成功登录后,Spring Security重定向到上一页 [英] Spring Security redirect to previous page after successful login
问题描述
我知道之前曾有人问过这个问题,但是我在这里面临着一个特殊的问题.
I know this question has been asked before, however I'm facing a particular issue here.
我使用Spring Security 3.1.3.
I use spring security 3.1.3.
我的Web应用程序中有3种可能的登录案例:
I have 3 possible login cases in my web application:
- 通过登录页面登录:确定.
- 通过受限页面登录:也可以.
- 通过非限制页面登录:不好,...每个人都可以访问产品"页面,并且用户可以在登录后发表评论.因此,同一页面中包含一个登录表单,以允许用户进行连接.
情况3)的问题是我无法设法将用户重定向到产品"页面.成功登录后,无论如何,他们都会被重定向到主页.
The problem with case 3) is that I can't manage to redirect users to the "product" page. They get redirected to the home page after a successful login, no matter what.
请注意,在第2种情况下,成功登录后,重定向到受限页面的操作是开箱即用的.
Notice that with case 2) the redirection to the restricted page works out of the box after successful login.
这是我的security.xml文件的相关部分:
Here's the relevant part of my security.xml file:
<!-- Authentication policy for the restricted page -->
<http use-expressions="true" auto-config="true" pattern="/restrictedPage/**">
<form-login login-page="/login/restrictedLogin" authentication-failure-handler-ref="authenticationFailureHandler" />
<intercept-url pattern="/**" access="isAuthenticated()" />
</http>
<!-- Authentication policy for every page -->
<http use-expressions="true" auto-config="true">
<form-login login-page="/login" authentication-failure-handler-ref="authenticationFailureHandler" />
<logout logout-url="/logout" logout-success-url="/" />
</http>
我怀疑每个页面的身份验证策略"是造成该问题的原因.但是,如果删除它,我将无法登录... j_spring_security_check发送404错误.
I suspect the "authentication policy for every page" to be responsible for the problem. However, if I remove it I can't login anymore... j_spring_security_check sends a 404 error.
感谢拉尔夫,我找到了解决方案.事情就是这样:我使用了
Thanks to Ralph, I was able to find a solution. So here's the thing: I used the property
<property name="useReferer" value="true"/>
拉尔夫给我看.之后,我的情况1出现了问题:通过登录页面登录时,用户停留在同一页面上(而不是像以前那样重定向到主页).到此阶段为止的代码如下:
that Ralph showed me. After that I had a problem with my case 1) : when logging via the login page, the user stayed in the same page (and not redirected to the home page, like it used to be). The code until this stage was the following:
<!-- Authentication policy for login page -->
<http use-expressions="true" auto-config="true" pattern="/login/**">
<form-login login-page="/login" authentication-success-handler-ref="authenticationSuccessHandlerWithoutReferer" />
</http>
<!-- Authentication policy for every page -->
<http use-expressions="true" auto-config="true">
<form-login login-page="/login" authentication-failure-handler-ref="authenticationFailureHandler" />
<logout logout-url="/logout" logout-success-url="/" authentication-success-handler-ref="authenticationSuccessHandler"/>
</http>
<beans:bean id="authenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<!-- After login, return to the last visited page -->
<beans:property name="useReferer" value="true" />
</beans:bean>
<beans:bean id="authenticationSuccessHandlerWithoutReferer" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<!-- After login, stay to the same page -->
<beans:property name="useReferer" value="false" />
</beans:bean>
至少从理论上讲,这应该起作用,但事实并非如此.我仍然不知道为什么,所以,如果有人对此有答案,我将很乐意创建一个新的主题,让他分享他的解决方案.
This should work, in theory at least, but it wasn't. I still dont know why, so if someone has an answer on this, I will gladly create a new topic to allo him to share his solution.
在此期间,我想到了一种解决方法.不是最好的解决方案,但是就像我说的那样,如果有人能展示出更好的东西,我就会无所适从.这是登录页面的新身份验证策略:
In the meantime, I came to a workaround. Not the best solution, but like I said, if someone has something better to show, I'm all ears. So this is the new authentication policy for the login page :
<http use-expressions="true" auto-config="true" pattern="/login/**" >
<intercept-url pattern="/**" access="isAnonymous()" />
<access-denied-handler error-page="/"/>
</http>
这里的解决方案非常明显:登录页面仅允许匿名用户使用.连接用户后,错误处理程序会将其重定向到首页.
The solution here is pretty obvious: the login page is allowed only for anonymous users. Once a user is connected, the error handler redirects him to the home page.
我做了一些测试,一切似乎都很好.
I did some tests, and everything seems to be working nicely.
推荐答案
AuthenticationSuccessHandler处理登录后(用户重定向到的URL)后发生的情况.
What happens after login (to which url the user is redirected) is handled by the AuthenticationSuccessHandler.
此接口(实现它的具体类为SavedRequestAwareAuthenticationSuccessHandler)由AbstractAuthenticationProcessingFilter或方法successfulAuthentication中的子类之一(如UsernamePasswordAuthenticationFilter)调用.
This interface (a concrete class implementing it is SavedRequestAwareAuthenticationSuccessHandler) is invoked by the AbstractAuthenticationProcessingFilter or one of its subclasses like (UsernamePasswordAuthenticationFilter) in the method successfulAuthentication.
因此,要在情况3中进行其他重定向,必须将SavedRequestAwareAuthenticationSuccessHandler子类化,并使其执行您想要的操作.
So in order to have an other redirect in case 3 you have to subclass SavedRequestAwareAuthenticationSuccessHandler and make it to do what you want.
有时候(取决于您的确切用例),足以启用AbstractAuthenticationTargetUrlRequestHandler的useReferer标志,该标志由SimpleUrlAuthenticationSuccessHandler(SavedRequestAwareAuthenticationSuccessHandler的超类)调用.
Sometimes (depending on your exact usecase) it is enough to enable the useReferer flag of AbstractAuthenticationTargetUrlRequestHandler which is invoked by SimpleUrlAuthenticationSuccessHandler (super class of SavedRequestAwareAuthenticationSuccessHandler).
<bean id="authenticationFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="filterProcessesUrl" value="/login/j_spring_security_check" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="useReferer" value="true"/>
</bean>
</property>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login?login_error=t" />
</bean>
</property>
</bean>
这篇关于成功登录后,Spring Security重定向到上一页的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
