目前我正在使用Spring Boot 1.4.0版本进行持续开发,使用spring security进行身份验证 . 要求是用户首次登录时需要重定向到密码重置页面,否则应重定向到主页 . 应用程序始终重定向home.jsp,而不管成功处理程序中配置的url .
以下是我的配置,我在这里遗漏了什么
WebSecurityConfiguration
http.authorizeRequests()
.antMatchers("/resources/**","/rest/**","/log*")
.permitAll()
.antMatchers("/admin**").hasAuthority("admin")
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.successHandler(authHandler)
.failureHandler(authFailureHandler)
.usernameParameter("username").passwordParameter("password")
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.logoutSuccessUrl("/login?logout")
.permitAll()
.and()
.csrf().disable();
公共类AuthSuccessHandler扩展SimpleUrlAuthenticationSuccessHandler {
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
HttpSession session = request.getSession(false);
String isFirstTimePwd = String.valueOf(session.getAttribute("IsFirstTimeLogIn"));
if (isFirstTimePwd.equalsIgnoreCase("true"))
{
redirectStrategy.sendRedirect(request,response,"/firstTime");
}
else
{
redirectStrategy.sendRedirect(request, response, "/home");
}
}
}
@RequestMapping(value = "/firstTime", method = RequestMethod.GET)
public String displayFirstTimeLoginPage(HttpServletRequest request,HttpServletResponse response) {
return "firstTime";
}
@RequestMapping(value = "/home", method = RequestMethod.GET)
public ModelAndView homePage(HttpServletRequest request,HttpServletResponse response) {
HttpSession session = request.getSession();
User user =(User) session.getAttribute("User");
return new ModelAndView("home", "loggedInUser", user);
}
而且我尝试通过覆盖onAuthenticationsuccess()来实现authenticationsuccesshandler,但仍然重定向home.jsp而不是密码重置页面 .
1 回答
你最好去homePage并测试它是否是第一次
编辑1: