Spring Social - 如何重定向到原始 URL 或通过重新加载的 Popup/Iframe 进行身份验证 [英] Spring Social - How to Redirect to original URL or authenticate via Popup/Iframe with reload
问题描述
我有一个 web 应用程序,它使用 spring security 和 spring 社交集成.我在应用程序的菜单上放置了登录按钮(表单发布),可以从任何路径/网页访问.我可以通过从我的网页在/signin/{provider} 上发帖来登录,该网页会重定向到 google 的登录页面进行身份验证,并在身份验证成功后重定向回 已配置的 URL".我希望此 URL 是动态的,以便将用户重定向回原始 URL,在该 URL 中用户点击了使用 Google 登录按钮.
I have a web application which uses spring security with spring social integration. I have placed sign-in button (form post) on the menu of the application which can be accessed from any of the paths/webpages. I am able to sign-in by posting on /signin/{provider} from my webpage which redirects to google's login page for authentication and upon successful authentication redirects back to a "configured URL". I want this URL to be dynamic so the user is redirected back to original URL where the user clicked on Sign In With Google button.
我有的选择:
使用SignInAdapter 返回要重定向到的 URL.我们在 signIn() 方法中获得了本机 Web 请求对象,但我无法找到一种方法来发送一些参数,例如回调 url,在初始登录表单发布期间可能在 signIn() 方法中可用.
Use SignInAdapter to return the URL to be redirected to. We get the native web request object here in signIn() method but I am not able to find a way to send some parameter say, callback url, during initial signin form post which may become available in signIn() method.
在 FormPost 上,不是在同一个窗口中重定向,而是打开一个 iframe/popup 来处理发布响应(这实际上是提供者 url,如 http://accounts.google.com/......).并在成功验证后重新加载父页面.但是这里 iframe 不允许跨域 url.对于弹出窗口,我不知道如何在弹出窗口中引入表单发布响应.
Upon FormPost, instead of redirecting in the same window, open an iframe/popup to handle the post response (which is actually the providers url like http://accounts.google.com/......). And after successful authentication reload the parent page. But here iframe does not allow cross domain urls. For popups, I don't know how to bring form post response in a popup.
这是一个电子商务应用程序,因此希望在安全性和用户限制(例如阻止流行)方面争取一些最佳实践.
This is an e-commerce application so want to strive for some best practices in terms of security and users constraints (like blocked popus).
推荐答案
最后让它与问题中提到的第二种方法一起工作.不要直接点击使用 Google 登录"按钮进行登录表单发布 (signin/{providerId}),而是打开一个弹出窗口(子窗口),其中包含以下内容:
Finally got it working with second approach mentioned in the question. Instead of doing sign in form post (signin/{providerId}) directly on click of "Login with Google" button, open a popup window (child window) with something like :
<button type="submit" onClick=
"window.open('/signin?formId=googleForm','Ratting','width=550,height=400,left=150,top=200,toolbar=0,status=0,');" class="googlelogin" style="border-width: 0px;">
</button>
在这个弹出窗口上,通过javascript,在加载过程中进行自动表单发布.
and on this popup window, through javascript, do an auto form post during onload.
将在成功登录后加载的重定向 url 配置到具有重新加载父窗口的 javascript 代码的页面.类似的东西:
Configure the redirect url, which loads after succesful signin, to a page which has a javascript code which reloads your parent window. Something like:
(function(){
if (opener) {
opener.postMessage("reload", '*');
window.close();
}
else {
window.location.assign('/');
}
}());
父窗口应该有一个监听子窗口发布的消息.类似的东西:
The parent window should have a listener for message posted by child window. Something like:
function listener(event){
if (event.data === "reload")
document.location.reload();
}
if (window.addEventListener){
addEventListener("message", listener, false)
} else {
attachEvent("onmessage", listener)
}
希望它可以帮助寻找解决此类非常微不足道的用例的人.
Hope it helps someone looking for the solution to a very trivial use case like this.
这篇关于Spring Social - 如何重定向到原始 URL 或通过重新加载的 Popup/Iframe 进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
