7

我已经实现了用于登录我的门户网站的 spring 安全性。它工作正常,除了一个问题。我已将会话超时设置为 5 分钟。一旦发生超时,然后用户单击任何 URL,它就会被重定向到注销页面。但是当用户重新认证时,用户直接登陆最后一个访问页面,而不是默认目标 URL 的主页。

Spring安全文件如下:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans  

        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <http auto-config="true">
        <intercept-url pattern="/index.jsp" access="ROLE_ADMIN,ROLE_USER" /> 
        <intercept-url pattern="/home.html" access="ROLE_ADMIN,ROLE_USER" />
        <intercept-url pattern="/mdm/accessToken.html" access="ROLE_USER" />
        <intercept-url pattern="/mdm/enroll.html" access="ROLE_USER" />
        <intercept-url pattern="/mdm/installApp.html" access="ROLE_USER" />
        <intercept-url pattern="/mdm/checkStatus.html" access="ROLE_USER" />
        <intercept-url pattern="/mdm/searchDevice.html" access="ROLE_USER" />     
        <intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
        <intercept-url pattern="/account/*" access="ROLE_ADMIN" />
        <intercept-url pattern="/user/*" access="ROLE_USER" />      

        <form-login login-page="/login.html" default-target-url="/home.html"
                    authentication-failure-url="/loginfailed.html" />
        <logout logout-url="/logout.html" logout-success-url="/logoutSuccess.html" invalidate-session="true" />
        <anonymous username="guest" granted-authority="ROLE_GUEST" />
        <session-management>
            <concurrency-control max-sessions="1"  />
        </session-management>
        <session-management invalid-session-url="/logout.html" />
    </http>

    <authentication-manager>
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource"
                users-by-username-query="select USER as username, password, 'true' as enabled from TBL_USER_MASTER where user=?"
                authorities-by-username-query="select um.USER as username , rm.ROLE_NAME as authorities from TBL_USER_MASTER um,TBL_ROLE_MASTER rm
            where um.USER=? and um.role_id=rm.role_id" />
            <password-encoder hash="md5"/>
        </authentication-provider>
    </authentication-manager>
</beans:beans>
4

2 回答 2

8

always-use-default-target属性添加到您的form-login标记。

<form-login always-use-default-target="true" />

如果设置为 true,用户将始终从 default-target-url 给出的值开始,无论他们如何到达登录页面。映射到 UsernamePasswordAuthenticationFilter 的 alwaysUseDefaultTargetUrl 属性。默认值为假。

于 2013-07-25T08:39:29.990 回答
2

在 Grails 中,此设置解决了Config.groovy

grails.plugin.springsecurity.successHandler.alwaysUseDefault = true
于 2013-12-18T12:36:54.720 回答