1. 技术文章
  2. Spring Security: Referer always login page after authentication

Spring Security: Referer always login page after authentication

梦想与她 提交于 2020-01-25 08:24:26

问题


I have sprint security setup like this:

    http.authorizeRequests()
        .antMatchers("/MyAccount").authenticated()
        .antMatchers("/additem").authenticated()
        .anyRequest().permitAll()
        .and()
        .formLogin()
        .loginPage("/login")
        .successHandler(authenticationSuccessHandler)
        .and().csrf().disable();

When I start on page Foo and click to /additem (not logged in) it redirects me (302) to /login. When I submit the login form REFERER is set to the login page not FOO or /additem. Thus I'm brought back to the login page albeit logged in. What am I missing?

Here is the code for the auth Handler:

public AuthSuccessHandler() {
    super();
    log.info("empty constructor called");
    setDefaultTargetUrl("/popular-links");
    setAlwaysUseDefaultTargetUrl(false);
    //setUseReferer(true); <-- causes issues
    //https://stackoverflow.com/questions/53026801/spring-security-referer-always-login-page-after-authentication
  }

  @Override
   public void onAuthenticationSuccess( HttpServletRequest request,
                HttpServletResponse response, Authentication authentication ){
          String email = authentication.getName();
          UserDetails userDetails = (UserDetails)authentication.getPrincipal();
          log.info("Successful auth : "+email);
          String token = tokenProvider.createToken(email, userDetails.getAuthorities());
          log.info("Token: "+token);
          sessionInfo.setJwtToken(token);
          try {
            handle(request,response,authentication);
          } catch (Exception e){
            log.error("An error occured "+e.toString());
            e.printStackTrace();
          }
   }

回答1:


So, what we can do, is add a referrer to your controller to the method mapped to your login page and add it as a session attribute. Then, we will fetch this value in your custom success handler.

Controller

@RequestMapping(value = "/login", method = RequestMethod.GET)
public String loginPage(HttpServletRequest request, Model model) {
    String referrer = request.getHeader("Referer");
    request.getSession().setAttribute("referrer", referrer);
    return "login";
}

Success Handler

@Override
public void onAuthenticationSuccess( HttpServletRequest request, HttpServletResponse response, Authentication authentication ){
    String email = authentication.getName();
    UserDetails userDetails = (UserDetails)authentication.getPrincipal();
    log.info("Successful auth : "+email);
    String token = tokenProvider.createToken(email, 
    userDetails.getAuthorities());
    log.info("Token: "+token);
    sessionInfo.setJwtToken(token);
    // Get the attribute you just set.
    String redirect = (String) session.getAttribute("refferer");
    try {
        if (redirect != null) {
            session.removeAttribute("refferer");
            getRedirectStrategy().sendRedirect(request, response, redirect);
        }
        handle(request,response,authentication);
    } catch (Exception e){
        log.error("An error occured "+e.toString());
        e.printStackTrace();
    }
}

So I haven't tried this code, but after reading this guide, I believe it should do the trick. Hope it helps.



来源:https://stackoverflow.com/questions/53026801/spring-security-referer-always-login-page-after-authentication

标签
Spring
spring-security
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!