Spring Security targetUrlParameter不重定向 [英] Spring Security targetUrlParameter does not redirect

问题描述

我正在尝试将用户重定向回他们单击登录链接的页面.(对于未经身份验证的用户，页面是只读的，但对于已登录的用户，页面是可写的.)如何将用户重定向回他们登录后的来源?

我通过以下链接向用户发送登录页面:/spring_security_login?redirect =/item5 .登录后，我希望用户将被重定向到/item5 页面.但是，它们总是被重定向到/页面.

这是我正在使用的配置:

 < http use-expressions ="true">< intercept-url pattern ="/**" access ="permitAll"/>< form-login authentication-success-handler-ref ="simpleUrlAuthenticationSuccessHandler"/></http>< beans:bean id ="simpleUrlAuthenticationSuccessHandler"class ="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">< beans:属性名称="defaultTargetUrl" value ="/"/>< beans:属性名称="targetUrlParameter" value =重定向"/></beans:bean> 

似乎 targetUrlParameter 并未如预期那样被拾取.我正在使用Spring Security 3.1.4

解决方案

在使用

如果设置了useReferer属性，则将使用"Referer" HTTP标头值(如果存在).

作为后备选项，将使用defaultTargetUrl值.

根据您的配置，这应该可以工作.我的猜测是，在登录表单中发送 POST 请求时，您没有传播 referer .通常，应在登录页面的隐藏字段中写入 referer 值，以便将 referer 参数传输到 spring_security_login .

I'm trying to redirect the user back to the page where they clicked the login link. (Pages are read-only for non-authenticated users, but writable for logged in users.) How do I redirect the user back to where they came from after they login?

I'm sending to the user to the login page with this link: /spring_security_login?redirect=/item5. After loging in, I expect the user to be redirected to /item5 page. However, they're always redirected to / page.

Here is the configuration I'm using:

<http use-expressions="true">
    <intercept-url pattern="/**" access="permitAll" />
    <form-login authentication-success-handler-ref="simpleUrlAuthenticationSuccessHandler"/>
</http>
<beans:bean id="simpleUrlAuthenticationSuccessHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
    <beans:property name="defaultTargetUrl" value="/"/>
    <beans:property name="targetUrlParameter" value="redirect"/>
</beans:bean>

It seems that targetUrlParameter is not getting picked up as expected. I'm using Spring Security 3.1.4

解决方案

The following rules are applied when using the SimpleUrlAuthenticationSuccessHandler:

• If the alwaysUseDefaultTargetUrl property is set to true, the defaultTargetUrl property will be used for the destination.
• If a parameter matching the value of targetUrlParameter has been set on the request, the value will be used as the destination. By default this has the value "spring-security-redirect".
• If the useReferer property is set, the "Referer" HTTP header value will be used, if present.
• As a fallback option, the defaultTargetUrl value will be used.

According to your configuration, this should work. My guess is that you didn't propagate the referer when sending the POST request in the form login. Typically, you should write the referer value in an hidden field in your login page, so that the referer parameter is transmitted to spring_security_login.

这篇关于Spring Security targetUrlParameter不重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！