我是第一次使用Java和Spring MVC实现Web应用程序。我还为它实现了登录功能。但是,我正面临一个问题。
问题:成功登录后,我的削减重定向到目标页面,但如果我在浏览器中键入登录页面,则会在会话处于活动状态时再次显示登录页面。
理想情况下,它应该转到默认目标页面。 Bellow是我的XML设置文件。感谢您提前提供任何帮助。
XML配置:
<http pattern="/resources/**" security="none" />
<http pattern="/admin/login" security="none" />
<http pattern="/admin/login/failed" security="none" />
<http pattern="/admin/login/invalidsession" security="none" />
<http auto-config="true" use-expressions="false">
<intercept-url pattern="/admin/**" access="ROLE_USER" />
<form-login login-page="/admin/login" default-target-url="/admin/student" authentication-failure-url="/admin/login/failed" />
<logout logout-success-url="/admin/login" delete-cookies="JSESSIONID" />
<session-management session-fixation-protection="newSession" invalid-session-url="/admin/login/invalidsession">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="roul" password="roul" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
解答:
在得到jgr和Paul的建议之后我终于完成了。在这里,我不得不修改我的XML配置,因为我将登录页面设置为安全“无”。因此,在使用以下代码获取该页面的身份验证类型时:
身份验证auth = SecurityContextHolder.getContext()。getAuthentication();
然后我变得空了。所以为了避免它,我不得不改变XML设置,如下所示。
更新了XML配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<security:global-method-security secured-annotations="enabled" />
<security:http auto-config="true">
<!-- Restrict URLs based on role -->
<security:intercept-url pattern="/admin/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/admin/login/failed" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/admin/login/invalidsession" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/admin/**" access="ROLE_USER" />
<!-- Override default login and logout pages -->
<security:form-login login-page="/admin/login"
default-target-url="/admin/student"
authentication-failure-url="/admin/login/failed" />
<security:logout logout-success-url="/admin/login" delete-cookies="JSESSIONID" />
<security:session-management session-fixation-protection="newSession" invalid-session-url="/admin/login/invalidsession">
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</security:session-management>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="roul" password="roul" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
注意:我提到了以下网址:http://www.springbyexample.org/examples/simple-spring-security-webapp-spring-config.html
答案 0 :(得分:2)
只需在“/ admin / login”控制器中添加一些代码,然后检查用户是否已登录。
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!(auth instanceof AnonymousAuthenticationToken))
{
return "redirect:/admin/student";
}
答案 1 :(得分:0)
您可以使用authenticationsuccesshandler =
来完成此操作这篇文章解释了How to redirect to the homepage if the user accesses the login page after being logged in?
<beans:bean id="authenticationSuccessHandler"
class="com.example.spring.security.MyAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" ref="defaultTargetUrl" />
答案 2 :(得分:0)
使用spring security http config在您的应用中配置记住我 http://docs.spring.io/spring-security/site/docs/3.2.6.RELEASE/reference/htmlsingle/#remember-me
<http>
...
<remember-me key="myAppKey"/>
</http>