我需要在登录用户的会话到期时重定向到登录页面。 但是,该功能也可以作为匿名用户访问(即用户未登录)。
每个人都可以访问“搜索地址”功能,这意味着登录的用户和匿名用户(用户未登录)....
所以要求就是这样,当用户登录并执行搜索时,如果会话已经过期,它应该重定向,但是如果我们不登录(即匿名),只要明确相同的搜索应该有效。
匿名用户在技术上已登录,因此他们也创建了会话,但他们不会手动键入用户名/密码登录而不是登录用户
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http security="none"
pattern="^/(login\.jsp|customSkin|openlayers|images|js)[/\?].*$"
request-matcher="regex"/>
<security:http entry-point-ref="http403ForbiddenEntryPoint">
<security:anonymous enabled="true" granted-authority="ROLE_GENERIC" />
<security:custom-filter position="FORM_LOGIN_FILTER" ref="formLoginFilter"/>
<security:custom-filter position="PRE_AUTH_FILTER" ref="PreAuthenticationFilter"/>
<!-- <security:logout logout-success-url="/loginUI.jsp" /> -->
<security:logout logout-url="/logout" success-handler-ref="LogoutSuccessHandler" />
<security:session-management session-authentication-strategy-ref="sessionAuthenticationStrategy"/>
<!-- SMES Interceptors -->
<security:intercept-url pattern="/Mark**" access="ROLE_ABC_OSGV" />
<security:intercept-url pattern="/abc/admin/**" access="ROLE_ABC_OSGV" />
<security:intercept-url pattern="/abc/edit/**" access="ROLE_ABC_OSGV,ROLE_ABC_REGISTERED_USER" />
<security:intercept-url pattern="/abclookup/**" access="ROLE_ABC_OSGV,ROLE_ABC_REGISTERED_USER,ROLE_GENERIC,ROLE_ADMIN,ROLE_EDIT,ROLE_ABC_ADMIN,ROLE_ABC_HCA" />
<security:intercept-url pattern="/general/**" access=
"ROLE_ABC,
ROLE_GENERIC,
ROLE_ADMIN,
ROLE_ABC_EXPORT,
ROLE_EDIT,
ROLE_ABC,
ROLE_ABC_TPC,
ROLE_ABC_VMT,
ROLE_ABC_S,
ROLE_ABC_DATA_GENERIC,
ROLE_ABC_DATA_ADMIN,
ROLE_ABC_OSGV,
ROLE_ABC_REGISTERED_USER,
ROLE_ABC_ADMIN,
ROLE_ABC_HCA,
ROLE_ABC_NAMES" />
<!-- SMES Interceptors -->
<security:intercept-url pattern="/vicnames/edit/**" access="ROLE_ABC_ADMIN,ROLE_ABC_HCA" />
<security:intercept-url pattern="/vicnames/admin/**" access="ROLE_ABC_ADMIN" />
<!-- LASSI Interceptors -->
<security:intercept-url pattern="/edit/**" access="ROLE_ADMIN,ROLE_EDIT" />
<security:intercept-url pattern="/broadcast/save**" access="ROLE_EDIT" />
<security:intercept-url pattern="/edmbooking/admin/**" access="ROLE_ABC_BOOKING_ADMIN" />
<security:intercept-url pattern="/adminUdateLogicaLabels**" access="ROLE_ADMIN,ROLE_EDIT" />
<security:intercept-url pattern="/**" access=
"ROLE_DQA,
ROLE_GENERIC,
ROLE_ADMIN,
ROLE_DQA_EXPORT,
ROLE_EDIT,
ROLE_APS,
ROLE_ABC_TPC,
ROLE_ABC_VMT,
ROLE_ABC_TEST,
ROLE_ABC_DATA_GENERIC,
ROLE_ABC_DATA_ADMIN,
ROLE_ABC_OSGV,
ROLE_ABC_REGISTERED_USER,
ROLE_ABC_ADMIN,
ROLE_ABC_HCA,
ROLE_ABC_NAMES" />
<security:access-denied-handler ref="accessDeniedHandler"/>
</security:http>
<bean id="LogoutSuccessHandler"
class="LogoutHandlerImpl">
</bean>
<bean id="http403ForbiddenEntryPoint"
class="CustomHttp403ForbiddenEntryPoint">
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="preAuthenticationProvider" />
<security:authentication-provider ref="myProfileAuthenticationProvider" />
</security:authentication-manager>
<bean id="preAuthenticationFilter" class="PreAuthenticatedProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<bean id="formLoginFilter" class="UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref = "authenticationSuccessHandler"/>
<property name="authenticationFailureHandler" ref = "authenticationFailureHandler" />
</bean>
<bean id="authenticationSuccessHandler"
class="AuthenticationSuccessHandlerImpl">
<!--<property name="defaultTargetUrl" value="/login.jsp"/>-->
<property name="alwaysUseDefaultTargetUrl" value="true" />
</bean>
<bean id="authenticationFailureHandler"
class="AuthenticationFailureHandler">
<!-- <property name="defaultFailureUrl" value="/sessionTimeout.jsp?login_error=true"/> -->
<property name="defaultFailureUrl" value="/login.jsp?login_error=true"/>
</bean>
<bean id="preAuthenticationProvider"
class="PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService" ref="lpreAuthenticatedUserDetailsService"/>
</bean>
<bean id="lpreAuthenticatedUserDetailsService" class="somepreauthenticateduserdetailsservice"/>
<bean id="myProfileAuthenticationProvider"
class="com.test.AuthenticationProvider">
<property name="serviceInvoker" ref="authenticationServiceInvoker" />
<property name="roleMapping">
<map>
<entry key="ABC_DQA" value="ROLE_DQA" />
<entry key="ABC_APS" value="ROLE_APS" />
<entry key="ABC_EDIT" value="ROLE_EDIT" />
<entry key="ABC_ADMINISTRATOR" value="ROLE_ADMIN" />
<entry key="ABC_GENERIC" value="ROLE_GENERIC" />
<entry key="ABC_DQA_EXPORT" value="ROLE_DQA_EXPORT" />
<entry key="ABC_FOH" value="ROLE_ABC_FOH" />
<entry key="ABC_TPC" value="ROLE_ABC_TPC" />
<entry key="ABC_VMT" value="ROLE_ABC_VMT" />
<entry key="ABC_SPEAR" value="ROLE_ABC_TEST" />
<entry key="ABC_LANDATA_GENERIC" value="ROLE_ABC_DATA_GENERIC" />
<entry key="ABC_LANDATA_ADMIN" value="ROLE_ABC_DATA_ADMIN" />
<entry key="ABC_OSGV" value="ROLE_ABC_OSGV" />
<entry key="ABC_Registered_Users" value="ROLE_ABC_REGISTERED_USER" />
<entry key="ABC_ADMINISTRATOR_ROLE" value="ROLE_ABC_ADMIN" />
<entry key="ABC_HISTORIAN_ROLE" value="ROLE_ABC_HCA" />
<entry key="ABC_PUBLIC_ROLE" value="ROLE_ABC_NAMES" />
<entry key="ABC_BOOKING_ADMIN" value="ROLE_EDM_BOOKING_ADMIN" />
</map>
</property>
</bean>
<bean id="accessDeniedHandler"
class="someaccessdeniedhandler">
<property name="errorPage" value="/login.jsp?access_denied=true"/>
</bean>
<bean id="authenticationServiceInvoker"
class="com.test.AuthenticationServiceInvoker" />
<bean id="sessionAuthenticationStrategy" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry" ref="sessionRegistry"/>
<property name="maximumSessions" value="1"/>
</bean>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
</beans>
public class CustomHttp403ForbiddenEntryPoint implements AuthenticationEntryPoint {
private static final Log logger = LogFactory.getLog(Http403ForbiddenEntryPoint.class);
/**
* Always returns a 403 error code to the client.
*/
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException arg2) throws IOException,
ServletException {
if (logger.isDebugEnabled()) {
logger.debug("Pre-authenticated entry point called. Rejecting access");
}
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (request.getUserPrincipal() == null && request.getContentType() != null && request.getContentType().toLowerCase().indexOf("multipart/form-data") > -1 ) {
returnJSSCript(request, response, "{\"sessionTimeout\":\"true\"}");
}
else {
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
}
}
private void returnJSSCript(HttpServletRequest req, HttpServletResponse response, String msg){
response.setContentType("text/html");
try {
String eventName = "sessionTimeout";
PrintWriter out = response.getWriter();
out.println("<script type=\"text/javascript\">");
out.println("parent.fireEvent('" + eventName + "','" + msg + "');");
out.println("</script>");
}
catch (IOException e) {
e.printStackTrace();
}
}
}
您是否可以让我知道在用户会话过期时我们如何重定向到登录页面,而不会破坏允许匿名用户仍在Spring Security中执行搜索的搜索功能。
干杯, Tech XX
答案 0 :(得分:0)
只需将搜索网址设为匿名,然后将其转发给其他http configuration,这样就不会在/**链(<security:http entry-point-ref="http403ForbiddenEntryPoint">)中进行过滤。< / p>
<security:http pattern="/general/search.json" security="none"/>