Spring Security - 如果已经登录则重定向
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13131122/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring Security - Redirect if already logged in
提问by steve
I'm new to Spring:
我是春天的新手:
I do not want authenticated user from accessing the login page. What is the proper way to handle redirects for the '/login' if the user is already authenticated? Say, I want to redirect to '/index' if already logged in.
我不希望经过身份验证的用户访问登录页面。如果用户已通过身份验证,处理“/登录”重定向的正确方法是什么?说,如果已经登录,我想重定向到“/index”。
I have tried 'isAnonomous()' on login, but it redirects to access denied page.
我在登录时尝试过“isAnonomous()”,但它重定向到访问被拒绝的页面。
<security:http auto-config="true" use-expressions="true" ...>
<form-login login-processing-url="/resources/j_spring_security_check"
default-target-url="/index"
login-page="/login" authentication-failure-url="/login?login_error=t" />
<logout logout-url="/resources/j_spring_security_logout" />
...
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
</security:http>
回答by Rahul
In the controller function of your login page:
在登录页面的控制器功能中:
check if a user is logged in.
then forward/redirect him to the index page in that case.
检查用户是否登录。
然后在这种情况下将他转发/重定向到索引页面。
Relevant code:
相关代码:
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!(auth instanceof AnonymousAuthenticationToken)) {
/* The user is logged in :) */
return new ModelAndView("forward:/index");
}
Update
更新
Or in another scenario where the mapping may be containing path variablelike @GetMapping(path = "/user/{id}")in this case you can implement this logic as well:
或者在映射可以含有另一种情况path variable就像@GetMapping(path = "/user/{id}")在这种情况下,你可以实现这个逻辑,以及:
@GetMapping(value = "/login")
public String getLogin() throws Exception {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!(auth instanceof AnonymousAuthenticationToken)) {
User loggedInUser = userService.findByEmail(auth.getName())
.orElseThrow(Exception::new);
/* The user is logged in :) */
return "redirect:/user/" + loggedInUser.getUserId();
}
return "login";
}
回答by Milan Vidakovic
To successfully redirect from login page, if user is already logged in, add the following to your login.jsp:
要成功从登录页面重定向,如果用户已经登录,请将以下内容添加到您的 login.jsp:
Add a security taglib header to the top of your jsp:
在 jsp 的顶部添加一个安全 taglib 标头:
<%@taglib uri="http://www.springframework.org/security/tags" prefix="sec"%>
Then add the following tag inside your "head" tag (preferably near the top):
然后在“head”标签内添加以下标签(最好靠近顶部):
<sec:authorize access="isAuthenticated()">
<% response.sendRedirect("main"); %>
</sec:authorize>
This will redirect to main.html (or whatever your main .jsp is mapped to) if the user accessing the login page is already logged-in.
如果访问登录页面的用户已经登录,这将重定向到 main.html(或您的主 .jsp 映射到的任何内容)。
Doing this through a controller didn't work for me, since the valid login page practice is to let the spring security's "form-login" bean do all the redirecting work, so there was no login controller for me to modify.
通过控制器执行此操作对我不起作用,因为有效的登录页面做法是让 spring 安全性的“表单登录”bean 完成所有重定向工作,因此没有登录控制器供我修改。
回答by erginduran
hey you can do that.
嘿,你可以这样做。
<h:head>
<sec:authorize access="isAuthenticated()">
<meta http-equiv="refresh" content="0;url=http://your index.xhtml url (full url)" />
</sec:authorize>
</h:head>
This method is very simple and convenient, is not it?
这个方法非常简单方便,不是吗?
回答by yakup_y
login.xhtml
登录.xhtml
<h:head >
<f:metadata>
<f:event type="preRenderView" listener="#{loginBean.onPageLoad}"/>
</f:metadata>
</h:head>
loginBean
登录豆
public void onPageLoad(){
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!(auth instanceof AnonymousAuthenticationToken)) {
try {
FacesContext.getCurrentInstance().getExternalContext().redirect(url);
} catch (IOException e) {
e.printStackTrace();
}
}
}
