发表新帖
发表新帖

Spring Security - Redirect if already logged in

前端 未结
关注
4 1146
-上瘾入骨i
-上瘾入骨i 2020-12-05 06:58

I\'m new to Spring:

I do not want authenticated user from accessing the login page. What is the proper way to handle redirects for the \'/login\' if the user is alr

相关标签:
4条回答
  • 暗喜
    2020-12-05 07:31

    To successfully redirect from login page, if user is already logged in, add the following to your login.jsp:

    Add a security taglib header to the top of your jsp:

    <%@taglib uri="http://www.springframework.org/security/tags" prefix="sec"%>

    Then add the following tag inside your "head" tag (preferably near the top):

    <sec:authorize access="isAuthenticated()">
    <% response.sendRedirect("main"); %>
</sec:authorize>

    This will redirect to main.html (or whatever your main .jsp is mapped to) if the user accessing the login page is already logged-in.

    Doing this through a controller didn't work for me, since the valid login page practice is to let the spring security's "form-login" bean do all the redirecting work, so there was no login controller for me to modify.

    0 讨论(0)
  • 无人共我
    2020-12-05 07:31

    login.xhtml

    <h:head >
    <f:metadata>
      <f:event type="preRenderView" listener="#{loginBean.onPageLoad}"/>
  </f:metadata>
</h:head>

    loginBean

    public void onPageLoad(){
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (!(auth instanceof AnonymousAuthenticationToken)) {
        try {
            FacesContext.getCurrentInstance().getExternalContext().redirect(url);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}
    0 讨论(0)
  • 既然无缘
    2020-12-05 07:45

    In the controller function of your login page:

    1. check if a user is logged in.

    2. then forward/redirect him to the index page in that case.

    Relevant code:

    Authentication auth = SecurityContextHolder.getContext().getAuthentication();

if (!(auth instanceof AnonymousAuthenticationToken)) {

    /* The user is logged in :) */
    return new ModelAndView("forward:/index");
}

    Update

    Or in another scenario where the mapping may be containing path variable like @GetMapping(path = "/user/{id}") in this case you can implement this logic as well:

    @GetMapping(value = "/login")
public String getLogin() throws Exception {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();

    if (!(auth instanceof AnonymousAuthenticationToken)) {
        User loggedInUser = userService.findByEmail(auth.getName())
                    .orElseThrow(Exception::new);
        /* The user is logged in :) */
        return "redirect:/user/" + loggedInUser.getUserId();
    }
    return "login";
}
    0 讨论(0)
  • 深忆病人
    2020-12-05 07:49

    hey you can do that.

    <h:head>
<sec:authorize access="isAuthenticated()">
    <meta http-equiv="refresh" content="0;url=http://your index.xhtml url (full url)" /> 
</sec:authorize>
</h:head>

    This method is very simple and convenient, is not it?

    0 讨论(0)
 看不清?
提交回复
热议问题