Spring Redirect Url:会话过期时,SavedRequest为null

时间:2013-11-26 12:02:14

标签: spring spring-mvc spring-security

我正在登录控制器中访问SavedRequest以在登录表单中设置重定向网址。当会话到期时(或者在服务器启动后首次登录),savedRequest为空。

如果我在新的浏览器会话中访问网址,则可以使用已保存的请求。

我可以通过登录控制器一直访问重定向网址吗?

NB。我使用spring 3.2.3 ...从我所知道的saveRequest不再是来自会话的accessbile。

的login.jsp 

<form   action="${actionUrl}" method='POST' autocomplete='off'>
    <span class="box-label">Username:</span>
    <input type="text" name="j_username" data-dojo-type="dijit/form/TextBox" data-dojo-props="style:{width:'150px'}">

<span class="box-label">Password:</span>
<input type="password" name="j_password" data-dojo-type="dijit/form/TextBox" data-dojo-props="style:{width:'150px'}">
<input type="submit" data-dojo-type="dijit/form/Button" data-dojo-props="label:'Login'"/>
<input type="hidden" name="redirect" value="${redirect}">   

</form>

登录控制器: 

@Controller
public class LoginController {

@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(final HttpSession session, final Model model, final HttpServletRequest request,
    final HttpServletResponse response) {
    addRedirectUrlToModel(model, request, response);
    return "login";

}
private void addRedirectUrlToModel(final Model model, final HttpServletRequest request, final HttpServletResponse response) {
    SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
    if (savedRequest != null) {
        model.addAttribute("redirect", savedRequest.getRedirectUrl());
    } else {
        System.out.println("saved request is null");
    }
}

安全配置: 

<sec:http auto-config="true" use-expressions="true">

    <sec:form-login login-page="/login"
        authentication-success-handler-ref="authSuccHandler"
        authentication-failure-handler-ref="authFailHandler" />
    <sec:logout delete-cookies="JSESSIONID" invalidate-session="true" />

    <sec:access-denied-handler error-page="/error/not-authorised"/>

    <sec:session-management session-fixation-protection="none"
                            invalid-session-url="/login/sessionExpired"
                            session-authentication-error-url="/login/alreadyLoggedIn"
                            >
        <sec:concurrency-control    max-sessions="1"
                                    expired-url="/login/sessionExpiredDuplicateLogin"
                                    error-if-maximum-exceeded="false"/>
    </sec:session-management>

1 个答案:

答案 0 :(得分:0)

当您尝试获取 expire savedrequestsession 时,它将变为 null。您可以通过创建一个新的 DefaultSavedRequest 来解决此问题。创建 DefaultSavedRequest 后,您可以设置HttpServletRequest.getSession() 中,并在会话期间在不同请求中移动它。

private void addRedirectUrlToModel(final Model model, final HttpServletRequest request, final HttpServletResponse response) {

        SavedRequest savedRequest = new DefaultSavedRequest(request, new PortResolverImpl());

        request.getSession().setAttribute("SPRING_SECURITY_SAVED_REQUEST", savedRequest);
        
        if (savedRequest != null) {
            model.addAttribute("redirect", savedRequest.getRedirectUrl());
        } else {
            System.out.println("saved request is null");
        }
}
相关问题
最新问题