目前我正在使用Spring Boot 1.4.0版本进行持续开发,使用spring security进行身份验证。要求是用户首次登录时需要重定向到密码重置页面,否则应重定向到主页。应用程序始终重定向home.jsp,而不管成功处理程序中配置的url是什么。
以下是我的配置,我在这里遗漏了什么
WebSecurityConfiguration
http.authorizeRequests()
.antMatchers("/resources/**","/rest/**","/log*")
.permitAll()
.antMatchers("/admin**").hasAuthority("admin")
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.successHandler(authHandler)
.failureHandler(authFailureHandler)
.usernameParameter("username").passwordParameter("password")
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.logoutSuccessUrl("/login?logout")
.permitAll()
.and()
.csrf().disable();
public class AuthSuccessHandler扩展SimpleUrlAuthenticationSuccessHandler {
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
HttpSession session = request.getSession(false);
String isFirstTimePwd = String.valueOf(session.getAttribute("IsFirstTimeLogIn"));
if (isFirstTimePwd.equalsIgnoreCase("true"))
{
redirectStrategy.sendRedirect(request,response,"/firstTime");
}
else
{
redirectStrategy.sendRedirect(request, response, "/home");
}
}
}
@RequestMapping(value = "/firstTime", method = RequestMethod.GET)
public String displayFirstTimeLoginPage(HttpServletRequest request,HttpServletResponse response) {
return "firstTime";
}
@RequestMapping(value = "/home", method = RequestMethod.GET)
public ModelAndView homePage(HttpServletRequest request,HttpServletResponse response) {
HttpSession session = request.getSession();
User user =(User) session.getAttribute("User");
return new ModelAndView("home", "loggedInUser", user);
}
我还尝试通过覆盖onAuthenticationsuccess()来实现authenticationsuccesshandler,但仍然重定向home.jsp而不是密码重置页面。
答案 0 :(得分:0)
你最好去homePage并测试它是否是第一个时间
@RequestMapping(value = "/home", method = RequestMethod.GET)
public ModelAndView homePage(HttpServletRequest request,HttpServletResponse response) {
if (isFirstTimePwd.equalsIgnoreCase("true"))
{
redirectStrategy.sendRedirect(request,response,"/firstTime");
}
HttpSession session = request.getSession();
User user =(User) session.getAttribute("User");
return new ModelAndView("home", "loggedInUser", user);
}
Edit1:
@RequestMapping(value = "/home", method = RequestMethod.GET)
public ModelAndView homePage(HttpServletRequest request,HttpServletResponse response) {
HttpSession session = request.getSession();
User user =(User) session.getAttribute("User");
if (isFirstTimePwd.equalsIgnoreCase("true"))
{
return new ModelAndView("firstTime", "loggedInUser", user);
}
return new ModelAndView("home", "loggedInUser", user);
}