登录成功后,url 再次重定向到 /login
After successful login, the url redirect to /login again
我是 Spring 引导新手,我有一个小应用程序使用 Spring 引导和 Spring 安全。登录成功后,页面再次重定向到/login。我不知道如何解决它。
登录成功后:
这是安全配置:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/", "/login").permitAll()//设置SpringSecurity对"/"和"/login"路径不拦截
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")//设置Spring Security的登录页面访问路径为/login
.defaultSuccessUrl("/chat")//登录成功后转向/chat路径
.permitAll()
.and()
.logout()
.permitAll();
}
/**
* 在内存中分别配置两个用户xin.luo和king.luo,密码和用户名一致,角色是USER
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("xin").password("xin").roles("USER")
.and()
.withUser("king").password("king").roles("USER");
}
/**
* /resources/static/目录下的静态资源文件,Spring Security不拦截
* @param web
* @throws Exception
*/
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/static/**");
}
}
你需要什么样的行为?基本上,有两种选择:重定向到一些静态静态的众所周知的位置,如 /index
,或者重定向到最初请求的页面。两者都需要配置 AuthenticationSuccessHandler
. You can also use / extend one of the existing auth handlers to accomplish some basic tasks. E.g, note how SimpleUrlAuthenticationSuccessHandler
可用于重定向到最初请求的页面:
XML 安全配置:
<http use-expressions="true">
<intercept-url pattern="/login*" access="permitAll"/>
<intercept-url pattern="/**" access="isAuthenticated()"/>
<form-login
...
authentication-success-handler-ref="authenticationSuccessHandler"
authentication-success-handler-ref="refererAuthenticationSuccessHandler"
...
/>
<logout/>
</http>
<!-- Route users to their profiles and admins to the admin console: -->
<beans:bean id="authenticationSuccessHandler" class="a.b.c.AuthenticationSuccessHandler"/>
<!-- Route to the originally requested page -->
<beans:bean id="refererAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="useReferer" value="true"/>
</beans:bean>
示例AuthenticationSuccessHandler
:
public class AuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
// Very simple (most probably broken) check if the user is ADMIN or USER
if (authentication.getAuthorities().stream().filter(a -> a.getAuthority().equals("USER")).findAny() != null){
redirectStrategy.sendRedirect(request, response, "/profile.html");
} else {
redirectStrategy.sendRedirect(request, response, "/admin.html");
}
clearAuthenticationAttributes(request);
}
}
还有一种可能。未设置cookie,以下发送的请求均被视为第一个没有session ID的请求。
如果您使用 google chrome,并使用本地主机地址在本地机器上测试应用程序,则可能未设置 cookie。您可以在此处查看更多详细信息:Chrome localhost cookie not being set
您可以尝试使用 127.0.0.1 进行测试。
我是 Spring 引导新手,我有一个小应用程序使用 Spring 引导和 Spring 安全。登录成功后,页面再次重定向到/login。我不知道如何解决它。
登录成功后:
这是安全配置:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/", "/login").permitAll()//设置SpringSecurity对"/"和"/login"路径不拦截
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")//设置Spring Security的登录页面访问路径为/login
.defaultSuccessUrl("/chat")//登录成功后转向/chat路径
.permitAll()
.and()
.logout()
.permitAll();
}
/**
* 在内存中分别配置两个用户xin.luo和king.luo,密码和用户名一致,角色是USER
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("xin").password("xin").roles("USER")
.and()
.withUser("king").password("king").roles("USER");
}
/**
* /resources/static/目录下的静态资源文件,Spring Security不拦截
* @param web
* @throws Exception
*/
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/static/**");
}
}
你需要什么样的行为?基本上,有两种选择:重定向到一些静态静态的众所周知的位置,如 /index
,或者重定向到最初请求的页面。两者都需要配置 AuthenticationSuccessHandler
. You can also use / extend one of the existing auth handlers to accomplish some basic tasks. E.g, note how SimpleUrlAuthenticationSuccessHandler
可用于重定向到最初请求的页面:
XML 安全配置:
<http use-expressions="true">
<intercept-url pattern="/login*" access="permitAll"/>
<intercept-url pattern="/**" access="isAuthenticated()"/>
<form-login
...
authentication-success-handler-ref="authenticationSuccessHandler"
authentication-success-handler-ref="refererAuthenticationSuccessHandler"
...
/>
<logout/>
</http>
<!-- Route users to their profiles and admins to the admin console: -->
<beans:bean id="authenticationSuccessHandler" class="a.b.c.AuthenticationSuccessHandler"/>
<!-- Route to the originally requested page -->
<beans:bean id="refererAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="useReferer" value="true"/>
</beans:bean>
示例AuthenticationSuccessHandler
:
public class AuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
// Very simple (most probably broken) check if the user is ADMIN or USER
if (authentication.getAuthorities().stream().filter(a -> a.getAuthority().equals("USER")).findAny() != null){
redirectStrategy.sendRedirect(request, response, "/profile.html");
} else {
redirectStrategy.sendRedirect(request, response, "/admin.html");
}
clearAuthenticationAttributes(request);
}
}
还有一种可能。未设置cookie,以下发送的请求均被视为第一个没有session ID的请求。
如果您使用 google chrome,并使用本地主机地址在本地机器上测试应用程序,则可能未设置 cookie。您可以在此处查看更多详细信息:Chrome localhost cookie not being set
您可以尝试使用 127.0.0.1 进行测试。