禁用SpringSecurity的SavedRequest存储逻辑 [英] Disable SpringSecurity's SavedRequest storing logic

问题描述

我们正在使用Spring Security来管理认证.我们看到的问题是，当用户会话在调出GET表单和单击执行POST的保存按钮之间超时时，他们将被发送到登录页面，但是spring正在将原始的帖子信息保存在会话中.

We are using Spring Security for managing authentication. The issue we are seeing is that when a user's session is timed out between bringing up a GET form and hitting the save button that does a POST, they are sent to the login page but spring is saving the original post information in the session.

我们的应用程序不会在登录后将它们带回到原始URL，而是将它们发送回通用起始页.效果很好，但是当用户碰巧返回到他们最初尝试过POST的页面时(GET和POST的形式是相同的URL)，Spring尝试自动重新提交POST，这不是我们想要的.

Our app does not bring them back to the original URL after login, but instead sends them back to a common starting page. This works fine, but when the user happens to return to the page they had originally tried to POST to (the form GET and POST are the same URLs) Spring tries to resubmit the POST automatically which is not what we want.

有没有一种方法可以完全禁用Spring中的SavedRequest存储逻辑?

Is there a way to completely disable the SavedRequest storing logic in Spring?

推荐答案

我猜这吉拉春季安全性问题描述了您的问题以及如何处理.

I guess this jira issue of spring security describes your problem and how to handle this.

这篇关于禁用SpringSecurity的SavedRequest存储逻辑的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！