Question

我需要一些帮助...

在application.yml中设置micronaut.security.session.unauthorized-target-url是否意味着micronaut可以自动重定向到目标URL？目前无效。

https://docs.micronaut.io/1.0.0.RC3/guide/index.html#session

micronaut版本

1.0.0.RC3

application.yml

from datetime import datetime
import datetime as dt
import pandas as pd


df1 = pd.DataFrame(columns = ['Enter_Time', 'Unique_Id'])
df1.loc[len(df1)] = [datetime.strptime('2018-10-01 06:29:00','%Y-%m-%d %H:%M:%S'), 'A']
df1.loc[len(df1)] = [datetime.strptime('2018-10-01 06:30:00','%Y-%m-%d %H:%M:%S'), 'B']
df1.loc[len(df1)] = [datetime.strptime('2018-10-01 06:31:00','%Y-%m-%d %H:%M:%S'), 'C']
df1.loc[len(df1)] = [datetime.strptime('2018-10-01 06:32:00','%Y-%m-%d %H:%M:%S'), 'D']
df1.loc[len(df1)] = [datetime.strptime('2018-10-01 06:33:00','%Y-%m-%d %H:%M:%S'), 'E']
df1.loc[len(df1)] = [datetime.strptime('2018-10-01 08:29:00','%Y-%m-%d %H:%M:%S'), 'F']
df1.loc[len(df1)] = [datetime.strptime('2018-10-01 08:30:00','%Y-%m-%d %H:%M:%S'), 'G']
df1.loc[len(df1)] = [datetime.strptime('2018-10-01 08:31:00','%Y-%m-%d %H:%M:%S'), 'H']
df1.loc[len(df1)] = [datetime.strptime('2018-10-01 08:32:00','%Y-%m-%d %H:%M:%S'), 'I']
df1.loc[len(df1)] = [datetime.strptime('2018-10-01 08:33:00','%Y-%m-%d %H:%M:%S'), 'j']


df2 = pd.DataFrame(columns = ['Transaction_Time', 'Amount'])
df2.loc[len(df2)] = [datetime.strptime('2018-10-01 06:40:00','%Y-%m-%d %H:%M:%S'), 10.25]
df2.loc[len(df2)] = [datetime.strptime('2018-10-01 07:40:00','%Y-%m-%d %H:%M:%S'), 3.96]
df2.loc[len(df2)] = [datetime.strptime('2018-10-01 08:31:00','%Y-%m-%d %H:%M:%S'), 9.65]
df2.loc[len(df2)] = [datetime.strptime('2018-10-01 08:32:00','%Y-%m-%d %H:%M:%S'), 2.84]

df3 = pd.DataFrame(columns = ['Transaction_Time', 'Amount', 'Enter_Time', 'Unique_Id'])

for id, row in df2.iterrows():
    Transaction_Time = row['Transaction_Time']
    Transaction_Time_Before = Transaction_Time - dt.timedelta(seconds = 600)
    Result_Row = {
        'Transaction_Time' : row['Transaction_Time'],
        'Amount' : row['Amount'],
        'Enter_Time' : '',
        'Unique_Id' : ''
    }

    dfFiletered = df1[(df1["Enter_Time"] < Transaction_Time) & (df1["Enter_Time"] >= Transaction_Time_Before)].sort_values(by= ['Enter_Time'],ascending=True)
    if len(dfFiletered) > 0:
        firstRow = dfFiletered.iloc[0]
        Result_Row['Enter_Time'] = firstRow['Enter_Time']
        Result_Row['Unique_Id'] = firstRow['Unique_Id']
        df1.drop(df1[df1["Unique_Id"] == firstRow['Unique_Id']].index, inplace=True)
    df3.loc[len(df3)] = Result_Row
print(df3)

Answer 1

您应该配置：

micronaut:
    application:
        name: ws
security:
    enabled: true 
    endpoints:
        login:
            enabled: true 
        logout:
            enabled: true 
    session:
        enabled: true 
        login-success-target-url: '/' 
        login-failure-target-url: '/login/authFailed'
        logout-targetUrl: '/link1'
        unauthorized-target-url: '/link2'
        forbidden-targetUrl: '/link3'

请注意micronaut.security.session.unauthorizedTargetUrl

使用：

micronaut.security.session.unauthorized-target-url

在此bean中使用：

https://github.com/micronaut-projects/micronaut-core/blob/master/security-session/src/main/java/io/micronaut/security/session/SessionSecurityfilterRejectionHandler.java

我刚刚使用Safari进行了检查，看来浏览器可能未发送您需要检查Accept报头的Content Type报头。

This has been fixed for 1.0.1。在此期间，您可以替换

@Singleton
@Replaces(SessionSecurityfilterRejectionHandler.class)
public class CustomSessionSecurityfilterRejectionHandler extends SessionSecurityfilterRejectionHandler {

    public CustomSessionSecurityfilterRejectionHandler(SecuritySessionConfiguration securitySessionConfiguration) {
        super(securitySessionConfiguration);
    }

    @Override
    public Publisher<MutableHttpResponse<?>> reject(HttpRequest<?> request, boolean forbidden) {
        if (request.getHeaders().accept().stream().anyMatch(mediaType -> mediaType.equals(MediaType.TEXT_HTML_TYPE))) {
            try {
                String uri = forbidden ? securitySessionConfiguration.getForbiddenTargetUrl() :
                    securitySessionConfiguration.getUnauthorizedTargetUrl();
                if (uri == null) {
                    uri = "/";
                }
                URI location = new URI(uri);
                return Publishers.just(HttpResponse.seeOther(location));
            } catch (URISyntaxException e) {
                return Publishers.just(HttpResponse.serverError());
            }
        }
        return Publishers.just(HttpResponse.status(forbidden ? HttpStatus.FORBIDDEN : HttpStatus.UNAUTHORIZED));
    }    
}

Micronaut：安全性/会话/身份验证

micronaut版本

application.yml

1 个答案: