[英]How to permit forwarding to external URL with Spring Security
I am wondering how can I make my "redirect:" workin with Spring Security. 我想知道如何在Spring Security中进行“重定向:”工作。 All /auth* pathes work correctly. 所有/ auth *路径均可正常工作。 But when it cames up to [1] it just doesn't redirect. 但是当到达[1]时,它只是不重定向。 Spring Security 4.0.2.RELEASE, Spring MVC 4.0.8.RELEASE Spring Security 4.0.2.RELEASE,Spring MVC 4.0.8.RELEASE
@Controller
@RequestMapping(value = "/auth")
public class SomeAuthController {
@RequestMapping(value = "/external")
public String externalAuth(...) {
if(someCondition) return "redirect:" + someExternalUrl; // [1] https://external-service.com
else return "redirect:/"
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void registerGlobalAuthentication(AuthenticationManagerBuilder auth,
ShaPasswordEncoder shaPasswordEncoder,
List<AuthenticationProvider> authProviders)
throws Exception {
for(AuthenticationProvider provider : authProviders) auth.authenticationProvider(provider);
}
@Bean(name="myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/resources/**").permitAll();
http.authorizeRequests().antMatchers("/auth/**", "/").permitAll().anyRequest().authenticated();
http.formLogin()
.loginPage("/auth/login")
.loginProcessingUrl("/j_spring_security_check")
.usernameParameter("j_username")
.passwordParameter("j_password")
.failureUrl("/auth/login?error")
.permitAll();
http.logout()
.permitAll()
.logoutUrl("/auth/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true);
}
}
Okay guys. 好的,伙计们。 Here's my answer. 这是我的答案。 Hope it will help someone. 希望它会帮助某人。 The first thing is to enable JSR250 in the security configuration bean. 首先是在安全配置Bean中启用JSR250。
@EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
Afterwards I added @PermitAll annotation for a method which contained redirecting. 之后,我为包含重定向的方法添加了@PermitAll批注。
@PermitAll
@RequestMapping(value = "/external")
public String externalAuth(...) {
if(someCondition) return "redirect:" + someExternalUrl; // [1] https://external-service.com
else return "redirect:/"
}
That's all. 就这样。 Have a nice debugging J 调试好J
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.