堆栈内存溢出
  简体   繁体   English

登录后重定向(GAE上的Spring安全性)

[英]Redirect after login (Spring security on GAE)

 原文  2011-03-01 17:16:06       java/ spring-security

问题描述

I am having some troubles making my login redirect to the same place always. 我有一些麻烦使我的登录始终重定向到同一个地方。 I have done something like this 我做过这样的事情 

<http auto-config="true" use-expressions="true" entry-point-ref="gaeEntryPoint" >
    <intercept-url pattern="/_ah/login" access="permitAll"/>
    <intercept-url pattern="/**" access="isAuthenticated()"/>
    <custom-filter position="PRE_AUTH_FILTER" ref="gaeFilter"/>
    <form-login authentication-success-handler-ref="authSuccessHandler"/>
</http>

<beans:bean id="authSuccessHandler"
            class="dk.lindhardt.arbejdsfordeling.server.security.AuthenticationSuccessHandlerImpl"/>

And 

public class AuthenticationSuccessHandlerImpl implements AuthenticationSuccessHandler {

   public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) 
   throws IOException, ServletException {
       if (authentication != null && authentication.isAuthenticated()) {
           response.sendRedirect(OrganizationListServlet.URL);
       }
   }

 }

It never gets into this method above. 它永远不会进入上述方法。 How do I make it do that? 我怎么做到这一点?

Edit: I was following this guide http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/ 编辑:我按照本指南http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/

4 个解决方案

解决方案1
 7  2011-03-05 00:50:55

You shouldn't need to have that servlet there that then does the redirect. 您不应该在那里拥有那个然后执行重定向的servlet。 You can have the redirect in the config itself. 您可以在配置中进行重定向。 

<http auto-config="true">   
    <intercept-url pattern="/app/login" filters="none" />
    <form-login 
        login-page="/app/login" 
        login-processing-url="/app/dologin" 
        authentication-failure-url="/app/login?login_error=1" 
        default-target-url="/app/home"/>
</http>

解决方案2
 7  2011-03-07 17:55:22

I think we can extend SimpleUrlAuthenticationSuccessHandler and call super.onAuthenticationSuccess() method to use DefaultRedirectStrategy . 我想我们可以扩展SimpleUrlAuthenticationSuccessHandler并调用super.onAuthenticationSuccess()方法来使用DefaultRedirectStrategy The modified code will be: 修改后的代码将是: 

public class AuthenticationSuccessHandlerImpl extends SimpleUrlAuthenticationSuccessHandler {
       @Override
   public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) 
   throws IOException, ServletException {
       if (authentication != null) {
       setDefaultTargetUrl(OrganizationListServlet.URL);
              super.onAuthenticationSuccess(request, response, authentication);
       }

   }

 }

解决方案3
 5  2011-03-01 17:26:49

You could do it without the Handler by adding the "always-use-default-target" to your form-login settings 您可以在没有处理程序的情况下通过向表单登录设置添加“always-use-default-target”来完成此操作 

<form-login default-target-url='/your/target/url.htm' always-use-default-target='true' />

See http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-form-and-basic under "Setting a Default Post-Login Destination" 请参阅“设置默认的登录后目的地”下的http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-form-and-basic

解决方案4
 0  2011-03-09 20:39:01

It is not pretty but I solved it by positioning a custom filter at position LAST. 它不漂亮,但我通过在最后位置定位自定义过滤器来解决它。 

public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws
            IOException, ServletException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

       if (authentication != null && authentication.isAuthenticated()) {
            User user = (User) authentication.getPrincipal();
            if (user.isLoggingIn()) {
                if (authentication.getAuthorities().contains(AppRole.ROLE_NEW_USER)) {
                    ((HttpServletResponse) response).sendRedirect(RegistrationServlet.URL);
                } else {
                    ((HttpServletResponse) response).sendRedirect("/" + OrganizationListServlet.URL);
                }
                user.setLoggingIn(false);
            } else if (user.isLoggingOut()) {
                ((HttpServletRequest) request).getSession().invalidate();
            }
        }
        filterChain.doFilter(request, response);
}

I think the problem is that the gaeFilter bypasses the normal login procedure and therefore I can't use the authentication-success-handler. 我认为问题是gaeFilter绕过了正常的登录过程,因此我不能使用authentication-success-handler。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Security:登录后页面不会重定向 - Spring Security: Page does not redirect after login 登录后自定义语言环境重定向-Spring Security - Custom locale redirect after login - Spring Security 登录后无法重定向spring boot的spring security - spring security with spring boot cant redirect after login Spring Security:手动添加 UsernamePasswordAuthenticationFilter 触发登录后重定向 - Spring Security: manually added UsernamePasswordAuthenticationFilter triggers redirect after login 使用 Spring 安全性根据用户角色登录后重定向到不同的页面 - Redirect to different page after login based on user role with Spring Security 如何在 spring 安全 SSO 登录后重定向我的上一页? - How to redirect my previous page after SSO Login in spring security? 成功登录后的Spring Boot安全重定向 - 未定义 - Spring Boot Security redirect after successful login - undefined Spring Security:登录后如何重定向到REST URL - Spring Security: How to redirect to a REST url after login 使用Spring Security登录后无法重定向到其他页面 - Cannot redirect to different pages after Login with Spring Security 在Spring Security 2.0.2中,如何在登录后重定向到请求的URL - In Spring security 2.0.2 How to redirect to a requested url after login
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM