-1
我有一個使用AngularJS 1.3前端和Spring API-REST的應用程序。使用AngularJS和Spring進行錯誤路由
對於登錄我使用會話(無JWT),我有這樣的問題:
- 我登錄到應用程序。
- 瀏覽應用程序。
- 當會話丟失時,向後端發送的第一個請求會將我發送到登錄頁面。
- 我再次登錄到應用程序,但它將我重定向到最後一個請求(一個踢出應用程序的請求),有時候是一個API調用,另一個是對資源(例如JavaScript)的請求。
我不知道我怎樣才能避免這種行爲,這是我的Spring Security的文件:
<sec:http use-expressions="true" auto-config="false">
<sec:custom-filter ref="captchaFilter" before="FORM_LOGIN_FILTER" />
<sec:custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />
<sec:session-management session-fixation-protection="newSession"></sec:session-management>
<sec:intercept-url pattern="/j_spring_security_switch_user" access="isAuthenticated()"/>
<sec:intercept-url pattern="*/app/**" access="isAuthenticated()" />
<sec:intercept-url pattern="/" access="permitAll" />
<sec:intercept-url pattern="/login" access="permitAll" />
<sec:intercept-url pattern="/accessDenied" access="permitAll" />
<sec:intercept-url pattern="/loginFailed" access="permitAll" />
<sec:intercept-url pattern="/css/**" access="permitAll" />
<sec:intercept-url pattern="/img/**" access="permitAll" />
<sec:intercept-url pattern="/public*" access="permitAll" />
<sec:intercept-url pattern="/libs/**" access="permitAll" />
<sec:intercept-url pattern="/fonts/**" access="permitAll" />
<sec:intercept-url pattern="/*" access="permitAll" />
<sec:intercept-url pattern="/**" access="isAuthenticated()" />
<sec:form-login login-page="/login"
authentication-failure-url="/accessDenied"
authentication-success-handler-ref="authSuccessHandler"
authentication-failure-handler-ref="authFailureHandler"
login-processing-url="/login" />
<sec:access-denied-handler error-page="/accessDenied" />
<sec:logout />
</sec:http>
<!-- Authentication providers -->
<bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<constructor-arg value="512" />
</bean>
<bean id="authSuccessHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
</bean>
<bean id="authFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
p:defaultFailureUrl="/loginFailed" />
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="jaasAuthProvider" />
</sec:authentication-manager>
</beans>