登录后 Spring Boot 重定向到请求的 URL

Question

我有一个 Spring Boot UI 应用程序。我试图在登录后将用户重定向到最初请求的 URL。

当用户请求http://www.example.com/myapp/user/22 时，应用程序恰当地重定向到http://www.example.com/myapp/login。用户登录后，应用程序将重定向到http://www.example.com/myapp/dashboard。我希望应用程序重定向到http://www.example.com/myapp/user/22。

我浏览了几个链接，觉得我有一个正确的配置，但是重定向没有按预期工作。

我的安全配置是

public class SecurityConfig extends WebSecurityConfigurerAdapter {
.....
....

    @Autowired
    private MyAuthenticationSuccessHandler authenticationSuccessHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.
        authorizeRequests()
                .antMatchers("/user/**").authenticated()
                .and().csrf().disable().formLogin()
                .successHandler(authenticationSuccessHandler)
......

我的成功处理程序是

    @Component
    public class MyAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
    ...
public MyAuthenticationSuccessHandler() {
        super();
        this.setDefaultTargetUrl("/myapp/dashboard");
        this.setUseReferer(true);
    }

        @Override
        public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                Authentication authentication) throws IOException, ServletException {
            //Do something ..........
            ........
            .........
            super.onAuthenticationSuccess(request, response, authentication);
}

我也尝试使用 SavedRequestAwareAuthenticationSuccessHandler 。

我注意到我的成功处理程序被调用，但目标 URL 始终是 /user/login 并且我的登录控制器被调用..

@RequestMapping("/login")
public ModelAndView login(@ModelAttribute() {
    if(!userIdentified) {
        //go to login page
    } else {
        new ModelAndView("redirect:/myapp/dashboard");
    }
}

并且用户被重定向到“仪表板”。

我还缺少什么？

Answer 1

使用 session 属性中的“Referer”获取最新的请求 URL。在我的应用程序中，我使用这个

public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

    public static final String REDIRECT_URL_SESSION_ATTRIBUTE_NAME = "REDIRECT_URL";

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {

        Object redirectURLObject = request.getSession().getAttribute(REDIRECT_URL_SESSION_ATTRIBUTE_NAME);

        if(redirectURLObject != null)
            setDefaultTargetUrl(redirectURLObject.toString());
        else{
            setDefaultTargetUrl("/");
        }

        request.getSession().removeAttribute(REDIRECT_URL_SESSION_ATTRIBUTE_NAME);
        super.onAuthenticationSuccess(request, response, authentication);
    }

}

编辑 ：

抱歉，我忘了显示登录控制器

@RequestMapping(method = RequestMethod.GET, value = {"/login"})
    String login(Model model, Principal principal, HttpServletRequest request) throws Exception{
        String referer = request.getHeader("Referer"); //Get previous URL before call '/login'

        //save referer URL to session, for later use on CustomAuthenticationSuccesshandler
        request.getSession().setAttribute(CustomAuthenticationSuccessHandler.REDIRECT_URL_SESSION_ATTRIBUTE_NAME, referer); 


        return principal == null ?  "login" : "redirect:/"; 
    }