我正在使用带有Spring安全性和前端reactJS的Spring启动构建应用程序。我的代码适用于身份验证。但现在我打算将用户重定向到他之前请求的页面,以防他再次登录。
我可以从successhandler中提取targetUrl即上一页,但是当我在UI处执行console.log(数据)时。我得到原始的html数据而不是URL名称。我不知道为什么以及如何打开这样的原始HTML代码或者我可以从successhandler发送只是html URL名称而不是它发送完整的原始HTML代码?任何投入都受到高度赞赏。
预期的console.log(数据) - https://localhost:8080/addpage.html
实际的console.log(数据) - addpage.html的原始html数据
ApplicationSecurity.java
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private RESTAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private RESTAuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private RESTAuthenticationSuccessHandler authenticationSuccessHandler;
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/CSS/*").permitAll()
.antMatchers("/JS/*").permitAll()
.antMatchers("/login.html").permitAll()
.antMatchers("/*").authenticated()
.and()
.sessionManagement().maximumSessions(5).and().invalidSessionUrl("/login.html");
http.csrf().disable();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.formLogin().successHandler(authenticationSuccessHandler);
http.formLogin().failureHandler(authenticationFailureHandler);
http.logout().logoutSuccessUrl("/login.html");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
}
}
RESTAuthenticationSuccessHandler.java
@Component
public class RESTAuthenticationSuccessHandler extends
SavedRequestAwareAuthenticationSuccessHandler {
private RequestCache requestCache = new HttpSessionRequestCache();
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
SavedRequest savedRequest = requestCache.getRequest(request, response);
System.out.println(savedRequest);
if (savedRequest == null) {
HttpSession session = request.getSession();
if (session != null) {
String redirectUrl = (String) session.getAttribute("url_prior_login");
if (redirectUrl != null) {
session.removeAttribute("url_prior_login");
getRedirectStrategy().sendRedirect(request, response, redirectUrl);
} else {
super.onAuthenticationSuccess(request, response, authentication);
}
} else {
super.onAuthenticationSuccess(request, response, authentication);
}
return;
}
String targetUrlParameter = getTargetUrlParameter();
System.out.println(targetUrlParameter);
if (isAlwaysUseDefaultTargetUrl()
|| (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
requestCache.removeRequest(request, response);
super.onAuthenticationSuccess(request, response, authentication);
return;
}
clearAuthenticationAttributes(request);
// Use the DefaultSavedRequest URL
String targetUrl = savedRequest.getRedirectUrl();
System.out.println(targetUrl);
logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl);
getRedirectStrategy().sendRedirect(request, response, targetUrl);
}
}
UI代码:
$.ajax({
type: "POST",
url: "/login",
data: data,
success: function(data){
console.log(data);
}.bind(this),
error:function(data)
{
alert(data.responseJSON.message);
}
});
console.log(data) - 返回targetURL的原始html代码,我无法打开它作为html文件。我需要来自successhandler的targetURL返回的html文件名,以便我可以使用window.location.href来打开文件
答案 0 :(得分:1)
您可以将redirect url
返回给回复。
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
// ... get target url
String targetUrl = "";
try {
response.setStatus(HttpServletResponse.OK);
PrintWriter writer = response.getWriter();
writer.write(targetUrl);
writer.flush();
writer.close();
} catch (IOException e) {
// ignore
logger.error(e.getMessage(), e);
}
}
答案 1 :(得分:0)
听起来像是一个哑剧类型的问题。使用chrome检查检查您的网络流量,并确保您的标头设置正确:
回复标题:
的Content-Type:text / html的;字符集= UTF-8
请求标题:
接受:text / html的
等