阻止重定向登录Spring Security [英] Prevent redirect to login for Spring Security
问题描述
我有Spring MVC + Spring Security项目。
I have Spring MVC + Spring Security project.
<http auto-config="true" access-denied-page="/security/accessDenied" use-expressions="true" disable-url-rewriting="true">
...
<intercept-url pattern="/dashboard/myaccount/**" access="hasAnyRole('ROLE_PERSON', 'ROLE_DEALER')"/>
...
<form-login login-page="/security/login" authentication-failure-url="/security/login?error=true"
default-target-url="/security/success" username-parameter="email"
password-parameter="secret"/>
<logout invalidate-session="true" logout-success-url="/index" logout-url="/security/logout"/>
如果用户进入登录页面,如果成功将被重定向到/ security / success,其中我在控制器中用会话对象做更多的东西(记录用户ID,等等)
If a user goes to login page, if successful will be redirected to "/security/success" where I do more stuff in the controller with the session object (record userID, ...etc)
我的问题是当一个GUEST用户要去/ dashboard / myaccount(这需要AUTH),他被重定向到LOGIN页面(我不想要,我更喜欢抛出404)。之后Spring Security没有重定向到/ security / success。而是重定向到/ dashboard / myaccount。
My problem is when an GUEST user is going to /dashboard/myaccount (which requires AUTH), he is being redirected to LOGIN page (Which I don't want, I prefer a 404 thrown). After that Spring Security is not redirecting to /security/success. Instead is redirected to /dashboard/myaccount.
如果GUEST尝试访问AUTH页面,我宁愿找到一种方法来完全禁用此重定向到登录页面。
I would prefer to find a way to disable completely this redirection to login page in case of GUEST trying to access a AUTH page.
有什么办法吗?
Tnx
推荐答案
发现:always-use-default- target =true
Found this: always-use-default-target="true"
这样,我的控制器功能总是在任何登录后被调用。
I this way, my controller function is always invoked after any login.
这篇关于阻止重定向登录Spring Security的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!