我尝试在登录后使用我的选择选项重定向到特定页面,但我似乎无法进入正确的状态。 我在一个表单上有一个选择选项和一个登录框。选择框应该重定向到指定的页面,但登录后不会重定向,即使我要求它。
登录页面
<form class="myform" th:action="@{/login}" th:object="${user}" method="post">
<div th:replace="common/layout :: flash"></div>
<div class="form-group">
<select th:field="*{cert}" class="form-control input-lg" id="selectEl" >
<option value="" >[Select Program Type]</option>
<option th:each="program : ${programs}" th:value="${program.values}" th:text="${program.name}" >Certificate programs</option>
</select>
</div>
<div>
<div class="input-group input-group-lg">
<span class="input-group-addon" id="sizing-addon1">@</span>
<input type="text" class="form-control" placeholder="LoginID" th:field="*{username}" aria-describedby="sizing-addon1" />
</div>
</div>
<div class="form-group">
<div class="input-group input-group-lg">
<span class="input-group-addon form-wrapper" id="sizing-addon2">@</span>
<input type="password" class="form-control showpassword" placeholder="Pin" th:field="*{password}" aria-describedby="sizing-addon1" />
<span class="input-group-btn">
<button class="btn btn-default toggle" type="button">Show Pin</button>
</span>
</div>
</div>
<div>
<label>
<input type="checkbox" value="1" id="checkbox" /> <p class="login-caution">I have carefully read all instructions as well as programme requirements in the Admission Brochure and i here my accept any responsibility for any omission(s) or error(s) on my submitted form.</p>
</label>
</div>
<button type="submit" id="btnCheck" class="btn btn-primary btn-lg btn-block">Login</button>
</form>
登录控制器
@RequestMapping(path = "/login", method = RequestMethod.GET)
public String loginForm(Model model, HttpServletRequest request) {
model.addAttribute("user", new User());
if (request != null) {
DefaultSavedRequest savedRequest=(DefaultSavedRequest) request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY");
if (savedRequest != null) {
model.addAttribute("redirectUrl", savedRequest.getRedirectUrl());
return savedRequest.getRedirectUrl();
}
}
model.addAttribute("programs", Program.values());
try {
Object flash = request.getSession().getAttribute("flash");
model.addAttribute("flash", flash);
request.getSession().removeAttribute("flash");
} catch (Exception ex) {
// "flash" session attribute must not exist...do nothing and proceed normally
}
return "login";
}
安全配置
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.successHandler(loginSuccessHandler())
.failureHandler(loginFailureHandler())
.and()
.logout()
.permitAll()
.logoutSuccessUrl("/login").deleteCookies("JSESSIONID").logoutSuccessUrl("/");
}
public AuthenticationSuccessHandler loginSuccessHandler() {
//return (request, response, authentication) -> response.sendRedirect("/");
return (request, response, authentication)-> {
response.sendRedirect("/");
};
}
public AuthenticationFailureHandler loginFailureHandler() {
return (request, response, exception) -> {
request.getSession().setAttribute("flash", new FlashMessage("Incorrect username and/or password. Please try again.", FlashMessage.Status.FAILURE));
//request.removeAttribute("username");
response.sendRedirect("/login");
};
}
@Bean
public EvaluationContextExtension securityExtension(){
return new EvaluationContextExtensionSupport() {
@Override
public String getExtensionId() {
return "security";
}
@Override
public Object getRootObject() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
return new SecurityExpressionRoot(authentication) {};
}
};
}
答案 0 :(得分:1)
您似乎始终将用户重定向到根页面,就像在AuthenticationSuccessHandler中定义它一样。
如果您想将用户重定向到特定网页,我建议您添加&#34; redirectUrl = http://xxxx.com&#34;作为url中的查询字符串参数。在您的AuthenticationSuccessHandler中,您可以使用
之类的内容public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
String queryString = request.getQueryString();
if(queryString == null) {
response.setStatus(200);
} else if(!queryString.contains("redirectUrl=")) {
response.sendRedirect("/");
} else {
queryString = URLDecoder.decode(queryString.replace("url=", ""), "utf-8");
response.sendRedirect(queryString);
}
}
答案 1 :(得分:1)
我设法解决了它,这是最终的配置
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
// roles admin allow to access /admin/**
// roles user allow to access /user/**
// custom 403 access denied handler
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
// http.formLogin().defaultSuccessUrl("/usersList", true);
// @formatter:off
http.csrf().disable()
.authorizeRequests()
.antMatchers("/login*").permitAll()
.antMatchers("/","/userList")
.permitAll().anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login").permitAll()
.defaultSuccessUrl("/usersList", true)
.successHandler(new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
System.out.println("enter here: ");
System.out.println("session: " + request.getSession());
response.sendRedirect("/userList");
request.getSession().setMaxInactiveInterval(60);
System.out.print("session expired");
}
})
.and()
.logout().permitAll();
http.headers().frameOptions().disable();
}
这是正确引导我的路线
response.sendRedirect("/userList")
但有人可以解释为什么这个工作而不是
.defaultSuccessUrl("/usersList", true);