如何在 Spring Security 中设置 always-use-default-target? [英] how to set always-use-default-target in spring security?
本文介绍了如何在 Spring Security 中设置 always-use-default-target?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我需要在 Spring Boot 应用程序的 SavedRequestAwareAuthenticationSuccessHandler
中设置 always-use-default-target="true".我该怎么做?我试过了:
I need to set always-use-default-target="true" in SavedRequestAwareAuthenticationSuccessHandler
in my spring boot application. How can i do that? I tried:
@Bean
SavedRequestAwareAuthenticationSuccessHandler handler() {
SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
handler.setAlwaysUseDefaultTargetUrl(true);
return handler;
}
但没有成功.似乎正在使用完全不同的 bean
but no success. seems like completely different bean is being used
我的安全配置:
@EnableOAuth2Sso
@Configuration
@Order(2)
public class FormWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/login**", "/assets/**", "/uaa/**", "/management/health").permitAll()
.anyRequest().authenticated()
.and()
.headers()
.defaultsDisabled()
.frameOptions()
.sameOrigin()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.ignoringAntMatchers("/uaa/**")
.and()
.logout()
.logoutSuccessUrl("/login?logout")
.permitAll();
}
}
和:
@Configuration
@Order(1)
public class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeRequests()
.anyRequest().authenticated()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.formLogin()
.successForwardUrl("/")
.and()
.exceptionHandling().authenticationEntryPoint(new Unauthorized401EntryPoint());
}
public static class Unauthorized401EntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}
}
推荐答案
对基于注释的设置使用以下内容:
Use following for annotation based settings:
defaultSuccessUrl("/dashboard",true)
defaultSuccessUrl("/dashboard",true)
第二个布尔参数将 always-use-default-target 设置为 true.
The second boolean parameter is setting always-use-default-target to true.
这篇关于如何在 Spring Security 中设置 always-use-default-target?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文