我正在使用Spring Security 3.2和Hibernate 4.目前我有一个自定义登录,其工作原理如下。 URL "/"(root)是一个欢迎jsp请求,它要求参数根据相同的参数显示不同的登录名。例如,如果用户输入了URL "/parameter1"(手动操作),则此变量向我显示由驱动程序生成的个性化登录,该驱动程序从那里捕获RequestMapping(value =“/ {parameter}”,所有URL都将具有该参数,我遇到的问题是,当用户希望离开或会话过期时,spring会向我发送网址"/",但我需要它向我发送/parameter1,以便捕获参数"parameter1"以便它让我进入自定义登录。这样我就不必手动重新输入参数了。我的安全设置如下:
<custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
<!-- <form-login login-page="/loginUser" login-processing-url="/testUser/j_spring_security_check"
authentication-failure-url="/loginError" default-target-url="/testUser"
username-parameter="j_username" password-parameter="j_password" /> -->
<logout invalidate-session="true" delete-cookies="JSESSIONID" logout-success-url="/loginUser" logout-url="/testUser/j_spring_security_logout"/>
<session-management invalid-session-url="/" session-fixation-protection="migrateSession" >
<concurrency-control max-sessions="2" expired-url="/" error-if-maximum-exceeded="false"/>
</session-management>
<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/loginUser" />
</beans:bean>
<beans:bean id="myFilter" class="net.universia.test.autenticacionService.LoginAuthenticationFilter">
<beans:property name="authenticationManager" ref='UserauthenticationManager'/>
<beans:property name="authenticationFailureHandler" ref="failureHandler"/>
<beans:property name="authenticationSuccessHandler" ref="successHandler"/>
<beans:property name="filterProcessesUrl" value="/testUser/j_spring_security_check"/>
</beans:bean>
<beans:bean id = "exceptionTranslationFilter" class = "org.springframework.security.web.access.ExceptionTranslationFilter" >
<beans:property name = "authenticationEntryPoint" ref = "loginUrlAuthenticationEntryPoint" />
<beans:property name = "accessDeniedHandler" ref = "accessDeniedHandler" />
</beans:bean>
<beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/testUser"/>
</beans:bean>
<beans:bean id = "accessDeniedHandler" class = "org.springframework.security.web.access.AccessDeniedHandlerImpl" >
<beans:property name = "errorPage" value = "/403" />
</beans:bean>
显示登录表单的驱动程序是:
@RequestMapping(value ="/{testRef}", method = {RequestMethod.POST,RequestMethod.GET})
public @ResponseBody ModelAndView loginTestRef(@PathVariable("testRef") String testRef,HttpSession session, HttpServletRequest request) {
session.setAttribute("ssidreffh", testRef);
TestDatos test = testService.showTestUserByRef(testRef);
request.getSession().setAttribute("test", test);
ModelAndView mav = new ModelAndView("/loginUser");
mav.addObject("test", test);
return mav;
}
如果用户在url / dominio / parametro1 / paginaPerfil中或者你的会话结束,那么spring会将我重定向到url“/ myApp / parameter1” 因此将在登录中而不是根“/".
答案 0 :(得分:-1)
我终于可以解决我的问题。我实现了一个自定义过滤器,用于注销SimpleUrlLogoutSuccessHandler,我可以捕获以前的URL,并从中返回带有重定向(/parameter1)的参数。这是我的代码:
public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String testRef = null;
if (authentication != null) {
String refererUrl = request.getHeader("Referer");
System.out.println("variables: " +refererUrl);
String[] parts = refererUrl.split("/");
testRef = parts[5];
}
setDefaultTargetUrl("/"+testRef);
super.onLogoutSuccess(request, response, authentication);
}
}