我有一个使用安全性的Spring-boot应用程序。我要重定向到请求的原始URL。我需要实现一个自定义的SimpleUrlAuthenticationSuccessHandler,所以我有以下代码:
public class MySavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
public MySavedRequestAwareAuthenticationSuccessHandler() {
setUseReferer(true);
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
// do my stuff
logger.info(getTargetUrlParameter()); // this is = '/'
//logger.info(getDefaultTargetUrl()); // this is null
redirectStrategy.sendRedirect(request, response, "/");
}
}
问题在于登录后再也不会重定向到引用者。我必须添加 redirectStrategy.sendRedirect(request,response,“ /”); 部分。
在LoginController中,从Spring Security重定向后,标头中的“ Referer”始终为null。如果我输入网址“ xxxx / login”,则设置该值。不太有用:
@RequestMapping(value = {"/login"}, method = RequestMethod.GET)
public ModelAndView login(HttpServletRequest request) {
String referer = request.getHeader("Referer");
modelAndView.addObject ("referer", referer); // this is NULL
//
modelAndView.setViewName("login");
return modelAndView;
}
这是我的安全配置:
http.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/").authenticated()
.and()
.csrf().disable()
.formLogin()
.loginPage("/login")
.failureHandler(customAuthenticationFailureHandler)
.usernameParameter("email")
.passwordParameter("password")
.successHandler(authenticationSuccessHandler)
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login?logged-out")
.and()
.exceptionHandling()
.accessDeniedPage("/access-denied")