在 Spring 安全中成功验证后重定向到原始 URL
Redirect to original URL after successful authentication in Spring Security
我在 Spring 云网关应用程序中有以下安全配置 class。此网关充当处理用户身份验证的 OAuth2 客户端。验证成功后,我想重定向到用户最初来自的单页应用程序的URL。
例子
如果用户在 http://localhost:8093/profile 上,那么这应该是重定向 URL.
目前我只使用一个用于测试目的的硬编码值。有没有办法获取“原始 URL”并将其用作重定向 URL?
@Configuration
@EnableWebFluxSecurity
public class SecurityConfiguration {
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity) {
httpSecurity
.csrf().disable()
.authorizeExchange()
.anyExchange().authenticated()
.and()
.oauth2Login()
// Use original URL here?
.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("http://localhost:8093"))
.and()
.exceptionHandling().authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED))
.and()
.oauth2ResourceServer().jwt();
return httpSecurity.build();
}
}
您可以尝试以下提供的组合来实现您想要的:
首先您需要创建身份验证成功处理程序:
public class MySimpleUrlAuthenticationSuccessHandler
实施 AuthenticationSuccessHandler {
protected Log logger = LogFactory.getLog(this.getClass());
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException {
handle(request, response, authentication);
clearAuthenticationAttributes(request);
}
然后处理方法实现:
protected void handle(
HttpServletRequest request,
HttpServletResponse response,
Authentication authentication
) throws IOException {
//This will provide you last URL
String targetUrl = request.getHeader("referer");
if (response.isCommitted()) {
logger.debug(
"Response has already been committed. Unable to redirect to "
+ targetUrl);
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
仅供参考:
注意:HTTP referer 是一个 client-controlled 值,因此可以被欺骗为完全不同的东西甚至被删除.此值不应用于任何关键操作。
我在 Spring 云网关应用程序中有以下安全配置 class。此网关充当处理用户身份验证的 OAuth2 客户端。验证成功后,我想重定向到用户最初来自的单页应用程序的URL。
例子
如果用户在 http://localhost:8093/profile 上,那么这应该是重定向 URL.
目前我只使用一个用于测试目的的硬编码值。有没有办法获取“原始 URL”并将其用作重定向 URL?
@Configuration
@EnableWebFluxSecurity
public class SecurityConfiguration {
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity) {
httpSecurity
.csrf().disable()
.authorizeExchange()
.anyExchange().authenticated()
.and()
.oauth2Login()
// Use original URL here?
.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("http://localhost:8093"))
.and()
.exceptionHandling().authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED))
.and()
.oauth2ResourceServer().jwt();
return httpSecurity.build();
}
}
您可以尝试以下提供的组合来实现您想要的:
首先您需要创建身份验证成功处理程序:
public class MySimpleUrlAuthenticationSuccessHandler
实施 AuthenticationSuccessHandler {
protected Log logger = LogFactory.getLog(this.getClass());
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException {
handle(request, response, authentication);
clearAuthenticationAttributes(request);
}
然后处理方法实现:
protected void handle(
HttpServletRequest request,
HttpServletResponse response,
Authentication authentication
) throws IOException {
//This will provide you last URL
String targetUrl = request.getHeader("referer");
if (response.isCommitted()) {
logger.debug(
"Response has already been committed. Unable to redirect to "
+ targetUrl);
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
仅供参考:
注意:HTTP referer 是一个 client-controlled 值,因此可以被欺骗为完全不同的东西甚至被删除.此值不应用于任何关键操作。