我有一个带有基于表单的身份验证和基于Angular的客户端的jboss Web应用程序。 情形:
j_security_check应该在成功登录后返回请求的URL。但它忽略#suffix?
的login.jsp
<form id="loginForm" method="post" action="/my-app/j_security_check">
<input id="usernameInput" name="j_username" type="hidden" />
<input id="password" name="j_password" type="password" required="">
<button type="submit">
Sign In
</button>
</form>
的web.xml
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>OpTierUI Application </display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>CSS</web-resource-name>
<url-pattern>/styles/*</url-pattern>
<url-pattern>/fonts/*</url-pattern>
<url-pattern>/assets/images/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<description>These pages are only accessible by authorized administrators.</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp?error=error</form-error-page>
</form-login-config>
</login-config>
<error-page>
<error-code>403</error-code>
<location>/login.jsp?unauthorized=unauthorized</location>
</error-page>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
答案 0 :(得分:1)
浏览器不会向服务器发送#hash密钥或其他任何内容。 #hash密钥只能被浏览器识别。