我使用的是Spring 3.1版本。
我已经实现了spring security以登录我的门户网站。除了一个问题,它工作正常。我已将会话超时设置为2分钟。
一旦超时成功,然后用户点击任何URL,它就会被重定向到注销页面。但是当用户重新验证时,用户直接登陆主页,这是默认目标URL而不是最后一个访问页面。
如果用户被访问-Xmx,那么在超时&当他再次进行重新认证时,他应该被访问/home/editproduct而不是仅仅/主页。
这是我的applicationcontext.xml文件:
home/editproduct答案 0 :(得分:0)
您可以使用SavedRequestAwareAuthenticationSuccessHandler代替SimpleUrlAuthenticationSuccessHandler。
ExceptionTranslationFilter会在重定向到入口点之前将请求保存到RequestCache,SavedRequestAwareAuthenticationSuccessHandler会尝试获取请求目标网址,然后重定向到已保存的网址。
<bean id="adminSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler" />
答案 1 :(得分:0)
我这样做了,对我来说似乎没问题
public class AdminUrlAutenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler/*SimpleUrlAuthenticationSuccessHandler*/ {
//private String defaultFailureUrl;
private RequestCache requestCache = new HttpSessionRequestCache();
public RequestCache getRequestCache() {
return requestCache;
}
public void setRequestCache(RequestCache requestCache) {
this.requestCache = requestCache;
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws ServletException, IOException {
SavedRequest savedRequest = requestCache.getRequest(request, response);
if (savedRequest == null) {
HttpSession session = request.getSession();
if (session != null) {
String redirectUrl = (String) session.getAttribute("url_prior_login");
if (redirectUrl != null) {
session.removeAttribute("url_prior_login");
getRedirectStrategy().sendRedirect(request, response, redirectUrl);
} else {
super.onAuthenticationSuccess(request, response, authentication);
}
} else {
super.onAuthenticationSuccess(request, response, authentication);
}
return;
}
String targetUrlParameter = getTargetUrlParameter();
if (isAlwaysUseDefaultTargetUrl()
|| (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
requestCache.removeRequest(request, response);
super.onAuthenticationSuccess(request, response, authentication);
return;
}
clearAuthenticationAttributes(request);
// Use the DefaultSavedRequest URL
String targetUrl = savedRequest.getRedirectUrl();
logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl);
getRedirectStrategy().sendRedirect(request, response, targetUrl);
}
}
Application-context.xml文件
<bean id="myNeAdminUserNamePasswordAuthFilter"
class="com.ne.mynelson.authentication.adminuser.MyNeAdminUserPasswordAuthFilter">
<property name="authenticationManager" ref="myNeAdminUserAuthManager" />
<property name="authenticationFailureHandler" ref="adminFailureHandler" />
<property name="authenticationSuccessHandler" ref="adminSuccessHandler" />
<property name="authenticationInputProcessor" ref="myNeAdminUserAuthInputProcessor"></property>
</bean>
<bean id="adminSuccessHandler"
class="com.ne.mynelson.authentication.adminuser.AdminUrlAutenticationSuccessHandler">
<property name="defaultTargetUrl" value="/bookShelfController.htm" />
<property name="targetUrlParameter" value="spring-security-redirect"/>
<property name="useReferer" value="false"/>
</bean>
<bean id="adminFailureHandler" class="com.ne.mynelson.authentication.adminuser.AdminUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/adminlogin.htm"></property>
</bean>
有任何建议如何以不同的方式做到这一点。