我将用户重定向到主页,并将“默认目标网址”设置为“ /”。但是,如果用户登录到产品页面(/ p /)或搜索页面(/ search),则需要重定向用户。我该怎么做呢?我对Spring Security和重定向还不是很了解。
我尝试在AuthenticationSuccessHandler的onAuthenticationSuccess()方法内拦截请求,并检查URL是否包含产品页面或搜索页面URL。
在AuthenticationSuccessHandler中:
if (!response.isCommitted()) {
super.onAuthenticationSuccess(request,response,authentication);
}
在spring-security-config.xml中:
<bean id="authenticationSuccessHandler" class ="com.storefront.AuthenticationSuccessHandler" scope="tenant">
<property name="rememberMeCookieStrategy" ref="rememberMeCookieStrategy" />
<property name="customerFacade" ref="customerFacade" />
<property name="sCustomerFacade" ref="sCustomerFacade" />
<property name="sProductFacade" ref="sProductFacade" />
<property name="defaultTargetUrl" value="/" />
<property name="useReferer" value="true" />
<property name="requestCache" value="httpSessionRequestCache" />
预期结果将是:
答案 0 :(得分:0)
您可以扩展AbstractLoginPageController来运行您自己的方案。将 doLogin 方法中的引荐来源网址保存到httpSessionRequestCache。然后使用 getSuccessRedirect 方法检查并过滤并返回引荐来源网址。
答案 1 :(得分:0)
Hybris OOTB(我指的是V6.7)具有一项功能,您可以在其中列出要重定向到“默认目标网址”的URL。这里的想法是用反向逻辑创建另一个列表(或替换现有列表),该反向逻辑仅允许给定URL,并将所有其他URL重定向到默认目标URL。
在OOTB中,您可以在spring-security-config.xml中看到 listRedirectUrlsForceDefaultTarget ,可以在其中定义要重定向到默认目标的URL列表。如下所示。
<alias name="defaultLoginAuthenticationSuccessHandler" alias="loginAuthenticationSuccessHandler"/>
<bean id="defaultLoginAuthenticationSuccessHandler" class="de.hybris.platform.acceleratorstorefrontcommons.security.StorefrontAuthenticationSuccessHandler" >
<property name="customerFacade" ref="customerFacade" />
<property name="defaultTargetUrl" value="#{'responsive' == '${commerceservices.default.desktop.ui.experience}' ? '/' : '/my-account'}"/>
<property name="useReferer" value="true"/>
<property name="requestCache" ref="httpSessionRequestCache" />
<property name="uiExperienceService" ref="uiExperienceService"/>
<property name="cartFacade" ref="cartFacade"/>
<property name="customerConsentDataStrategy" ref="customerConsentDataStrategy"/>
<property name="cartRestorationStrategy" ref="cartRestorationStrategy"/>
<property name="forceDefaultTargetForUiExperienceLevel">
<map key-type="de.hybris.platform.commerceservices.enums.UiExperienceLevel" value-type="java.lang.Boolean">
<entry key="DESKTOP" value="false"/>
<entry key="MOBILE" value="false"/>
</map>
</property>
<property name="bruteForceAttackCounter" ref="bruteForceAttackCounter" />
<property name="restrictedPages">
<list>
<value>/login</value>
</list>
</property>
<property name="listRedirectUrlsForceDefaultTarget">
<list>/example/redirect/todefault</list>
</property>
</bean>
StorefrontAuthenticationSuccessHandler
@Override
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response,
final Authentication authentication) throws IOException, ServletException
{
//...
//if redirected from some specific url, need to remove the cachedRequest to force use defaultTargetUrl
final RequestCache requestCache = new HttpSessionRequestCache();
final SavedRequest savedRequest = requestCache.getRequest(request, response);
if (savedRequest != null)
{
for (final String redirectUrlForceDefaultTarget : getListRedirectUrlsForceDefaultTarget())
{
if (savedRequest.getRedirectUrl().contains(redirectUrlForceDefaultTarget))
{
requestCache.removeRequest(request, response);
break;
}
}
}
//...
}
现在通过声明新列表(例如listAllowedRedirectUrls)或用spring-security-config.xml中的listAllowedRedirectUrls替换listRedirectUrlsForceDefaultTarget来反转该逻辑,并在SuccessHandler中进行相应的更改。喜欢
<property name="listAllowedRedirectUrls">
<list>/p/</list>
<list>/search</list>
</property>
StorefrontAuthenticationSuccessHandler
if (savedRequest != null)
{
for (final String listAllowedRedirectUrl : getListAllowedRedirectUrls())
{
if ( ! savedRequest.getRedirectUrl().contains(listAllowedRedirectUrl))
{
requestCache.removeRequest(request, response);
break;
}
}
}
您还必须对 / login / checkout 处理程序声明(defaultLoginCheckoutAuthenticationSuccessHandler)进行相同的更改。