我想在Spring Security中成功注册后进行自动登录。 当我尝试以下代码时,Spring Security会将用户转发到登录页面。
@RequestMapping(value = "/registration", method = RequestMethod.POST)
public String registration(@ModelAttribute("user") User user, BindingResult bindingResult, Model model) {
userValidator.validate(user, bindingResult);
if (bindingResult.hasErrors()) {
return "registration";
}
userService.createRegistration(user);
securityService.autologin(user.getUsername(), user.getPassword());
return "redirect:/dashboard";
}
public void autologin(String username, String password) {
logger.debug("starting autologin process");
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
authenticationManager.authenticate(usernamePasswordAuthenticationToken);
if (usernamePasswordAuthenticationToken.isAuthenticated()) {
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
logger.debug(String.format("Auto login %s successfully!", username));
}
else {
logger.debug(String.format("Auto login %s failed!", username));
}
}
成功注册后,下面的记录器执行良好,但是Spring Security不会将用户重定向到dashborad,而是将用户转发到登录页面。
logger.debug(String.format("Auto login %s successfully!", username));
这是我的spring安全配置:
<security:http auto-config="true" use-expressions="true">
<security:http-basic/>
<security:csrf disabled="true" />
<security:session-management invalid-session-url="/login.htm" />
<security:intercept-url pattern="/dashboard*" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER','ROLE_USER')" />
<security:intercept-url pattern="/registration*" access="permitAll" />
<security:remember-me remember-me-cookie="rvm-track-rm" remember-me-parameter="remember-me" token-repository-ref="tokenRepository"
token-validity-seconds="864000" key="rvm-track-web-html" user-service-ref="userDetailsServiceImpl"/>
<security:custom-filter ref="requestContextFilter" before="FORM_LOGIN_FILTER"/>
<security:form-login login-page="/login.htm" login-processing-url="/j_spring_security_check" authentication-failure-url="/login.htm?error=1" default-target-url="/dashboard" />
<security:logout logout-url="/logout.htm" logout-success-url="/login.htm" />
</security:http>