@RequestMapping(value = "/home", method = RequestMethod.GET)
public ModelAndView getLoginPage(
HttpServletResponse response,
@RequestParam(value = "msg", required = false) String message{
modelView.setViewName("landingpage/home");
return modelView;
}
这是/home个端点。
它返回html,其中还包含登录信息以及登录用户的仪表板。因此,对于经过身份验证的用户,它是开放的:
http
.authorizeRequests()
.antMatchers("/", "/home", "/book/**").authenticated()
但在登录失败后,也必须将其打开,因为它将消息发送到/ home端点:
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
....
String exceptionMessage = exception.getMessage();
String msgParam = "?msg=" + EncryptionUtil.encode(exceptionMessage);
response.sendRedirect(/home + msgParam);
所以我想要的是,
localhost:8080/home -> should be open to onlyauthenticated
localhost:8080/home?msg=asdsada -> should be open to all users
我尝试添加此
.antMatchers("/reset-password", "/login", "/home/**").anonymous()
所有班级都变成这样:
.antMatchers("/", "/home", "/deposit/**").authenticated()
.antMatchers("/reset-password", "/login", "/home/**").anonymous()
但是当我去
http://localhost:8080/home?msg=BAcQreS-4_K54e3jWSksds
无法进行,因为不允许未经身份验证的人。
我该怎么办?