我是 SpringSecurity 的新手。
这是我的 Spring-security-Context.xml 文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true" path-type="ant">
<form-login login-page="/jack/login" authentication-failure-url="/jack/login" default-target-url="/jack/home" />
<intercept-url pattern="/themes/**" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/js/**" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/jack/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/jack/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/jack/**/*.png" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/jack/**/*.jpg" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/jack/upload-users" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/jack/login" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/jack/logincheck" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/jack/logout" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
<intercept-url pattern="/jack/sessionExpire" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/jack/**" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:logout logout-url="/jack/logout"
logout-success-url="/jack/login" invalidate-session="true" />
<session-management invalid-session-url="/jack/logout" >
<concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/jack/logout"/>
</session-management>
<security:custom-filter ref="expiredSessionFilter" after="REMEMBER_ME_FILTER"/>
</http>
<beans:bean id="expiredSessionFilter" class="com.jack.web.filter.ExpiredSessionFilter">
</beans:bean>
<!-- Authentication providers -->
<beans:bean id="customAuthenticationProvider" class="com.jack.security.provider.CustomAuthenticationProvider" >
<!-- <security:custom-authentication-provider /> -->
<!-- <beans:property name="userDetailsService" ref="userDetailsService"/> -->
</beans:bean>
<authentication-manager>
<authentication-provider ref="customAuthenticationProvider" />
</authentication-manager>
</beans:beans>
案例 1:在web.xml
jack中是 springcontext 名称
in security-context.xml
jack是/jack/login之类的模式
当我给出 URL 时
localhost:8080/project/jack/login
这个春天的安全工作很好
案例 2:在web.xml
xxx中是 springcontext 名称
在 security-context.xml 中, jack是/jack/login之类的模式
我不会更改 securitycontext.xml 中的任何内容
当我给
localhost:8080/project/xxx/login
spring security 允许用户进入我的应用程序。
注销后,如果用户复制 - 粘贴主页 url 意味着 Spring Security 不会将用户重定向到登录页面。
我如何将用户重定向到弹簧登录页面,或者我还有其他选择吗?