[英]Redirect after login (Spring security on GAE)
我有一些麻煩使我的登錄始終重定向到同一個地方。 我做過這樣的事情
<http auto-config="true" use-expressions="true" entry-point-ref="gaeEntryPoint" >
<intercept-url pattern="/_ah/login" access="permitAll"/>
<intercept-url pattern="/**" access="isAuthenticated()"/>
<custom-filter position="PRE_AUTH_FILTER" ref="gaeFilter"/>
<form-login authentication-success-handler-ref="authSuccessHandler"/>
</http>
<beans:bean id="authSuccessHandler"
class="dk.lindhardt.arbejdsfordeling.server.security.AuthenticationSuccessHandlerImpl"/>
和
public class AuthenticationSuccessHandlerImpl implements AuthenticationSuccessHandler {
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
if (authentication != null && authentication.isAuthenticated()) {
response.sendRedirect(OrganizationListServlet.URL);
}
}
}
它永遠不會進入上述方法。 我怎么做到這一點?
編輯:我按照本指南http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/
您不應該在那里擁有那個然后執行重定向的servlet。 您可以在配置中進行重定向。
<http auto-config="true">
<intercept-url pattern="/app/login" filters="none" />
<form-login
login-page="/app/login"
login-processing-url="/app/dologin"
authentication-failure-url="/app/login?login_error=1"
default-target-url="/app/home"/>
</http>
我想我們可以擴展SimpleUrlAuthenticationSuccessHandler
並調用super.onAuthenticationSuccess()
方法來使用DefaultRedirectStrategy
。 修改后的代碼將是:
public class AuthenticationSuccessHandlerImpl extends SimpleUrlAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
if (authentication != null) {
setDefaultTargetUrl(OrganizationListServlet.URL);
super.onAuthenticationSuccess(request, response, authentication);
}
}
}
您可以在沒有處理程序的情況下通過向表單登錄設置添加“always-use-default-target”來完成此操作
<form-login default-target-url='/your/target/url.htm' always-use-default-target='true' />
請參閱“設置默認的登錄后目的地”下的http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-form-and-basic
它不漂亮,但我通過在最后位置定位自定義過濾器來解決它。
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws
IOException, ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
User user = (User) authentication.getPrincipal();
if (user.isLoggingIn()) {
if (authentication.getAuthorities().contains(AppRole.ROLE_NEW_USER)) {
((HttpServletResponse) response).sendRedirect(RegistrationServlet.URL);
} else {
((HttpServletResponse) response).sendRedirect("/" + OrganizationListServlet.URL);
}
user.setLoggingIn(false);
} else if (user.isLoggingOut()) {
((HttpServletRequest) request).getSession().invalidate();
}
}
filterChain.doFilter(request, response);
}
我認為問題是gaeFilter繞過了正常的登錄過程,因此我不能使用authentication-success-handler。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.