Java 在 Spring Security 登录期间添加 cookie
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23118014/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Add a cookie during the Spring Security login
提问by rafaborrego
I have a web project with Spring Security and I have tried to save a cookie in the method that process the authentication success. However, when I look to the browser's cookies only appears the JSESSIONID one, and the same happens when I look to request.getCookies() at the servlet that Spring redirects to.
我有一个带有 Spring Security 的 web 项目,我试图在处理身份验证成功的方法中保存一个 cookie。但是,当我查看浏览器的 cookie 时只出现 JSESSIONID 一个,当我查看 Spring 重定向到的 servlet 上的 request.getCookies() 时也会发生同样的情况。
I have tried to save the cookie in one of the application's servlets and the cookie is saved correctly, so maybe Spring Security cleans the response. Do you have any idea?
我试图将 cookie 保存在应用程序的 servlet 之一中,并且 cookie 已正确保存,因此 Spring Security 可能会清除响应。你有什么主意吗?
One workaround would be to save it in Session, and then get it and save the cookie on the servlet to which the login redirects. Another one would be saving the cookie with javascript like this. But I don't like these solutions. Thanks in advance
一种解决方法是将其保存在 Session 中,然后获取它并将 cookie 保存在登录重定向到的 servlet 上。另外一个可以节约与像JavaScript的饼干此。但我不喜欢这些解决方案。提前致谢
Here is the relevant code:
这是相关的代码:
public class RoleBasedAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler implements
AuthenticationSuccessHandler {
...
// save a cookie with the selected language
Map<String, String[]> parameterMap = request.getParameterMap();
if (parameterMap.containsKey("language")) {
saveCookie("language", parameterMap.get("language")[0], response);
}
}
public static void saveCookie(String cookieName, String value, HttpServletResponse response) {
Cookie cookie = new Cookie(cookieName, value);
//maxAge is one month: 30*24*60*60
cookie.setMaxAge(2592000);
cookie.setDomain("projectName");
cookie.setPath("/");
response.addCookie(cookie);
}
}
<security:http auto-config="false" ...>
<security:form-login login-page="/login.do" authentication-success-handler-ref="redirectRoleStrategy" .../>
...
</security:http>
<bean id="redirectRoleStrategy" class="com.companyName.security.RoleBasedAuthenticationSuccessHandler">
<beans:property name="roleUrlMap">
<beans:map>
<beans:entry key="ROLE_ADMIN" value="/privat/application.do"/>
...
</beans:map>
</beans:property>
</bean>
采纳答案by Vladimír Sch?fer
Are you setting the cookie before or after calling super in the RoleBasedAuthenticationSuccessHandler?
您是在 RoleBasedAuthenticationSuccessHandler 中调用 super 之前还是之后设置 cookie?
super.onAuthenticationSuccess(request, response, authentication);
You must set the cookie beforeyour call to the super, as the logic in the superclass will send a redirect and therefore prevent you from updating content of the HttpServletResponse.
您必须在调用 super之前设置 cookie ,因为超类中的逻辑将发送重定向,因此会阻止您更新 HttpServletResponse 的内容。
回答by Angular University
Try to call some harcoded value outside the if clause, just to see if it works:
尝试在 if 子句之外调用一些硬编码的值,看看它是否有效:
saveCookie("language", "en", response);
Also as a test try to not set cookie domain and path initially:
同样作为测试,最初尝试不设置 cookie 域和路径:
Cookie cookie = new Cookie(cookieName, value);
//maxAge is one month: 30*24*60*60
cookie.setMaxAge(2592000);
//cookie.setDomain("projectName");
//cookie.setPath("/");
response.addCookie(cookie);
It should be possible to set a cookie from the authentication successful handler, this should normally work.
应该可以从身份验证成功的处理程序中设置 cookie,这应该正常工作。
