我正在尝试配置spring security 3,以便当用户被迫再次登录时(例如,当会话超时时),用户将在授权过程开始之前收回他们所在的页面.
我正在使用SavedRequestAwareAuthenticationSuccessHandler但原始请求似乎没有保存在缓存中.
以下是我的安全配置.
<security:http auto-config="false"
use-expressions="true"
access-denied-page="/views/auth/login?error=true"
entry-point-ref="authenticationEntryPoint" >
<security:intercept-url pattern="/*" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/views/*" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/data/*" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/auth/*" access="permitAll" />
<security:logout invalidate-session="true" logout-success-url="/views/auth/login" logout-url="/views/auth/logout" />
<security:session-management invalid-session-url="/views/auth/login" >
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</security:session-management>
<security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>
</security:http>
<security:authentication-manager />
<bean id="authenticationFilter" class="com.security.web.filter.UsernamePasswordAuthenticationFilter">
<property name="allowSessionCreation" value="true" />
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler" ref="aAuthenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
</bean>
<bean id="authenticationManager" class="com.security.web.manager.AuthenticationManager" />
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
<property name="loginFormUrl" value="/views/auth/login"/>
</bean>
<bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/views/auth/login?error=true"/>
</bean>
<bean id="authenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/views"/>
</bean>
任何帮助,将不胜感激.
你可能会错过这个:
<bean id="requestCacheAwareFilter"
class="org.springframework.security.web.savedrequest.RequestCacheAwareFilter">
<constructor-arg ref="requestCache"/>
</bean>
<bean id="requestCache" class="org.springframework.security.web.savedrequest.HttpSessionRequestCache"/>
您还需要将 requestCache 添加到authenticationSuccessHandler
<property name="requestCache" ref="requestCache"/>
| 归档时间: |
|
| 查看次数: |
4830 次 |
| 最近记录: |