Spring mvc在重定向后维护会话

时间:2016-11-26 19:04:47

标签: spring facebook spring-mvc session oauth

我正在实施facebook登录流程,我需要在重定向之前保存状态,并在重定向回应用程序以进行验证后将其检索。我试过这样的话:

 @RequestMapping
    public void redirectToFacebook(HttpSession session, HttpServletResponse response) throws IOException {
        String state = UUID.randomUUID().toString();
        session.setAttribute("facebook_state", state);

        UriComponentsBuilder uriBuilder = UriComponentsBuilder
                .fromUriString(providerLoginEndpoint)
                .queryParam("redirect_uri", redirectUrl)
                .queryParam("client_id", clientId)
                .queryParam("scope", "public_profile")
                .queryParam("state", state)
                .queryParam("response_type", "code");

        response.sendRedirect(uriBuilder.toUriString());
    }

    @RequestMapping("/redirect")
    public String authorize(Model model, HttpSession session,
                            @RequestParam("code") final String code,
                            final @RequestParam("state") String state) {
        String originalState = (String) session.getAttribute("facebook_state");
        //...
    }

Hovever originalState为空,并且会话ID在callack之后是不同的。有没有办法在从第三方主机重定向之前和之后维护会话状态?

1 个答案:

答案 0 :(得分:0)

必须将此添加到WebSecurityConfig 

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.sessionManagement()
            .maximumSessions(1)
            .and()
            .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
            .sessionFixation().none();
    //..
相关问题
最新问题