我将Spring Security Kerberos添加到我的应用程序中,并且我实现了表单登录,以防用户未登录到域或浏览器不支持SSO。唯一的问题是,成功登录后用户不会被重定向到原始页面,而是重定向到默认的" /"。下面你可以找到我的配置,我想要的是什么?
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.headers().frameOptions().disable()
.and()
.exceptionHandling().accessDeniedPage("/login")
.authenticationEntryPoint(spnegoEntryPoint())
.and()
.authorizeRequests()
.regexMatchers("^\\S*.js|\\S*.css$").permitAll()
.anyRequest().hasAnyAuthority("APP USER")
.and()
.logout()
.permitAll()
.and()
.formLogin().loginPage("login").loginProcessingUrl("/spnego_login").permitAll()
.and()
.rememberMe().rememberMeServices(rememberMeServices()).key(KEY)
.and()
.addFilterBefore(
spnegoAuthenticationProcessingFilter(authenticationManagerBean()),
BasicAuthenticationFilter.class)
.csrf().disable();
}
登录页面
<form class="form-signin" action="/spnego_login" method="post" accept-charset=utf-8>
<h2 class="form-signin-heading">Please Log In Manually</h2>
<label for="inputEmail" class="sr-only">Username</label>
<input type="text" id="inputEmail" class="form-control" placeholder="username" name="username" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="inputPassword" class="form-control" placeholder="Password" name="password" required>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
UPDATE
我尝试使用SavedRequestAwareAuthenticationSuccessHandler
按照建议使用,但事实证明在Cache中找不到以前的URL。因此,成功处理程序始终默认。
答案 0 :(得分:1)
将登录页面URL和登录进程URL设置为相同的URL后,重定向开始正常工作
答案 1 :(得分:-1)
这个配置对我来说非常好
@Configuration
@EnableWebSecurity
@EnableWebMvcSecurity
public class SecurityConfigurations extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select login,password,enabled from users where login=?")
.authoritiesByUsernameQuery(
"select u.login,r.role from roles as r , users as u where u.id=r.user_id and u.login=?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/index").access("hasRole('ROLE_USER')")
.and()
.formLogin().loginProcessingUrl("/j_spring_security_check").loginPage("/login").failureUrl("/login?error")
.usernameParameter("login").passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/login").and()
.csrf();
}
}
jsp表格:
<form method="POST" action="j_spring_security_check" >
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<div class="form-group">
<input type="text" class="form-control material" name="login" autofocus="autofocus">
</div>
<div class="form-group">
<input type="password" class="form-control material" name="password" >
</div>
<button type="submit" class="btn btn-block btn-info text-uppercase waves waves-effect waves-float">Login</button>
</form>