0

我正在使用 Spring Security 3.2 和 Hibernate 4。目前我有一个自定义登录,其工作方式如下。URL "/"(root) 是一个欢迎的 jsp 请求,它要求一个参数以根据相同的参数显示不同的登录。例如,如果用户输入 url "/parameter1"(手动操作),这个变量向我显示了一个由驱动程序生成的个性化登录,该驱动程序从那里收集了一个 RequestMapping (value = "/{parameter}",所有 URLS 都将具有该参数,问题是我有的是,当用户希望离开或您的会话到期时,spring 会向我发送 url "/",但我需要它向我发送一个/parameter1,以便捕获参数"parameter1"这样它就会让我留在自定义登录中。这样我就不必手动重新输入参数。我的安全设置如下:

    <custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
    <!-- <form-login login-page="/loginUser" login-processing-url="/testUser/j_spring_security_check"
        authentication-failure-url="/loginError"   default-target-url="/testUser"
        username-parameter="j_username" password-parameter="j_password" /> -->

    <logout invalidate-session="true" delete-cookies="JSESSIONID" logout-success-url="/loginUser" logout-url="/testUser/j_spring_security_logout"/>

    <session-management invalid-session-url="/"   session-fixation-protection="migrateSession" >
       <concurrency-control max-sessions="2"  expired-url="/" error-if-maximum-exceeded="false"/>
    </session-management>


 <beans:bean id="loginUrlAuthenticationEntryPoint"
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <beans:property  name="loginFormUrl" value="/loginUser" />
</beans:bean>  

<beans:bean id="myFilter" class="net.universia.test.autenticacionService.LoginAuthenticationFilter">
  <beans:property name="authenticationManager"  ref='UserauthenticationManager'/>
   <beans:property name="authenticationFailureHandler" ref="failureHandler"/>
   <beans:property name="authenticationSuccessHandler" ref="successHandler"/>   
   <beans:property name="filterProcessesUrl"  value="/testUser/j_spring_security_check"/>
</beans:bean>

  <beans:bean  id = "exceptionTranslationFilter" class = "org.springframework.security.web.access.ExceptionTranslationFilter" > 
    <beans:property  name = "authenticationEntryPoint"  ref = "loginUrlAuthenticationEntryPoint" /> 
    <beans:property  name = "accessDeniedHandler"  ref = "accessDeniedHandler" /> 
  </beans:bean> 


<beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
   <beans:property name="defaultTargetUrl" value="/testUser"/>
</beans:bean>


 <beans:bean  id = "accessDeniedHandler" class = "org.springframework.security.web.access.AccessDeniedHandlerImpl" > 
    <beans:property  name = "errorPage"  value = "/403" /> 
 </beans:bean>

显示登录表单的驱动程序是:

@RequestMapping(value ="/{testRef}", method = {RequestMethod.POST,RequestMethod.GET})
public @ResponseBody ModelAndView loginTestRef(@PathVariable("testRef") String testRef,HttpSession session, HttpServletRequest request) {

    session.setAttribute("ssidreffh", testRef);

    TestDatos test = testService.showTestUserByRef(testRef);

    request.getSession().setAttribute("test", test);

    ModelAndView mav = new ModelAndView("/loginUser");
    mav.addObject("test", test);

    return mav;

}

如果用户在 url /dominio/parametro1/paginaPerfil 中或您的会话结束,spring 将我重定向到 url “/myApp/parameter1”,因此将在登录而不是根“/”中。

4

1 回答 1

-1

我终于可以解决我的问题了。我实现了一个用于注销的自定义过滤器,SimpleUrlLogoutSuccessHandler我可以捕获以前的 URL 以及我通过重定向 ( /parameter1) 返回的参数。这是我的代码:

public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler  {
    @Override
    public void onLogoutSuccess(HttpServletRequest request,
            HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {
        String testRef = null;
        if (authentication != null) {
            String refererUrl = request.getHeader("Referer");
            System.out.println("variables: " +refererUrl);
            String[] parts = refererUrl.split("/");
            testRef = parts[5];
        }
        setDefaultTargetUrl("/"+testRef);
        super.onLogoutSuccess(request, response, authentication);
    }
}
于 2014-12-19T15:38:26.400 回答