发表新帖
发表新帖

Spring Security targetUrlParameter does not redirect

前端 未结
关注
6 1549
长情又很酷
长情又很酷 2020-12-19 12:37

I\'m trying to redirect the user back to the page where they clicked the login link. (Pages are read-only for non-authenticated users, but writable for logged in users.) How

相关标签:
6条回答
  • 轮回少年
    2020-12-19 12:49

    it because of this line : 

    <beans:property name="defaultTargetUrl" value="/"/>

    remove that line and try again.

    0 讨论(0)
  • 栀梦
    2020-12-19 12:49

    Use SavedRequestAwareAuthenticationSuccessHandler instead of SimpleUrlAuthenticationSuccessHandler.

    Even if the url of the page is typed on the browser in which case referer is not captured, SavedRequestAwareAuthenticationSuccessHandler uses the previous url captured by the ExceptionTraslationFilter.

    Read http://docs.spring.io/spring-security/site/docs/3.0.x/reference/core-web-filters.html#form-login-flow-handling and http://docs.spring.io/autorepo/docs/spring-security/3.2.4.RELEASE/apidocs/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.html

    0 讨论(0)
  • 栀梦
    2020-12-19 12:51

    Change SimpleUrlAuthenticationSuccessHandler to SavedRequestAwareAuthenticationSuccessHandler and be happy.

    0 讨论(0)
  • 渐次进展
    2020-12-19 12:52

    The following generic solution can be used with regular login, a Spring Social login, or most other Spring Security filters.

    In your Spring MVC controller, when loading the read-only page, save the path to the page in the session if user has not been logged in. In XML config, set the default target url. For example:

    In your Spring MVC controller, the redirect method should read out the path from the session and return redirect:<my_saved_page_path>.

    So, after user logs in, they'll be sent to /redirect page, which will promptly redirect them back to the page that they last visited.

    0 讨论(0)
  • 花落未央
    2020-12-19 13:00

    The following rules are applied when using the SimpleUrlAuthenticationSuccessHandler:

    • If the alwaysUseDefaultTargetUrl property is set to true, the defaultTargetUrl property will be used for the destination.
    • If a parameter matching the value of targetUrlParameter has been set on the request, the value will be used as the destination. By default this has the value "spring-security-redirect".
    • If the useReferer property is set, the "Referer" HTTP header value will be used, if present.
    • As a fallback option, the defaultTargetUrl value will be used.

    According to your configuration, this should work. My guess is that you didn't propagate the referer when sending the POST request in the form login. Typically, you should write the referer value in an hidden field in your login page, so that the referer parameter is transmitted to spring_security_login.

    0 讨论(0)
  • Happy的楠姐
    2020-12-19 13:07

    LaurentG has already explained this. You can pass the useReferer param in spring. Works fine for both SavedRequestAwareAuthenticationSuccessHandler and SimpleUrlAuthenticationSuccessHandler.

    Here is your modified spring logic:

    <http use-expressions="true">
    <intercept-url pattern="/**" access="permitAll" />
    <form-login authentication-success-handler-ref="simpleUrlAuthenticationSuccessHandler"/>
</http>

<beans:bean id="simpleUrlAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
     <beans:property name="defaultTargetUrl" value="/"/>
     <beans:property name="targetUrlParameter" value="redirect"/>
     <beans:property name="useReferer" value="true"/>
</beans:bean>
    0 讨论(0)
 看不清?
提交回复
热议问题