 session 处于 Activity 状态,它会再次显示登录页面。
理想情况下,它应该转到默认目标页面。下面是我的 XML 设置文件。感谢您提前提供的任何帮助。
XML 配置:
<http pattern="/resources/**" security="none" />
<http pattern="/admin/login" security="none" />
<http pattern="/admin/login/failed" security="none" />
<http pattern="/admin/login/invalidsession" security="none" />
<http auto-config="true" use-expressions="false">
<intercept-url pattern="/admin/**" access="ROLE_USER" />
<form-login login-page="/admin/login" default-target-url="/admin/student" authentication-failure-url="/admin/login/failed" />
<logout logout-success-url="/admin/login" delete-cookies="JSESSIONID" />
<session-management session-fixation-protection="newSession" invalid-session-url="/admin/login/invalidsession">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="roul" password="roul" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
答案:
在得到 jgr 和 Paul 的建议后,我终于完成了。在这里,我必须修改我的 XML 配置,因为我已将登录页面设置为“无”安全性。因此,在使用以下代码获取该页面的身份验证类型时:
身份验证auth = SecurityContextHolder.getContext().getAuthentication();
然后我就变得空了。因此,为了避免这种情况,我必须更改 XML 设置,如下所示。
更新的 XML 配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<security:global-method-security secured-annotations="enabled" />
<security:http auto-config="true">
<!-- Restrict URLs based on role -->
<security:intercept-url pattern="/admin/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/admin/login/failed" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/admin/login/invalidsession" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/admin/**" access="ROLE_USER" />
<!-- Override default login and logout pages -->
<security:form-login login-page="/admin/login"
default-target-url="/admin/student"
authentication-failure-url="/admin/login/failed" />
<security:logout logout-success-url="/admin/login" delete-cookies="JSESSIONID" />
<security:session-management session-fixation-protection="newSession" invalid-session-url="/admin/login/invalidsession">
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</security:session-management>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="roul" password="roul" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
注意:我引用了以下 URL:http://www.springbyexample.org/examples/simple-spring-security-webapp-spring-config.html
最佳答案
只需将一些代码添加到您的“/admin/login” Controller ,您可以在其中检查用户是否登录。
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!(auth instanceof AnonymousAuthenticationToken))
{
return "redirect:/admin/student";
}
关于java - 使用 Spring MVC 成功登录后仍然可以返回登录页面,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29121842/