我在我的spring安全配置文件(http://www.springframework.org/schema/security/spring-security-2.0.1.xsd)中聲明瞭以下內容: :在Spring Security窗體登錄頁面獲取原始請求url
<form-login login-page="/login.html" />
如果Spring Security沒有正確的身份驗證憑證,它會將用戶重定向到該頁面。我如何獲得用戶試圖訪問的頁面的URL?
原始請求由SavedRequest對象表示,該對象可以作爲名爲SPRING_SECURITY_SAVED_REQUEST_KEY的會話屬性進行訪問。
在Spring Security 4
原始請求由DefaultSavedRequest對象,可以爲名爲SPRING_SECURITY_SAVED_REQUEST一個會話屬性被訪問表示。
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(HttpSession session) {
DefaultSavedRequest savedRequest = (DefaultSavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
}
在我的情況下,我做了這樣的事情,它爲我工作。
@Autowired
private LoggedUserListener loggedUserListener;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/find/**","/","/Application/**")
.access("hasRole('ROLE_USER')")
.successHandler(loggedUserListener)
//some other stuff
}
@Component
public class LoggedUserListener implements AuthenticationSuccessHandler{
@Autowired
private UserRepo userRepo;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
HttpSession session = request.getSession();
SavedRequest savedRequest = (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
if(savedRequest != null) {
User u = userRepo.findByUsername(authentication.getName());
u.setLastLogin(new Date());
u.setAccountNonLocked(false);
userRepo.save(u);
response.sendRedirect(savedRequest.getRedirectUrl());
}
}
}
可能與http://stackoverflow.com/questions/631217/spring-security-how-to-get-the-initial-target-url – Raghuram 2011-01-14 13:30:24
感謝您的聯繫! – 2011-01-14 17:23:53