我有一个多角色的应用。首先,我登录一个角色。然后在另一个选项卡中,我尝试使用其他角色登录,但故意登录失败,因为我输入了错误的密码。然后,当我转到我登录的其他选项卡时,如果我单击菜单选项,则应用程序将转到登录页面,就像我已经注销一样。
这是我的春季安全配置。
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/j_spring_security_check*","/login*","/adminLogin*", "/superadminLogin*", "/logout*", "/signin/**", "/signup/**",
"/user/registration*", "/registrationConfirm*", "/expiredAccount*", "/registration*",
"/badUser*", "/user/resendRegistrationToken*" ,"/forgetPassword*", "/adminForgetPassword*", "/resetPassword*","/user/resetPassword*", "/updatePassword*",
"/updatePassword*", "/user/updatePassword*", "/user/adminResetPassword*", "/registrationAdminConfirm*",
"/emailError*", "/resources/**","/old/user/registration*","/successRegister*", "/user/setPassword*","/setPassword*", "/accountActivation*",
"/ayuda*", "/avisoLegal*", "/cookies*", "/activeAdminAccount*", "/user/changePassword*", "/changePassword*",
"/restablecerPasswordCode*", "/restablecerPassword*","/proteccionDatos*",
"/comercializadoraLogin*", "/registrationComercializadora*", "/comercializadora/registration*",
"/comercializadora/resetPassword*", "/forgetPasswordComercializadora*", "/accountActivationComercializadora*",
"/comercializadora/changePassword*", "/restablecerPasswordComercializadora*",
"/comercializadora/getComercializadoras*", "/registrationRepConfirm*", "/backOfficeLogin*").permitAll()
.antMatchers("/invalidSession*").anonymous()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/adminLogin.html")
.loginProcessingUrl("/j_spring_security_check")
.defaultSuccessUrl("/adminConsole.html")
.failureUrl("/adminLogin.html?error=true")
.failureHandler(misConsumosAuthenticationFailureHandler)
.successHandler(myAuthenticationSuccessHandler)
.usernameParameter("j_username")
.passwordParameter("j_password")
.permitAll()
.and()
.formLogin()
.loginPage("/superadminLogin.html")
.loginProcessingUrl("/j_spring_security_check")
.defaultSuccessUrl("/admin.html")
.failureUrl("/superadminLogin.html?error=true")
.failureHandler(misConsumosAuthenticationFailureHandler)
.successHandler(myAuthenticationSuccessHandler)
.usernameParameter("j_username")
.passwordParameter("j_password")
.permitAll()
.and()
.formLogin()
.loginPage("/backOfficeLogin.html")
.loginProcessingUrl("/j_spring_security_check")
.defaultSuccessUrl("/backOfficeConsole.html")
.failureUrl("/backOfficeLogin.html?error=true")
.failureHandler(misConsumosAuthenticationFailureHandler)
.successHandler(myAuthenticationSuccessHandler)
.usernameParameter("j_username")
.passwordParameter("j_password")
.permitAll()
.and()
.formLogin()
.loginPage("/comercializadoraLogin.html")
.loginProcessingUrl("/j_spring_security_check")
.defaultSuccessUrl("/comercializadoraCansole.html")
.failureUrl("/comercializadoraLogin.html?error=true")
.failureHandler(misConsumosAuthenticationFailureHandler)
.successHandler(myAuthenticationSuccessHandler)
.usernameParameter("j_username")
.passwordParameter("j_password")
.permitAll()
.and()
.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/j_spring_security_check")
.defaultSuccessUrl("/homepage.html")
.failureUrl("/login.html?error=true")
.failureHandler(misConsumosAuthenticationFailureHandler)
.successHandler(myAuthenticationSuccessHandler)
.usernameParameter("j_username")
.passwordParameter("j_password")
.permitAll()
.and()
.addFilterBefore((Filter) ajaxSessionFilter, SessionManagementFilter.class)
.sessionManagement()
//.invalidSessionUrl("/invalidSession.html")
.invalidSessionUrl("/login.html")
.sessionFixation()//.none()
.changeSessionId()
.and()
.logout()
.invalidateHttpSession(false)
.logoutUrl("/j_spring_security_logout")
.logoutSuccessUrl("/login.html")
.logoutSuccessHandler(misConsumosLogoutHandler)
.deleteCookies("JSESSIONID")
.permitAll();
为什么会这样?有没有办法保持登录到第一个标签?
谢谢,
丹尼尔