请求转到spring security中的默认url而不是请求的url

Question

我在我的应用程序中使用spring security，我有另一个应用程序，我在其中调用除登录URL之外的URL class User extends \yii\db\ActiveRecord implements \yii\web\IdentityInterface { /** * API safe fields */ public function fields() { return [ 'id', 'email_address' => 'email', 'first_name', 'last_name', 'full_name' => function($model) { return $model->getFullName(); }, 'updated_at', 'created_at' ]; } ，但请求将转到 {{ 1}} 而不是/ validatepassword。下面是我的spring security xml。

(@RequestMapping(value = "/public/validatepassword", method = RequestMethod.POST))

以下是我调用/ validate url

的其他应用程序的jsp

@RequestMapping(value = "/public/login", method = RequestMethod.GET)

如果我删除 <security:http auto-config="true" use-expressions="true" disable-url-rewriting="true"> <security:access-denied-handler error-page="/403"/> <security:intercept-url pattern="/favicon.ico" access="permitAll" /> <security:intercept-url pattern="/index.jsp" access="permitAll" /> <security:intercept-url pattern="/public/login/**" access="permitAll" /> <security:intercept-url pattern="/public/**" access="permitAll" /> <security:intercept-url pattern="/resources/**" access="permitAll" /> <security:intercept-url pattern="/auth/**" access="fullyAuthenticated" /> <security:intercept-url pattern="/**" access="denyAll" /> <security:form-login login-page="/public/login" default-target-url="/auth/userhome" authentication-failure-url="/public/fail2login?auth=fail" always-use-default-target="true" /> <security:logout logout-success-url="/logout" /> <security:session-management invalid-session-url="/public/login" session-fixation-protection="migrateSession"> <security:concurrency-control max-sessions="1" expired-url="/public/login" /> </security:session-management> </security:http> 部分，然后请求将进入/ validatepassword请求映射，但我想要会话固定，只有一个用户登录。

你能帮帮我吗？

下面是我的控制器。

<script type="text/javascript">

     $(document).ready(function() {
         var sessionId = '<%=sessionId%>';
        var userId = '<%=user.getUserId()%>';
                        $
                                .ajax({
                                    type : "POST",
                                    url : 'http://localhost:8080/<context>/public/validatepassword',
                                    data : {
                                        username : userId,
                                        password : sessionId,
                                        requestFrom : "requestFromOtherSource"
                                    },
                                    success : function(response) {
                                        if(response != "error"){
                                        $("#finIframe")
                                                .attr("src",
                                                        "http://localhost:8080/<contexty>/public/loginRedirector");
                                        }else{
                                            alert("Error");
                                        }
                                    },
                                    error : function(e) {
                                        alert('Error: ' + e);
                                        console.log(e)
                                    }
                                });

                    });
</script>

和loginredirector.jsp

<security:session-management>