如何在具有Shiro安全性的Spring MVC应用程序中实现以下场景:
如果用户未经过身份验证并请求页面,Shiro应该 重定向到登录页面。用户成功登录和Shiro 重定向到之前请求的页面而不是
successUrlURL
登录部分在我的应用程序中正常工作。以下是我现有代码的片段
<!-- Shiro filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login" />
<property name="successUrl" value="/dashboard" />
<property name="unauthorizedUrl" value="/error" />
<property name="filterChainDefinitions">
<value>
<!-- !!! Order matters !!! -->
/authenticate = anon
/login = anon
/logout = anon
/error = anon
/static/** = anon
/** = authc
</value>
</property>
</bean>
答案 0 :(得分:2)
:
public String doLogin(
HttpServletRequest request,
HttpServletResponse response,
@RequestParam(required = true) String username,
@RequestParam(required = true) String password,
@RequestParam(required = false, defaultValue = "false") boolean rememberMe,
Model model) {
Subject currentUser = SecurityUtils.getSubject();
...
if (currentUser.isAuthenticated()) {
String fallbackUrl = "redirect:/";
try {
// redirect to previously requested page
WebUtils.redirectToSavedRequest(request, response, fallbackUrl);
} catch (IOException e) {
logger.error(e.getMessage(), e);
return fallbackUrl;
}
// return null to prevent spring render another page
return null;
} else {
session.setAttribute("loginFailCount", ++loginFailCount);
}
return "login";
}