成功验证后,Spring安全性未达到default-target-url

时间:2012-03-12 18:38:24

标签: java spring spring-security

我已在我的应用程序中实现了spring-security,我的spring-security.xml具有以下form-login标记。

<form-login login-page="/login.htm" default-target-url="/dashboard.htm"
            authentication-failure-url="/login.htm?error=true"
            authentication-success-handler-ref="authenticationSuccessHandler" />

我想从/login.htm登录,在成功验证后,我希望用户点击dashboard.htm。 Everythig工作正常,除了成功验证后它没有点击/dashboard.htm但是点击上下文...但是如果我在url中手动输入dashboard.htm那么一切正常......是的..我有authticationSuccessHandler的实现。

3 个答案:

答案 0 :(得分:14)

尝试删除default-target-url属性并添加以下内容:

<b:bean id="authenticationSuccessHandler" class="com.example.CustomSimpleURLAuthenticationSuccessHandler">
    <b:property name="defaultTargetUrl" value="/dashboard.htm"/>
</b:bean>

答案 1 :(得分:8)

<beans:bean id="loginSuccessHandler" class="com.example.LoginSuccessHandler">
    <beans:property name="defaultTargetUrl" value="/security/success"/>
    <beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
</beans:bean>

public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {

     @Override
     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                    Authentication authentication) throws ServletException, IOException {
         request.getSession().setMaxInactiveInterval(60 * 60); //one hour
         System.out.println("Session set up for 60min");
         super.onAuthenticationSuccess(request, response, authentication);
      }
}

答案 2 :(得分:6)

我使用问题spring is not redirecting to default target url?中的这个建议。我试过这个并且它正在工作。

<form-login login-page="/login.htm" 
default-target-url="/dashboard.htm" 
always-use-default-target="true"/>
相关问题
最新问题