Spring boot Security始终重定向到home.jsp-Java 学习之路

目前我正在使用Spring Boot 1.4.0版本进行持续开发，使用spring security进行身份验证 . 要求是用户首次登录时需要重定向到密码重置页面，否则应重定向到主页 . 应用程序始终重定向home.jsp，而不管成功处理程序中配置的url .

以下是我的配置，我在这里遗漏了什么

WebSecurityConfiguration

http.authorizeRequests()
         .antMatchers("/resources/**","/rest/**","/log*")
         .permitAll()
         .antMatchers("/admin**").hasAuthority("admin") 
         .anyRequest()
         .authenticated()
         .and()
         .formLogin()
         .loginPage("/login")
         .successHandler(authHandler)
         .failureHandler(authFailureHandler)
         .usernameParameter("username").passwordParameter("password")
         .permitAll()
         .and()
         .logout()
         .invalidateHttpSession(true)
         .logoutSuccessUrl("/login?logout")
         .permitAll()
         .and()
         .csrf().disable();

公共类AuthSuccessHandler扩展SimpleUrlAuthenticationSuccessHandler {

private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
    HttpSession session = request.getSession(false);
    String isFirstTimePwd = String.valueOf(session.getAttribute("IsFirstTimeLogIn"));
    if (isFirstTimePwd.equalsIgnoreCase("true"))
    {
        redirectStrategy.sendRedirect(request,response,"/firstTime");
    }
    else
    {
        redirectStrategy.sendRedirect(request, response, "/home");
    }
}

}

@RequestMapping(value = "/firstTime", method = RequestMethod.GET)
public String displayFirstTimeLoginPage(HttpServletRequest request,HttpServletResponse response) {
    return "firstTime";
}

@RequestMapping(value = "/home", method = RequestMethod.GET)
public ModelAndView homePage(HttpServletRequest request,HttpServletResponse response) {
    HttpSession  session = request.getSession();
    User user =(User)  session.getAttribute("User");
    return new ModelAndView("home", "loggedInUser", user);
}

而且我尝试通过覆盖onAuthenticationsuccess（）来实现authenticationsuccesshandler，但仍然重定向home.jsp而不是密码重置页面 .

1 回答

你最好去homePage并测试它是否是第一次

@RequestMapping(value = "/home", method = RequestMethod.GET)
    public ModelAndView homePage(HttpServletRequest request,HttpServletResponse response) {

    if (isFirstTimePwd.equalsIgnoreCase("true"))
        {
            redirectStrategy.sendRedirect(request,response,"/firstTime");
        }

        HttpSession  session = request.getSession();
        User user =(User)  session.getAttribute("User");
        return new ModelAndView("home", "loggedInUser", user);
    }

编辑1：

@RequestMapping(value = "/home", method = RequestMethod.GET)
        public ModelAndView homePage(HttpServletRequest request,HttpServletResponse response) {

         HttpSession  session = request.getSession();
            User user =(User)  session.getAttribute("User");
        if (isFirstTimePwd.equalsIgnoreCase("true"))
            {
                 return new ModelAndView("firstTime", "loggedInUser", user);
            }

            return new ModelAndView("home", "loggedInUser", user);
        }

回复于 2024-04-29T14:25:23+08:00

Spring boot Security始终重定向到home.jsp

1 回答

相关问题