[英]Trouble with login using Spring-Security and redirecting to required URL
I am trying to login using Spring-Security. 我正在尝试使用Spring-Security登录。 After authentication when I attempt to redirect to the user dashboard page, it instead returns me to the login page. 经过身份验证后,当我尝试重定向到用户仪表板页面时,它将返回我的登录页面。 I think our security context has not been created or some other problem. 我认为我们的安全上下文尚未创建或存在其他问题。 Following is my code: 以下是我的代码:
My Security Config: 我的安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/user/**").hasRole("USER")
.antMatchers("/admin/**").hasAnyRole(new String[]{"ADMIN", "SUB_ADMIN"})
.antMatchers(new String[]{"/*", "/public"}).permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/check-url-pattern")
.loginProcessingUrl("/authenticate")
.usernameParameter("username")
.passwordParameter("password")
.successHandler(loginSuccessHandler)
.failureHandler(loginFailureHandler)
.permitAll()
.and()
.logout()
.logoutUrl("/invalidate")
.logoutSuccessHandler(logoutSuccesshandler)
.invalidateHttpSession(true)
.and()
.headers().addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN));
My manually authentication code: 我的手动身份验证代码:
@RequestMapping(value = "sign-in", method = RequestMethod.POST)
public String signIn(HttpServletRequest request) {
logger.info(" signIn ");
PasswordEncoder encoder=new BCryptPasswordEncoder();
User userExisting1 = (User)userService.findUserByUserName(request.getParameter("emaillogin").trim());
boolean matchPass = encoder.matches(request.getParameter("secretlogin").trim(), userExisting1.getSecret());
if(userExisting1.getRole().equalsIgnoreCase("ROLE_USER") && userExisting1.getStatus().equalsIgnoreCase("active") && matchPass){
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userExisting1.getUserName(),userExisting1.getSecret());
authentication.setDetails(userExisting1);
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(authentication);
HttpSession session = request.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
return "redirect:/user/dashboard";
}
My check-url-pattern 我的检查网址格式
@RequestMapping(value="/check-url-pattern", method=RequestMethod.GET)
public String checkUrlPattern(HttpServletRequest request,HttpServletResponse response, RedirectAttributes attributes) {
logger.info("in checkUrlPattern Controller");
SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
if(savedRequest == null && getExistHttpSession() == null){
return "redirect:/user-login";
}else{
String servletpath=savedRequest.getRedirectUrl();
Pattern pattern = Pattern.compile("/admin");
Matcher matcher = pattern.matcher(servletpath);
Pattern pattern1 = Pattern.compile("/user");
Matcher matcher1 = pattern1.matcher(servletpath);
if (matcher.matches() && request.getSession(false) == null) {
return "redirect:/admin-login-fin";
}else if(matcher.matches() && request.getSession(false) != null){
return "redirect:/admin/dashboard";
}else if(matcher1.matches() && request.getSession(false) == null){
return "redirect:/user-login";
}else if(matcher1.matches() && request.getSession(false) != null){
return "redirect:/user/dashboard";
}else{
return "redirect:/";
}
} }
When I submit the login form, my sign-in
controller is called and my sign-in code is executed. 当我提交登录表单,我sign-in
控制器被调用,执行我的登录密码。 After that, when I try to redirect to /user/dashboard
url, Spring-Security redirects me back to /check-url-pattern
instead. 之后,当我尝试重定向到/user/dashboard
url时,Spring-Security会将我重定向回/check-url-pattern
。 It is also possible to handle log-ins using Spring-Security custom-form-submit. 还可以使用Spring-Security custom-form-submit处理登录。 But in future I wish to implement this with an Ajax request. 但是将来我希望通过Ajax请求来实现这一点。
您错过了安全配置中.formLogin()中的.default-target-url="/user/dashboard"
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.