java 重写 spring-security 重定向 URL
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1762453/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Rewrite spring-security redirect URLs
提问by ptomli
I'm trying to get Tuckey UrlRewriteFilter to tidy up URLs for my webapp. One problem I've got is that when spring-security notices that an anonymous user is trying to access a protected resource it redirects to a URL which includes the servlet path.
我正在尝试让 Tuckey UrlRewriteFilter 整理我的 web 应用程序的 URL。我遇到的一个问题是,当 spring-security 注意到匿名用户正在尝试访问受保护的资源时,它会重定向到包含 servlet 路径的 URL。
What I'd like is, by example:
我想要的是,例如:
> GET http://localhost:8080/my-context/protected-resource
< Location: http://localhost:8080/my-context/login
What I currently get is:
我目前得到的是:
> GET http://localhost:8080/my-context/protected-resource
< Location: http://localhost:8080/my-context/-/login
Relevant documents I've found so far:
到目前为止我找到的相关文件:
DefaultRedirectStrategy, which does the actual redirect in question: http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/DefaultRedirectStrategy.html. It has a contextRelative property which is tempting but I don't think is going to cut it, if I can even find a way of configuring it.
DefaultRedirectStrategy,它进行实际的重定向:http: //static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/DefaultRedirectStrategy.html。它有一个很诱人的 contextRelative 属性,但如果我能找到配置它的方法,我认为不会削减它。
A blog post that helped get me this far: http://nonrepeatable.blogspot.com/2009/11/using-spring-security-with-tuckey.html
一篇帮助我走到这一步的博客文章:http: //nonrepeatable.blogspot.com/2009/11/using-spring-security-with-tuckey.html
What I'd like to know is:
我想知道的是:
- Can/should I convince Tuckey to rewrite the Location header. <outbound-rule> doesn't seem to help any here.
- Can/should I somehow tweak the SS config to emit the rewritten URL. I don't think this is quite as tidy, as it'd break if rewrite was disabled.
- 我可以/应该说服 Tuckey 重写 Location 标头。<outbound-rule> 在这里似乎没有帮助。
- 我可以/应该以某种方式调整 SS 配置以发出重写的 URL。我不认为这很整洁,因为如果禁用重写它会中断。
web.xmllooks like
web.xml好像
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
<init-param>
<param-name>LogLevel</param-name>
<param-value>log4j</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>my-servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>psms</servlet-name>
<url-pattern>/-/*</url-pattern>
</servlet-mapping>
urlrewrite.xmllooks like:
urlrewrite.xml好像:
<urlrewrite>
<rule>
<from>^/(.*)$</from>
<to>/-/</to>
</rule>
</urlrewrite>
applicationContent-security.xmllooks like:
applicationContent-security.xml好像:
<http auto-config="true">
<!-- allow GET requests to /login without authentication -->
<intercept-url pattern="/-/login" method="GET" filters="none"/>
<intercept-url pattern="/-/admin/**" access="ROLE_ADMIN"/>
<intercept-url pattern="/-/**" access="ROLE_USER"/>
<form-login login-page="/-/login"
login-processing-url="/-/login.do"
authentication-failure-url="/-/login?login_error"
default-target-url="/-/index"
always-use-default-target="true"/>
<logout logout-url="/-/logout"
logout-success-url="/-/login"/>
<access-denied-handler error-page="/-/access-denied"/>
</http>
回答by Pat Niemeyer
I looked into this issue for our project last year and at that time the problem was that Tucky wasn't cooperating with response.encodeRedirectUrl() to rewrite redirect URLs. I contacted them but I haven't followed up on this.
去年我为我们的项目研究了这个问题,当时的问题是塔基没有与 response.encodeRedirectUrl() 合作来重写重定向 URL。我联系了他们,但我没有跟进。
My solution was to allow the messy URL to go back to the client but then clean it up with a Tucky redirect rule (a second redirect).
我的解决方案是允许凌乱的 URL 返回到客户端,然后使用 Tuky 重定向规则(第二次重定向)清理它。
So add another rule that matches your ugly URL from the security redirect and issue your own redirect to the clean URL:
因此,添加另一个与安全重定向中的丑陋 URL 匹配的规则,并将您自己的重定向发送到干净的 URL:
<rule>
<from>^/whatever/ugly.*$</from>
<to type="redirect">/login</to>
</rule>
Yes, it involves two redirects, but the client will never see it... which is probably the point.
是的,它涉及两个重定向,但客户端永远不会看到它......这可能是重点。
回答by Serxipc
Spring security is doing the redirect with an absolute URL like http://example.org/-/login
Spring Security 正在使用绝对 URL 进行重定向,例如 http://example.org/-/login
Try to use an outbound-rule without the ^ start of stringmarker to match the absolute url generated by spring.
尝试使用没有^ start of string标记的出站规则来匹配 spring 生成的绝对 url。
<outbound-rule>
<from>/-/login(.*)$</from>
<to>/login</to>
</outbound-rule>
回答by Bas
I ran into the same problem, but it seems fixed in version 3.2.0 of Tuckey. i.e. the response.encodeRedirectUrl() is now wrapped by Tuckeys UrlRewriteWrappedResponse where the outbound rule execution takes place.
我遇到了同样的问题,但它似乎在 Tuckey 的 3.2.0 版中修复了。即 response.encodeRedirectUrl() 现在被 Tuckeys UrlRewriteWrappedResponse 包裹,在那里执行出站规则。
回答by rodrigoap
I'v never used Tuckey, but after a quick look at the documentation I would try adding one rule for the login case:
我从未使用过 Tuckey,但在快速浏览文档后,我会尝试为登录案例添加一条规则:
<urlrewrite>
<rule>
<from>^/my-context/login$</from>
<to>/my-context/login</to>
</rule>
<rule>
<from>^/(.*)$</from>
<to>/-/</to>
</rule>
</urlrewrite>
EDIT
Ok, and something like this:
编辑
好的,像这样:
<urlrewrite>
<rule>
<from>^/-/login$</from>
<to>/login</to>
</rule>
<rule>
<from>^/(.*)$</from>
<to>/-/</to>
</rule>
</urlrewrite>
