我正在使用 Spring 和 Ldap 进行用户身份验证,现在我想在用户已经登录时将用户重定向到主页,我尝试了一些通过谷歌阅读的解决方案,但没有成功。这是我的配置代码...
Spring-Security.xml
<security:http auto-config="true" use-expressions="true"
access-denied-page="/denied" access-decision-manager-ref="accessDecisionManager"
disable-url-rewriting="true">
<security:remember-me key="_spring_security_remember_me"
token-validity-seconds="864000" token-repository-ref="tokenRepository" />
<security:intercept-url pattern="/login/login"
access="permitAll" />
<security:intercept-url pattern="/resources/**"
access="permitAll" />
<security:intercept-url pattern="/member/*"
access="permitAll" />
<security:intercept-url pattern="user/admin/admin"
access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/user/user"
access="hasRole('ROLE_USERS')" />
<security:form-login login-page="/login/login"
authentication-failure-url="/login/login?error=true"
default-target-url="/checking" />
<security:logout invalidate-session="true"
logout-success-url="/login/login" logout-url="/login/logout" />
<security:custom-filter ref="captchaCaptureFilter"
before="FORM_LOGIN_FILTER" />
<!-- <security:custom-filter ref="captchaVerifierFilter" after="FORM_LOGIN_FILTER"
/> -->
<!-- <security:session-management
invalid-session-url="/logout.html">
<security:concurrency-control
max-sessions="1" error-if-maximum-exceeded="true" />
</security:session-management>
<security:session-management
session-authentication-strategy-ref="sas" /> -->
</security:http>
我的登录 Controller
public class LoginController {
@Autowired
private User user;
@Autowired
SecurityContextAccessor securityContextAccessor;
@RequestMapping(value = "login/login", method = RequestMethod.GET)
public String getLogindata(
@RequestParam(value = "error", required = false) String error,
Model model) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
model.addAttribute("error", error);
if (securityContextAccessor.isCurrentAuthenticationAnonymous() && auth.getPrincipal() == null) {
return "login/login";
} else {
return "redirect:/member/user";
}
}
}
auth.getName() 总是给我匿名用户,即使我已经登录......
最佳答案
您应该将目标重定向写入主页, 成功登录到 spring-security.xml 中的 default-target-url 后,而不是 default-target-url="/checking"。
我不确定您想在/login/login Controller 中实现什么目标? 如果你只想重定向用户,成功登录到/member/user 后,你应该写:
<security:form-login login-page="/login"
always-use-default-target='true'
default-target-url="/member/user"
authentication-failure-url="/login/login?error=true"
/>
登录 Controller 应该如下所示:
@RequestMapping(value="/login", method = RequestMethod.GET)
public String login(ModelMap model) {
return "login";
}
如果您的身份验证提供程序正常且正确,Spring security 会在成功登录后自动将您重定向到/member/user。
关于java - 如何使用 Spring 和 Ldap 将登录用户重定向到主页,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/14487271/