我正在使用 Spring Controllers 来显示我的jsp视图和Spring安全性 .
在安全上下文中, all users can access to /login (login.jsp)但 only authenticated users can access to /home (home.jsp) .
当我从浏览器cookie中删除会话ID时,应用程序中的下一个请求应该重定向到登录页面 .
我在控制器中显示登录页面的方法是:
@RequestMapping(value = {"/login","/login.do"})
public ModelAndView showLoginForm() {
String username = getUsername();
if(!username.equals("anonymousUser")){
return new ModelAndView("redirect:/home");
}
return new ModelAndView("login");
}
我的网址在/ home但是当我尝试使用此功能重定向到登录时 return new ModelAndView("login") 浏览器会保留相同的网址 .
我的 Spring 季安全配置
<http entry-point-ref="loginEntryPoint"
use-expressions="true" create-session="always">
<session-management
session-authentication-strategy-ref="sas" />
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/login.do" access="permitAll" />
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/accessDenied.do" access="permitAll" />
<intercept-url pattern="/app/**" access="permitAll" />
<intercept-url pattern="/signup/createuser" access="permitAll" />
<intercept-url pattern="/changepassword/changefirstpassword" access="permitAll" />
<intercept-url pattern="/recoverpassword/recoverPasswordRequest" access="permitAll" />
<intercept-url pattern="/resources/**" access="permitAll"/>
<intercept-url pattern="/**" access="authenticated" />
<access-denied-handler error-page="/accessDenied.do" />
<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<custom-filter position="FORM_LOGIN_FILTER" ref="domainFormLoginFilter" />
<logout success-handler-ref="myLogoutSuccessHandler" />
</http>
为什么我的浏览器没有重定向到登录页面? TKS
1 回答
首先删除您的控制器并将以下内容添加到您的安全配置中 .
使用不反对或围绕它的框架......