Spring boot安全始终重定向到home.jsp

时间:2017-05-01 20:31:32

标签: spring spring-mvc spring-boot spring-security

目前我正在使用Spring Boot 1.4.0版本进行持续开发,使用spring security进行身份验证。要求是用户首次登录时需要重定向到密码重置页面,否则应重定向到主页。应用程序始终重定向home.jsp,而不管成功处理程序中配置的url是什么。

以下是我的配置,我在这里遗漏了什么

WebSecurityConfiguration

          http.authorizeRequests()
         .antMatchers("/resources/**","/rest/**","/log*")
         .permitAll()
         .antMatchers("/admin**").hasAuthority("admin") 
         .anyRequest()
         .authenticated()
         .and()
         .formLogin()
         .loginPage("/login")
         .successHandler(authHandler)
         .failureHandler(authFailureHandler)
         .usernameParameter("username").passwordParameter("password")
         .permitAll()
         .and()
         .logout()
         .invalidateHttpSession(true)
         .logoutSuccessUrl("/login?logout")
         .permitAll()
         .and()
         .csrf().disable(); 

public class AuthSuccessHandler扩展SimpleUrlAuthenticationSuccessHandler {

private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
    HttpSession session = request.getSession(false);
    String isFirstTimePwd = String.valueOf(session.getAttribute("IsFirstTimeLogIn"));
    if (isFirstTimePwd.equalsIgnoreCase("true"))
    {
        redirectStrategy.sendRedirect(request,response,"/firstTime");
    }
    else
    {
        redirectStrategy.sendRedirect(request, response, "/home");
    }
}

}

@RequestMapping(value = "/firstTime", method = RequestMethod.GET)
public String displayFirstTimeLoginPage(HttpServletRequest request,HttpServletResponse response) {
    return "firstTime";
}

@RequestMapping(value = "/home", method = RequestMethod.GET)
public ModelAndView homePage(HttpServletRequest request,HttpServletResponse response) {
    HttpSession  session = request.getSession();
    User user =(User)  session.getAttribute("User");
    return new ModelAndView("home", "loggedInUser", user);
}

我还尝试通过覆盖onAuthenticationsuccess()来实现authenticationsuccesshandler,但仍然重定向home.jsp而不是密码重置页面。

1 个答案:

答案 0 :(得分:0)

你最好去homePage并测试它是否是第一个时间

@RequestMapping(value = "/home", method = RequestMethod.GET)
    public ModelAndView homePage(HttpServletRequest request,HttpServletResponse response) {

    if (isFirstTimePwd.equalsIgnoreCase("true"))
        {
            redirectStrategy.sendRedirect(request,response,"/firstTime");
        }

        HttpSession  session = request.getSession();
        User user =(User)  session.getAttribute("User");
        return new ModelAndView("home", "loggedInUser", user);
    }

Edit1:

@RequestMapping(value = "/home", method = RequestMethod.GET)
        public ModelAndView homePage(HttpServletRequest request,HttpServletResponse response) {

         HttpSession  session = request.getSession();
            User user =(User)  session.getAttribute("User");
        if (isFirstTimePwd.equalsIgnoreCase("true"))
            {
                 return new ModelAndView("firstTime", "loggedInUser", user);
            }

            return new ModelAndView("home", "loggedInUser", user);
        }