发表新帖
发表新帖

Make spring security add the return to url in the query string for the login page

前端 未结
关注
3 610
别跟我提以往
别跟我提以往 2020-12-10 09:27

Earlier I asked if it was possible to get the original request url in the form login page in Spring Security 2. Turns out that actually won\'t help me, what I need is for th

相关标签:
3条回答
  • 被撕碎了的回忆
    2020-12-10 09:47

    I guess you need to use spring-security-redirect. Essentially, if your url is of the form /login.html?spring-security-redirect=/secure.html, spring security will automagically redirect to secure.html on successful login.

    As of spring 3.1.x this no longer works out-of-the-box. You'll need to add:

    authentication-success-handler-ref="simpleUrlAuthenticationSuccessHandler"

    ...to your <form-login> element and add a bean that looks like:

    <!-- Emulates the functionality of spring security 3.0.x by specifying the targetUrlParameter to be the value it
    defaulted to in 3.0.x. As of 3.1.x this is null by default with no option to specify in <form-login> -->
<beans:bean id="simpleUrlAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
    <beans:property name="useReferer" value="true"/>
    <beans:property name="defaultTargetUrl" value="/account"/>
    <beans:property name="targetUrlParameter" value="spring-security-redirect"/>
</beans:bean>
    0 讨论(0)
  • 旧巷少年郎
    2020-12-10 10:02

    The redirect to the login form is performed by the AuthenticationEntryPoint. For Spring Security 3.0+ this will usually be an instance of LoginUrlAuthenticationEntryPoint. In 2.0 the corresponding class is AuthenticationProcessingFilterEntryPoint.

    The entry point is invoked by the ExceptionTranslationFilter which is also responsible for caching the request. You can therefore write a custom AuthenticationEntryPoint which redirects to the login page URL with the additional parameter appended (containing the current request URI). The code should be almost identical to the standard implementation.

    You can inject a custom AuthenticationEntryPoint into the namespace configuration using the entry-point-ref attribute on the http namespace element. If you are using plain beans, you would inject it into the ExceptionTranslationFilter.

    0 讨论(0)
  • 没有蜡笔的小新
    2020-12-10 10:06

    If you are using your own login page and want to use the approach Raghuram suggested you must also put a hidden field with the name of the targetUrlParameter in the form.

    For your example (ie. using *return_to* URL parameter) it would be something like:

    <input type="hidden" name="spring-security-redirect" value="<c:out value="${param.return_to}" escapeXml="true" />" />
    0 讨论(0)
 看不清?
提交回复
热议问题