使用 URL 中的一些额外参数重定向到登录页面 [英] Redirect to login page with some extra parameters in URL

问题描述

我将 Spring Boot 与 Spring Security 一起使用，我想使用 URL 中的自定义参数重定向到登录，而不是 login?error 或 login?logout.

I'm using Spring Boot with Spring Security, and I would like to redirect to the login with a custom parameter in the URL different then login?error or login?logout.

目前，当我进行重定向时，登录 url 会从不同于错误"或注销"页面的参数中删除我通过 AD 进行身份验证，任何授权用户都可以登录.

Currently when I do the redirect the login url get strip from parameters different to "error" or "logout" pageI have authentication through AD that any authorized user can login.

例如在我的控制器中，我有类似的东西:

For example in my controller I have something like:

   return "redirect:/login?invalid-token";

我想在登录页面中做一些类似他查看的事情

And I would like to do in the login page something likehe view

   <div th:if="${param.invalid-token}" class="alert alert-danger" role="alert">Invalid token message.</div>

提前致谢...

推荐答案

我还没有完全理解你的问题，但我的猜测相当不错.

I'm still not fully understanding your problem, but I am taking a pretty good guess.

您的问题很可能是您重定向到/login?invalid-token 并且 Spring Security 不允许匿名访问该页面.要修复它，请使用以下命令:

Likely your problem is that you are redirecting to /login?invalid-token and Spring Security is not allowing anonymous access to that page. To fix it, use the following:

http
    .authorizeRequests()
        .antMatchers("/login").permitAll()
        ...

注意 formLogin().permitAll() 是非常严格的.它只允许访问 Spring Security 知道的登录页面和登录错误页面.以上使它更宽容.

Note that formLogin().permitAll() is very restrictive. It only allows access to the login page and the login error page that Spring Security knows about. The above makes it more permissive.

这篇关于使用 URL 中的一些额外参数重定向到登录页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！