我需要设置always-use-default-target =" true"在我的春季启动应用程序中SavedRequestAwareAuthenticationSuccessHandler。我怎样才能做到这一点?我试过了:
@Bean
SavedRequestAwareAuthenticationSuccessHandler handler() {
SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
handler.setAlwaysUseDefaultTargetUrl(true);
return handler;
}
但没有成功。好像完全不同的bean正在被使用
我的安全配置:
@EnableOAuth2Sso
@Configuration
@Order(2)
public class FormWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/login**", "/assets/**", "/uaa/**", "/management/health").permitAll()
.anyRequest().authenticated()
.and()
.headers()
.defaultsDisabled()
.frameOptions()
.sameOrigin()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.ignoringAntMatchers("/uaa/**")
.and()
.logout()
.logoutSuccessUrl("/login?logout")
.permitAll();
}
}
和
@Configuration
@Order(1)
public class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeRequests()
.anyRequest().authenticated()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.formLogin()
.successForwardUrl("/")
.and()
.exceptionHandling().authenticationEntryPoint(new Unauthorized401EntryPoint());
}
public static class Unauthorized401EntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}
}
答案 0 :(得分:1)
以下用于基于注释的设置:
defaultSuccessUrl( “/仪表板”,的真)
第二个布尔参数是将always-use-default-target设置为true。