Spring Security targetUrlParameter 不重定向 [英] Spring Security targetUrlParameter does not redirect

问题描述

我正在尝试将用户重定向回他们单击登录链接的页面.(页面对于未通过身份验证的用户是只读的，但对于登录的用户是可写的.)如何将用户重定向回他们登录后的位置?

我将通过以下链接向用户发送登录页面:/spring_security_login?redirect=/item5.登录后，我希望用户被重定向到 /item5 页面.但是，它们总是被重定向到 / 页面.

这是我正在使用的配置:

<intercept-url pattern="/**" access="permitAll"/><form-login authentication-success-handler-ref="simpleUrlAuthenticationSuccessHandler"/></http><beans:bean id="simpleUrlAuthenticationSuccessHandler"class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"><beans:property name="defaultTargetUrl" value="/"/><beans:property name="targetUrlParameter" value="redirect"/></beans:bean>

targetUrlParameter 似乎没有按预期获得.我正在使用 Spring Security 3.1.4

解决方案

使用 SimpleUrlAuthenticationSuccessHandler:

<块引用>

• 如果 alwaysUseDefaultTargetUrl 属性设置为 true，则 defaultTargetUrl 属性将用于目标.
• 如果已在请求中设置了与 targetUrlParameter 值匹配的参数，则该值将用作目标.默认情况下，它的值为spring-security-redirect".
• 如果设置了 useReferer 属性，则将使用Referer"HTTP 标头值(如果存在).
• 作为后备选项，将使用 defaultTargetUrl 值.

根据您的配置，这应该可以工作.我的猜测是您在表单登录中发送 POST 请求时没有传播 referer .通常，您应该在登录页面的隐藏字段中写入 referer 值，以便将 referer 参数传输到 spring_security_login.>

I'm trying to redirect the user back to the page where they clicked the login link. (Pages are read-only for non-authenticated users, but writable for logged in users.) How do I redirect the user back to where they came from after they login?

I'm sending to the user to the login page with this link: /spring_security_login?redirect=/item5. After loging in, I expect the user to be redirected to /item5 page. However, they're always redirected to / page.

Here is the configuration I'm using:

<http use-expressions="true">
    <intercept-url pattern="/**" access="permitAll" />
    <form-login authentication-success-handler-ref="simpleUrlAuthenticationSuccessHandler"/>
</http>
<beans:bean id="simpleUrlAuthenticationSuccessHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
    <beans:property name="defaultTargetUrl" value="/"/>
    <beans:property name="targetUrlParameter" value="redirect"/>
</beans:bean>

It seems that targetUrlParameter is not getting picked up as expected. I'm using Spring Security 3.1.4

解决方案

The following rules are applied when using the SimpleUrlAuthenticationSuccessHandler:

• If the alwaysUseDefaultTargetUrl property is set to true, the defaultTargetUrl property will be used for the destination.
• If a parameter matching the value of targetUrlParameter has been set on the request, the value will be used as the destination. By default this has the value "spring-security-redirect".
• If the useReferer property is set, the "Referer" HTTP header value will be used, if present.
• As a fallback option, the defaultTargetUrl value will be used.

According to your configuration, this should work. My guess is that you didn't propagate the referer when sending the POST request in the form login. Typically, you should write the referer value in an hidden field in your login page, so that the referer parameter is transmitted to spring_security_login.

这篇关于Spring Security targetUrlParameter 不重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！