1

我正在使用 Spring 和 Ldap 进行用户身份验证,现在我想在用户已经登录时将用户重定向到主页,我尝试了一些通过谷歌阅读但没有运气的解决方案。这是我的配置代码...

Spring-Security.xml

   <security:http auto-config="true" use-expressions="true"
        access-denied-page="/denied" access-decision-manager-ref="accessDecisionManager"
        disable-url-rewriting="true">

        <security:remember-me key="_spring_security_remember_me"
            token-validity-seconds="864000" token-repository-ref="tokenRepository" />

        <security:intercept-url pattern="/login/login"
            access="permitAll" />



        <security:intercept-url pattern="/resources/**"
            access="permitAll" />

        <security:intercept-url pattern="/member/*"
            access="permitAll" />

        <security:intercept-url pattern="user/admin/admin"
            access="hasRole('ROLE_ADMIN')" />

        <security:intercept-url pattern="/user/user"
            access="hasRole('ROLE_USERS')" />




        <security:form-login login-page="/login/login"
            authentication-failure-url="/login/login?error=true"
            default-target-url="/checking" />

        <security:logout invalidate-session="true"
            logout-success-url="/login/login" logout-url="/login/logout" />

        <security:custom-filter ref="captchaCaptureFilter"
            before="FORM_LOGIN_FILTER" />
        <!-- <security:custom-filter ref="captchaVerifierFilter" after="FORM_LOGIN_FILTER" 
            /> -->

        <!-- <security:session-management
            invalid-session-url="/logout.html">
            <security:concurrency-control
                max-sessions="1" error-if-maximum-exceeded="true" />

        </security:session-management>
        <security:session-management
            session-authentication-strategy-ref="sas" /> -->
    </security:http>

我的登录控制器

public class LoginController {

    @Autowired
    private User user;

    @Autowired
    SecurityContextAccessor securityContextAccessor;

    @RequestMapping(value = "login/login", method = RequestMethod.GET)
    public String getLogindata(
            @RequestParam(value = "error", required = false) String error,
            Model model) {

        Authentication auth = SecurityContextHolder.getContext().getAuthentication();

        model.addAttribute("error", error);

        if (securityContextAccessor.isCurrentAuthenticationAnonymous() && auth.getPrincipal() == null) {
            return "login/login";
        } else {
            return "redirect:/member/user";
        }
    }
}

auth.getName() 总是给我匿名用户,即使我已经登录了....

4

1 回答 1

0

在成功登录 spring-security.xml 中的 default-target-url 后,您应该将目标重定向写入主页,而不是 default-target-url="/checking" 。

我不确定您要在 /login/login Controller 中实现什么?如果你只想重定向用户,在成功登录 /member/user 后,你应该写:

        <security:form-login login-page="/login"
         always-use-default-target='true' 
         default-target-url="/member/user"
         authentication-failure-url="/login/login?error=true"
         />

登录控制器应如下所示:

    @RequestMapping(value="/login", method = RequestMethod.GET)
public String login(ModelMap model) {
return "login";
}

如果您的身份验证提供程序正常且正确,Spring Security 会在您成功登录后自动将您重定向到 /member/user。

于 2013-01-23T22:16:58.900 回答