我正在尝试使用 Spring-Security 登录。身份验证后,当我尝试重定向到用户仪表板页面时,它会返回到登录页面。我认为我们的安全上下文尚未创建或存在其他问题。以下是我的代码:
我的安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/user/**").hasRole("USER")
.antMatchers("/admin/**").hasAnyRole(new String[]{"ADMIN", "SUB_ADMIN"})
.antMatchers(new String[]{"/*", "/public"}).permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/check-url-pattern")
.loginProcessingUrl("/authenticate")
.usernameParameter("username")
.passwordParameter("password")
.successHandler(loginSuccessHandler)
.failureHandler(loginFailureHandler)
.permitAll()
.and()
.logout()
.logoutUrl("/invalidate")
.logoutSuccessHandler(logoutSuccesshandler)
.invalidateHttpSession(true)
.and()
.headers().addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN));
我的手动验证码:
@RequestMapping(value = "sign-in", method = RequestMethod.POST)
public String signIn(HttpServletRequest request) {
logger.info(" signIn ");
PasswordEncoder encoder=new BCryptPasswordEncoder();
User userExisting1 = (User)userService.findUserByUserName(request.getParameter("emaillogin").trim());
boolean matchPass = encoder.matches(request.getParameter("secretlogin").trim(), userExisting1.getSecret());
if(userExisting1.getRole().equalsIgnoreCase("ROLE_USER") && userExisting1.getStatus().equalsIgnoreCase("active") && matchPass){
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userExisting1.getUserName(),userExisting1.getSecret());
authentication.setDetails(userExisting1);
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(authentication);
HttpSession session = request.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
return "redirect:/user/dashboard";
}
我的检查网址模式
@RequestMapping(value="/check-url-pattern", method=RequestMethod.GET)
public String checkUrlPattern(HttpServletRequest request,HttpServletResponse response, RedirectAttributes attributes) {
logger.info("in checkUrlPattern Controller");
SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
if(savedRequest == null && getExistHttpSession() == null){
return "redirect:/user-login";
}else{
String servletpath=savedRequest.getRedirectUrl();
Pattern pattern = Pattern.compile("/admin");
Matcher matcher = pattern.matcher(servletpath);
Pattern pattern1 = Pattern.compile("/user");
Matcher matcher1 = pattern1.matcher(servletpath);
if (matcher.matches() && request.getSession(false) == null) {
return "redirect:/admin-login-fin";
}else if(matcher.matches() && request.getSession(false) != null){
return "redirect:/admin/dashboard";
}else if(matcher1.matches() && request.getSession(false) == null){
return "redirect:/user-login";
}else if(matcher1.matches() && request.getSession(false) != null){
return "redirect:/user/dashboard";
}else{
return "redirect:/";
}
}
当我提交登录表单时,我的 sign-in
Controller 将被调用并执行我的登录代码。之后,当我尝试重定向到 /user/dashboard
url 时,Spring-Security 会将我重定向回 /check-url-pattern
。还可以使用 Spring-Security 自定义表单提交来处理登录。但将来我希望通过 Ajax 请求来实现这一点。
最佳答案
您在安全配置的 .formLogin() 中错过了 .default-target-url="/user/dashboard"
。
关于java - 使用 Spring-Security 登录并重定向到所需 URL 时出现问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29210374/