Java 成功身份验证后,Spring 安全性未达到默认目标 url
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9672850/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring security not hitting default-target-url after successful authtication
提问by Ashish
I have implemented spring-security in my application, my spring-security.xml has following form-login tag.
我已经在我的应用程序中实现了 spring-security,我的 spring-security.xml 有以下表单登录标签。
<form-login login-page="/login.htm" default-target-url="/dashboard.htm"
authentication-failure-url="/login.htm?error=true"
authentication-success-handler-ref="authenticationSuccessHandler" />
I want to login from /login.htm and after successful authetication I want user to hit dashboard.htm. Everythig is working fine except for the fact that after successfull authetication it doesn't hit /dashboard.htm but hits the context..but if I manually type dashboard.htm in url then everything works fine...Yes..I have the implementation of authticationSuccessHandler.
我想从 /login.htm 登录,成功认证后我希望用户点击dashboard.htm。Everythig 工作正常,除了在成功认证后它没有点击 /dashboard.htm 而是点击上下文......但是如果我在 url 中手动输入dashboard.htm 那么一切正常...... authticationSuccessHandler 的实现。
采纳答案by vliolios
Try removing the default-target-urlattribute and add the following:
尝试删除该default-target-url属性并添加以下内容:
<b:bean id="authenticationSuccessHandler" class="com.example.CustomSimpleURLAuthenticationSuccessHandler">
<b:property name="defaultTargetUrl" value="/dashboard.htm"/>
</b:bean>
回答by Mircea Stanciu
<beans:bean id="loginSuccessHandler" class="com.example.LoginSuccessHandler">
<beans:property name="defaultTargetUrl" value="/security/success"/>
<beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
</beans:bean>
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws ServletException, IOException {
request.getSession().setMaxInactiveInterval(60 * 60); //one hour
System.out.println("Session set up for 60min");
super.onAuthenticationSuccess(request, response, authentication);
}
}
回答by Wizard Mage
I use this suggestion from the question spring is not redirecting to default target url?. I tried this and it is working.
我使用问题spring is not redirecting to default target url? 中的这个建议?. 我试过这个,它正在工作。
<form-login login-page="/login.htm"
default-target-url="/dashboard.htm"
always-use-default-target="true"/>
回答by Jesús Alberto Herrera de León
As you can see in the image, there is some kind of bad design (IMO It always redirect to the default-target-url).
When you go to the login form from a forbidden resource, it will redirect you to that URL and not going thru the default-target-url
正如您在图像中看到的,有某种糟糕的设计(IMO 它总是重定向到default-target-url)。当您从禁用资源转到登录表单时,它会将您重定向到该 URL 而不会通过the default-target-url
