我需要在成功注册用户后自动登录。我需要重定向主页。但在我的代码中,它不会被重定向到特定的页面。注册后它仍然会加载登录页面。
我的注册控制器:
@Controller
public class LoginController
{
@Inject
RequestCache requestCache;
@Inject @Named("am")
protected AuthenticationManager authenticationManager;
@RequestMapping(value = "/userCreate", method = RequestMethod.POST)
public String getuseradd( Model model, HttpServletRequest request)
{
logger.debug("In getuseradd");
logger.debug("User add "+request.getParameter("firstName"));
String firstName = request.getParameter("firstName");
String lastName = request.getParameter("lastName");
String email = request.getParameter("email");
String password = request.getParameter("password");
try{
if(userService.searchRecords("Email", email).size()> 0)
{
return "redirect:/login";
}
else{
Users user = new Users();
user.setFirstName(firstName);
user.setLastName(lastName);
user.setUserStatus("Active");
user.setEmail(email);
user.setIsFacilitator(false);
user.setPassword(password);
user.setLanguageID(4L);
userService.create(user, creatorID);
Long userId = user.getUserID();
UserRoleXREF userRoleXREF = new UserRoleXREF();
userRoleXREF.setUserID(userId);
userRoleXREF.setUserRoleID(4L);
userRoleXREF.setComment(firstName);
userRoleXREFService.create(userRoleXREF, creatorID);
logger.debug("User role XREF created");
authenticateUserAndSetSession(user, request);
}
}
catch(AmmachiServerException ex)
{
logger.debug("AmmachiServerException: " + ex.getMessage());
}
return "redirect:/home";
}
}
private void authenticateUserAndSetSession(Users user,
HttpServletRequest request)
{
logger.debug("Authentication session"+user.getEmail()+""+user.getPassword());
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
user.getEmail(), user.getPassword());
// generate session if one doesn't exist
request.getSession();
token.setDetails(new WebAuthenticationDetails(request));
Authentication authenticatedUser = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
}
和我的securitycontext.xml
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/userCreate" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/loginfailed" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/login" always-use-default-target="false" default-target-url="/home" authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" invalidate-session="true" delete-cookies="JSESSIONID" />
<session-management>
<concurrency-control max-sessions="10000" error-if-maximum-exceeded="false" />
</session-management>
</http>
<authentication-manager alias = "am">
<authentication-provider user-service-ref="loginValidator">
<password-encoder hash="md5">
<salt-source user-property="username"/>
</password-encoder>
</authentication-provider>
</authentication-manager>
答案 0 :(得分:2)
您的UsernamePasswordAuthenticationToken未经过身份验证,因此您将被重定向到登录页面。 您调用的UsernamePasswordAuthenticationToken构造函数:
public UsernamePasswordAuthenticationToken(Object principal, Object credentials) {
super(null);
this.principal = principal;
this.credentials = credentials;
setAuthenticated(false);
}
您必须使用权限列表创建UsernamePasswordAuthenticationToken,如下所示:
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
user.getEmail(), user.getPassword(), AuthorityUtils.NO_AUTHORITIES);
您不会在安全配置中使用任何角色,因此空白的权限列表就足够了。
现在,此UsernamePasswordAuthenticationToken已经过身份验证:
public UsernamePasswordAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) {
super(authorities);
this.principal = principal;
this.credentials = credentials;
super.setAuthenticated(true); // must use super, as we override
}
您应该被重定向到您的主页。
AuthorityUtils是Spring安全性的一部分,可以在org.springframework.security.core.authority.AuthorityUtils