使用Spring-Security登录并重定向到所需URL时遇到问题

Question

I am trying to login using Spring-Security. After authentication when I attempt to redirect to the user dashboard page, it instead returns me to the login page. I think our security context has not been created or some other problem. Following is my code:

My Security Config:

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .csrf().disable()
            .authorizeRequests()
            .antMatchers("/user/**").hasRole("USER")
            .antMatchers("/admin/**").hasAnyRole(new String[]{"ADMIN", "SUB_ADMIN"})
            .antMatchers(new String[]{"/*", "/public"}).permitAll()
            .anyRequest()
            .authenticated()
        .and()
        .formLogin()
            .loginPage("/check-url-pattern")
            .loginProcessingUrl("/authenticate")
            .usernameParameter("username")
            .passwordParameter("password")
            .successHandler(loginSuccessHandler)
            .failureHandler(loginFailureHandler)
            .permitAll()
        .and()
        .logout()
            .logoutUrl("/invalidate")
            .logoutSuccessHandler(logoutSuccesshandler)
            .invalidateHttpSession(true)

        .and()
        .headers().addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN));     

My manually authentication code:

@RequestMapping(value = "sign-in", method = RequestMethod.POST)
public String signIn(HttpServletRequest request) {
 logger.info(" signIn ");
 PasswordEncoder encoder=new BCryptPasswordEncoder();
 User userExisting1 = (User)userService.findUserByUserName(request.getParameter("emaillogin").trim());
 boolean matchPass =  encoder.matches(request.getParameter("secretlogin").trim(),  userExisting1.getSecret());
 if(userExisting1.getRole().equalsIgnoreCase("ROLE_USER") && userExisting1.getStatus().equalsIgnoreCase("active") && matchPass){
 UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userExisting1.getUserName(),userExisting1.getSecret());
 authentication.setDetails(userExisting1);
 SecurityContext securityContext = SecurityContextHolder.getContext();
 securityContext.setAuthentication(authentication);

 HttpSession session = request.getSession(true);
 session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
 return "redirect:/user/dashboard";
}

My check-url-pattern

@RequestMapping(value="/check-url-pattern", method=RequestMethod.GET)
public String checkUrlPattern(HttpServletRequest    request,HttpServletResponse response, RedirectAttributes attributes) {
 logger.info("in checkUrlPattern Controller");

 SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
 if(savedRequest == null && getExistHttpSession() == null){
  return "redirect:/user-login";
 }else{ 
  String servletpath=savedRequest.getRedirectUrl();
  Pattern pattern = Pattern.compile("/admin");
  Matcher matcher = pattern.matcher(servletpath);
  Pattern pattern1 = Pattern.compile("/user");
  Matcher matcher1 = pattern1.matcher(servletpath);
  if (matcher.matches() && request.getSession(false) == null) {
    return "redirect:/admin-login-fin"; 
  }else if(matcher.matches() && request.getSession(false) != null){
   return "redirect:/admin/dashboard";
  }else if(matcher1.matches() && request.getSession(false) == null){
   return "redirect:/user-login";
  }else if(matcher1.matches() && request.getSession(false) != null){
   return "redirect:/user/dashboard";
  }else{
 return "redirect:/";
}

}

When I submit the login form, my sign-in controller is called and my sign-in code is executed. After that, when I try to redirect to /user/dashboard url, Spring-Security redirects me back to /check-url-pattern instead. It is also possible to handle log-ins using Spring-Security custom-form-submit. But in future I wish to implement this with an Ajax request.

Answer 1

您错过了安全配置中.formLogin（）中的.default-target-url="/user/dashboard" 。