【发布时间】:2016-07-05 01:51:45
【问题描述】:
我在 Spring Security 中面临以下问题:
(1) 我有一个 URL“/welcome”,当用户登录时调用它,即我的默认成功 URL 是“/welcome”。无论用户的角色如何,用户在登录后都应该被重定向到这个 url。问题是如果我不登录就直接访问这个 url,那么它不会重定向到登录页面。
(2) 注销后,我重定向了登录页面,这是正确的。但是当我点击浏览器后退按钮时,我会重定向到上一页而不是停留在登录页面上。
下面是我的代码:
DesertLampSecurityConfiguration.java
@Configuration
@EnableWebSecurity
public class DesertLampSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationMgr) throws Exception {
authenticationMgr.inMemoryAuthentication()
.withUser("subodh.ranadive@desertlamp.com")
.password("Dlpl123#")
.authorities("SUPER_USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.and()
.formLogin().loginPage("/login")
.failureUrl("/login?error")
.defaultSuccessUrl("/welcome", true)
.usernameParameter("email").passwordParameter("password")
.and()
.logout()
.logoutSuccessUrl("/login?logout")
.and()
.csrf()
.and()
.exceptionHandling().accessDeniedPage("/Access_Denied");
}
}
DefaultController.java
@Controller
public class DefaultController {
@RequestMapping(value = { "/", "/home" }, method = RequestMethod.GET)
public ModelAndView defaultPage() {
ModelAndView model = new ModelAndView();
model.setViewName("common/pgDefault");
return model;
}
@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView loginPage(@RequestParam(value = "error",required = false) String error,
@RequestParam(value = "logout", required = false) String logout) {
ModelAndView model = new ModelAndView();
if (error != null) {
model.addObject("error", "Invalid Email OR Password");
}
if (logout != null) {
model.addObject("message", "You are successfully logged out");
}
model.setViewName("common/pgLogin");
return model;
}
@RequestMapping(value="/welcome", method = RequestMethod.GET)
public String welcomePage(ModelMap model){
return "common/pgWelcome";
}
}
incLogout.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>
<body>
<div align="right">
<c:url value="/logout" var="logoutUrl" />
<form id="logout" action="${logoutUrl}" method="post" >
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
<c:if test="${pageContext.request.userPrincipal.name != null}">
<a href="javascript:document.getElementById('logout').submit()">Logout</a>
</c:if>
</div>
</body>
</html>
提前致谢。
【问题讨论】:
标签: spring-security