如何允许转发到具有 Spring 安全性的外部 URL
How to permit forwarding to external URL with Spring Security
我想知道如何让我的 "redirect:" 与 Spring 安全一起工作。
所有 /auth* 路径都可以正常工作。但是当它到达 [1] 时它就不会重定向。 Spring 安全 4.0.2.RELEASE、Spring MVC 4.0.8.RELEASE
@Controller
@RequestMapping(value = "/auth")
public class SomeAuthController {
@RequestMapping(value = "/external")
public String externalAuth(...) {
if(someCondition) return "redirect:" + someExternalUrl; // [1] https://external-service.com
else return "redirect:/"
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void registerGlobalAuthentication(AuthenticationManagerBuilder auth,
ShaPasswordEncoder shaPasswordEncoder,
List<AuthenticationProvider> authProviders)
throws Exception {
for(AuthenticationProvider provider : authProviders) auth.authenticationProvider(provider);
}
@Bean(name="myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/resources/**").permitAll();
http.authorizeRequests().antMatchers("/auth/**", "/").permitAll().anyRequest().authenticated();
http.formLogin()
.loginPage("/auth/login")
.loginProcessingUrl("/j_spring_security_check")
.usernameParameter("j_username")
.passwordParameter("j_password")
.failureUrl("/auth/login?error")
.permitAll();
http.logout()
.permitAll()
.logoutUrl("/auth/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true);
}
}
好的伙计们。这是我的答案。希望它能帮助别人。
首先是在安全配置bean中启用JSR250。
@EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
之后我为包含重定向的方法添加了@PermitAll 注解。
@PermitAll
@RequestMapping(value = "/external")
public String externalAuth(...) {
if(someCondition) return "redirect:" + someExternalUrl; // [1] https://external-service.com
else return "redirect:/"
}
就是这样。调试愉快 J
我想知道如何让我的 "redirect:" 与 Spring 安全一起工作。 所有 /auth* 路径都可以正常工作。但是当它到达 [1] 时它就不会重定向。 Spring 安全 4.0.2.RELEASE、Spring MVC 4.0.8.RELEASE
@Controller
@RequestMapping(value = "/auth")
public class SomeAuthController {
@RequestMapping(value = "/external")
public String externalAuth(...) {
if(someCondition) return "redirect:" + someExternalUrl; // [1] https://external-service.com
else return "redirect:/"
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void registerGlobalAuthentication(AuthenticationManagerBuilder auth,
ShaPasswordEncoder shaPasswordEncoder,
List<AuthenticationProvider> authProviders)
throws Exception {
for(AuthenticationProvider provider : authProviders) auth.authenticationProvider(provider);
}
@Bean(name="myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/resources/**").permitAll();
http.authorizeRequests().antMatchers("/auth/**", "/").permitAll().anyRequest().authenticated();
http.formLogin()
.loginPage("/auth/login")
.loginProcessingUrl("/j_spring_security_check")
.usernameParameter("j_username")
.passwordParameter("j_password")
.failureUrl("/auth/login?error")
.permitAll();
http.logout()
.permitAll()
.logoutUrl("/auth/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true);
}
}
好的伙计们。这是我的答案。希望它能帮助别人。 首先是在安全配置bean中启用JSR250。
@EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
之后我为包含重定向的方法添加了@PermitAll 注解。
@PermitAll
@RequestMapping(value = "/external")
public String externalAuth(...) {
if(someCondition) return "redirect:" + someExternalUrl; // [1] https://external-service.com
else return "redirect:/"
}
就是这样。调试愉快 J