Wil*_*leu 6 spring-mvc spring-security
我使用的是Spring Security 3.1.2版.
这是配置:
<http pattern="/embedded/**" auto-config="true" use-expressions="true" access-denied-page="/embedded/login.htm">
<intercept-url pattern="/embedded/login-embedded.html" access="hasRole('ROLE_AUTHENTICATED')"/>
<intercept-url pattern="/embedded/**" access="permitAll"/>
<form-login login-page="/embedded/login.htm"
authentication-failure-url="/embedded/login.htm?error=true"
default-target-url="/embedded/login-embedded.html" />
<logout logout-success-url="/embedded/index.html"/>
</http>
<http auto-config="true" use-expressions="true" access-denied-page="/login.htm">
<intercept-url pattern="/login-success.html" access="hasRole('ROLE_AUTHENTICATED')"/>
<intercept-url pattern="/**" access="permitAll"/>
<form-login login-page="/login.htm"
authentication-failure-url="/login.htm?error=true"
default-target-url="/login-success.html"/>
<logout logout-success-url="/index.html"/>
</http>
我将数据发送到Spring MVC控制器,该控制器调用服务来验证验证码.如果通过它将它转发到j_spring_security_checkRequestDispatcher.
这是控制器的相关部分:
@RequestMapping(value ="/embedded/login.htm", method = RequestMethod.POST)
public String authenticateCaptcha(HttpServletRequest request,
HttpServletResponse response,
@RequestParam String verificationText) throws IOException, ServletException {
HttpSession session = request.getSession();
String sessionId = session.getId();
if (captchaService.validate(sessionId, verificationText)) {
request.getRequestDispatcher("/j_spring_security_check").forward(request, response);
return null;
}
return buildErrorRedirect(request);
}
我的问题是,在验证验证码并将请求转发给Spring Security并且验证失败后,它转发的错误页面/login.htm?error=true而不是/embedded/login.htm?error=true.
URL/j_spring_security_check不匹配/embedded/**,因此authentication-failure-url="/login.htm?error=true"使用第二个配置中的 URL。
最近有人问类似的问题:
具有两个领域的 Spring security,第一个 default-target-url 永远不会被调用
Spring Security 的创建者之一回答了这个问题。我建议阅读它。
Stack Overflow 上另一个有价值的部分: 为什么转发的请求会再次通过过滤器链?
| 归档时间: |
|
| 查看次数: |
1338 次 |
| 最近记录: |