阻止重定向登录Spring Security [英] Prevent redirect to login for Spring Security

问题描述

我有Spring MVC + Spring Security项目。

I have Spring MVC + Spring Security project.

<http auto-config="true" access-denied-page="/security/accessDenied" use-expressions="true" disable-url-rewriting="true">

... 
<intercept-url pattern="/dashboard/myaccount/**" access="hasAnyRole('ROLE_PERSON', 'ROLE_DEALER')"/>
...

<form-login login-page="/security/login" authentication-failure-url="/security/login?error=true"
                default-target-url="/security/success" username-parameter="email"
                password-parameter="secret"/>
<logout invalidate-session="true" logout-success-url="/index" logout-url="/security/logout"/>

如果用户进入登录页面，如果成功将被重定向到/ security / success，其中我在控制器中用会话对象做更多的东西（记录用户ID，等等）

If a user goes to login page, if successful will be redirected to "/security/success" where I do more stuff in the controller with the session object (record userID, ...etc)

我的问题是当一个GUEST用户要去/ dashboard / myaccount（这需要AUTH），他被重定向到LOGIN页面（我不想要，我更喜欢抛出404）。之后Spring Security没有重定向到/ security / success。而是重定向到/ dashboard / myaccount。

My problem is when an GUEST user is going to /dashboard/myaccount (which requires AUTH), he is being redirected to LOGIN page (Which I don't want, I prefer a 404 thrown). After that Spring Security is not redirecting to /security/success. Instead is redirected to /dashboard/myaccount.

如果GUEST尝试访问AUTH页面，我宁愿找到一种方法来完全禁用此重定向到登录页面。

I would prefer to find a way to disable completely this redirection to login page in case of GUEST trying to access a AUTH page.

有什么办法吗？

Tnx

推荐答案

发现：always-use-default- target =true

Found this: always-use-default-target="true"

这样，我的控制器功能总是在任何登录后被调用。

I this way, my controller function is always invoked after any login.

这篇关于阻止重定向登录Spring Security的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！