您应该配置:
micronaut:
application:
name: ws
security:
enabled: true
endpoints:
login:
enabled: true
logout:
enabled: true
session:
enabled: true
login-success-target-url: '/'
login-failure-target-url: '/login/authFailed'
logout-targetUrl: '/link1'
unauthorized-target-url: '/link2'
forbidden-targetUrl: '/link3'
请注意micronaut.security.session.unauthorizedTargetUrl
利用:
micronaut.security.session.unauthorized-target-url
这是在这个bean中使用的:
https://github.com/micronaut-projects/micronaut-core/blob/master/security-session/src/main/java/io/micronaut/security/session/SessionSecurityfilterRejectionHandler.java
我刚刚检查了 Safari,似乎浏览器可能不会发送您需要检查 Accept 标头的 Content Type 标头。
这已为 1.0.1 修复。同时,您可以更换 bean
@Singleton
@Replaces(SessionSecurityfilterRejectionHandler.class)
public class CustomSessionSecurityfilterRejectionHandler extends SessionSecurityfilterRejectionHandler {
public CustomSessionSecurityfilterRejectionHandler(SecuritySessionConfiguration securitySessionConfiguration) {
super(securitySessionConfiguration);
}
@Override
public Publisher<MutableHttpResponse<?>> reject(HttpRequest<?> request, boolean forbidden) {
if (request.getHeaders().accept().stream().anyMatch(mediaType -> mediaType.equals(MediaType.TEXT_HTML_TYPE))) {
try {
String uri = forbidden ? securitySessionConfiguration.getForbiddenTargetUrl() :
securitySessionConfiguration.getUnauthorizedTargetUrl();
if (uri == null) {
uri = "/";
}
URI location = new URI(uri);
return Publishers.just(HttpResponse.seeOther(location));
} catch (URISyntaxException e) {
return Publishers.just(HttpResponse.serverError());
}
}
return Publishers.just(HttpResponse.status(forbidden ? HttpStatus.FORBIDDEN : HttpStatus.UNAUTHORIZED));
}
}