我正在尝试使用 sitemesh 在屏幕上将内容拉到一起。您必须“登录”到站点才能查看站点网格正在显示的页面,并且您必须登录才能查看站点网格试图拉入和装饰的组件。
我正在使用 spring security 和 PersistentTokenBasedRememberMeServices 来做到这一点。发生的情况是,当站点网格调用以获取其组件进行装饰时,即使用户已登录并可以访问该页面,它也会获得由 Spring Security 提供的登录屏幕而不是内容。
挖掘站点网格代码,站点网格正在创建一个 URL 和一个 URLconnection 来调用装饰。
URL url = new URL(this.page);
URLConnection urlConn = url.openConnection();
urlConn.setUseCaches(true);
BufferedReader in = new BufferedReader(new InputStreamReader(urlConn.getInputStream()));
所以我想我的问题是......我可以像这样将弹簧安全令牌附加到 urlConnection 吗?
URL url = new URL(page);
URLConnection urlConn = url.openConnection();
urlConn.setRequestProperty("Cookie", myCookie);
urlConn.setUseCaches(true);
urlConn.connect();
If so, what does the format of the cookie need to be? I've tried what is below (the gibberish is the value of the security cookie generated by spring security)
securityCookie=Y2E0cFR1WWp6RTRjTzRBSFhYaG50dz09OjR mNzlON2syVXh3M01BSXRONGV2QXc9PQ
It doesn't work as I get a cookie theft exception from Spring Security. Any ideas? Do I need to add the path or domain? If so what is the format?
Does the cookie value need to be encoded in some way?