重定向到无状态会话的原始URL

时间:2017-07-19 04:03:12

标签: spring-security

我正在尝试创建无状态安全性,其中JWT令牌存储在Cookie而不是SESSION中。

问题是没有会话,SavedRequestAwareAuthenticationSuccessHandler不知道原始请求(在弹出身份验证页面之前)。因此,在行77 here,savedRequest为null。

这看起来很奇怪,我想我做错了什么。如何在登录无状态会话后允许页面重定向到请求的原始URL?

  1. 我禁用了会话

        @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

       ....formLogin().loginPage("/login").permitAll().successHandler(authenticationSuccessHandler)

    }

  2. 然后我创建一个自定义AuthenticationSuccessHandler,它扩展了SavedRequestAwareAuthenticationSuccessHandler。我将此注册为successHandler(上图)。

     @Component
 public class JwtCookieAuthenticationSuccessHandler extends 
          SavedRequestAwareAuthenticationSuccessHandler {
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {

        Cookie cookie = ... CREATE A COOKIE WITH A JWT

        response.addCookie(cookie);

        super.onAuthenticationSuccess(request, response, authentication);
    }

}

    3. 编辑: 这是我的依赖:

    <dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-dependencies</artifactId>
        <version>1.5.2.RELEASE</version>
        <type>pom</type>
        <scope>import</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.security.oauth</groupId>
        <artifactId>spring-security-oauth2</artifactId>
    </dependency>
</dependencies>

1 个答案:

答案 0 :(得分:0)

在您的配置中,添加:

function destra(y){
  var r = confirm("Vuoi conoscere la src dell'immagine");

  if(r == true) {
    alert(y.src);
  } else {
  }
}

完整示例:

.requestCache().requestCache(new CookieRequestCache())
相关问题
最新问题