当前位置:theitroad>java 登录后重定向(GAE 上的 Spring 安全性)

java 登录后重定向(GAE 上的 Spring 安全性)

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/5157902/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-10-30 09:44:53  来源:igfitidea点击:

Redirect after login (Spring security on GAE)

javaspring-security

提问by AnAmuser

I am having some troubles making my login redirect to the same place always. I have done something like this

我在使我的登录总是重定向到同一个地方时遇到了一些麻烦。我做过这样的事情

<http auto-config="true" use-expressions="true" entry-point-ref="gaeEntryPoint" >
    <intercept-url pattern="/_ah/login" access="permitAll"/>
    <intercept-url pattern="/**" access="isAuthenticated()"/>
    <custom-filter position="PRE_AUTH_FILTER" ref="gaeFilter"/>
    <form-login authentication-success-handler-ref="authSuccessHandler"/>
</http>

<beans:bean id="authSuccessHandler"
            class="dk.lindhardt.arbejdsfordeling.server.security.AuthenticationSuccessHandlerImpl"/>

And 

public class AuthenticationSuccessHandlerImpl implements AuthenticationSuccessHandler {

   public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) 
   throws IOException, ServletException {
       if (authentication != null && authentication.isAuthenticated()) {
           response.sendRedirect(OrganizationListServlet.URL);
       }
   }

 }

It never gets into this method above. How do I make it do that?

它永远不会进入上面的这种方法。我如何让它做到这一点?

Edit: I was following this guide http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/

编辑:我正在关注本指南http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/

回答by Scott

You shouldn't need to have that servlet there that then does the redirect. You can have the redirect in the config itself.

您不需要在那里使用那个 servlet 来执行重定向。您可以在配置本身中进行重定向。

<http auto-config="true">   
    <intercept-url pattern="/app/login" filters="none" />
    <form-login 
        login-page="/app/login" 
        login-processing-url="/app/dologin" 
        authentication-failure-url="/app/login?login_error=1" 
        default-target-url="/app/home"/>
</http>

回答by Ritesh

I think we can extend SimpleUrlAuthenticationSuccessHandlerand call super.onAuthenticationSuccess()method to use DefaultRedirectStrategy. The modified code will be:

我认为我们可以扩展SimpleUrlAuthenticationSuccessHandler和调用 super.onAuthenticationSuccess()方法来使用DefaultRedirectStrategy. 修改后的代码将是:

public class AuthenticationSuccessHandlerImpl extends SimpleUrlAuthenticationSuccessHandler {
       @Override
   public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) 
   throws IOException, ServletException {
       if (authentication != null) {
       setDefaultTargetUrl(OrganizationListServlet.URL);
              super.onAuthenticationSuccess(request, response, authentication);
       }

   }

 }

回答by digitaljoel

You could do it without the Handler by adding the "always-use-default-target" to your form-login settings

您可以通过将“always-use-default-target”添加到您的表单登录设置来在没有处理程序的情况下完成

<form-login default-target-url='/your/target/url.htm' always-use-default-target='true' />

See http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-form-and-basicunder "Setting a Default Post-Login Destination"

请参阅“设置默认登录后目的地”下的http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-form-and-basic

回答by AnAmuser

It is not pretty but I solved it by positioning a custom filter at position LAST.

它并不漂亮,但我通过在 LAST 位置定位自定义过滤器解决了它。 

public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws
            IOException, ServletException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

       if (authentication != null && authentication.isAuthenticated()) {
            User user = (User) authentication.getPrincipal();
            if (user.isLoggingIn()) {
                if (authentication.getAuthorities().contains(AppRole.ROLE_NEW_USER)) {
                    ((HttpServletResponse) response).sendRedirect(RegistrationServlet.URL);
                } else {
                    ((HttpServletResponse) response).sendRedirect("/" + OrganizationListServlet.URL);
                }
                user.setLoggingIn(false);
            } else if (user.isLoggingOut()) {
                ((HttpServletRequest) request).getSession().invalidate();
            }
        }
        filterChain.doFilter(request, response);
}

I think the problem is that the gaeFilter bypasses the normal login procedure and therefore I can't use the authentication-success-handler.

我认为问题在于 gaeFilter 绕过了正常的登录过程,因此我无法使用身份验证成功处理程序。

相关推荐

java JPA 并发事务

java JPA 并发事务

java 如何防止Servlets的结果被缓存?

java 如何防止Servlets的结果被缓存?

Java:光标当前位置的列号和行号

Java:光标当前位置的列号和行号

如何从 Pom.xml 中的 WSDL 生成 Java 源代码?

如何从 Pom.xml 中的 WSDL 生成 Java 源代码?

相关推荐
最近更新
标签