基本概念

暫無。

官方文檔

https://docs.spring.io/spring-security/site/docs/5.3.1.BUILD-SNAPSHOT/reference/html5/#nsa-form-login

https://docs.spring.io/autorepo/docs/spring-security/3.2.4.RELEASE/apidocs/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.html

API

SavedRequestAwareAuthenticationSuccessHandler：身份驗證成功策略，可以利用身份驗證成功策略，該策略DefaultSavedRequest可能已由會話存儲在會話中ExceptionTranslationFilter。當此類請求被攔截并需要進行身份驗證時，將存儲請求數據以記錄身份驗證過程開始之前的原始目的地，并允許在重定向到相同URL時重構請求。如果合適，此類負責執行重定向到原始URL的操作。

成功進行身份驗證后，它將根據以下情況決定重定向目標：

• 如果該alwaysUseDefaultTargetUrl屬性設置為true，defaultTargetUrl?則將用于目標。任何DefaultSavedRequest存儲在會話將被刪除。
• 如果targetUrlParameter已在請求中設置，則該值將用作目的地。任何DefaultSavedRequest都將再次被刪除。
• 如果在SavedRequest中找到了RequestCache（由設置為在ExceptionTranslationFilter身份驗證過程開始之前記錄原始目標），則將重定向到該原始目標的Url。SavedRequest收到重定向的請求后，該對象將保持緩存并被拾取（請參閱參考資料SavedRequestAwareWrapper）。
• 如果SavedRequest找不到，它將委派給基類。

需求分析

1.通過登錄頁登錄后，跳轉到后臺首頁 。

例如，直接打開login.htm登錄，登錄成功后應跳轉到admin/adminIndex.htm

2.直接訪問后臺其他需要權限的頁面，因為權限控制的原因會被跳轉到登錄頁，登錄成功后，應在此跳轉到想直接訪問的頁面。

例如，admin/b.htm需要權限才可以訪問，未登錄的無權限用戶直接訪問改頁面，會被跳轉到登錄頁login.htm，登陸成功后，應自動跳轉到admin/b.htm頁。

解決方案

當在ExceptionTranslationFilter中攔截時，會調用HttpSessionRequestCache保存原始的請求信息。

在UsernamePasswordAuthenticationFilter過濾器登錄成功后，會調用SavedRequestAwareAuthenticationSuccessHandler。

自定義一個MyAuthenticationSuccessHandler類，繼承自SavedRequestAwareAuthenticationSuccessHandler，并在其中的onAuthenticationSuccess將頁面重定向至需要的URL。

/*** @Author ShenTuZhiGang* @Version 1.0.0* @Date 2020-03-21 13:10*/@Component public class CustomSavedRequestAwareAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {@Overridepublic void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws ServletException, IOException {RequestCache requestCache = new HttpSessionRequestCache();SavedRequest savedRequest = requestCache.getRequest(httpServletRequest,httpServletResponse);if(savedRequest != null){//url = savedRequest.getRedirectUrl();}else{getRedirectStrategy().sendRedirect(httpServletRequest,httpServletResponse,"/index");}super.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);} }

Spring Security配置文件中需要設置authentication-success-handler-ref?

<bean id="myAuthenticationSuccessHandler" class="com.jiyufei.security.security.MyAuthenticationSuccessHandler"></bean> <sec:http auto-config="true" use-expressions="false"><sec:intercept-url pattern="/admin/login.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/><sec:intercept-url pattern="/error/*" access="IS_AUTHENTICATED_ANONYMOUSLY"/><sec:intercept-url pattern="/admin/*.htm" access="ROLE_ADMIN,ROLE_USER"/><sec:intercept-url pattern="/*.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/><sec:form-login login-page="/admin/login.htm" username-parameter="mail" password-parameter="password"authentication-success-handler-ref="myAuthenticationSuccessHandler" authentication-failure-url="/admin/login.htm?err=1" login-processing-url="/admin/check.htm"/></sec:http>

Spring Boot WebSecurity 配置類中需要配置.successHandler(customSavedRequestAwareAuthenticationSuccessHandler)

/*** @Author ShenTuZhiGang* @Version 1.0.0* @Date 2020-03-07 16:48*/ @Configuration @EnableGlobalMethodSecurity(prePostEnabled = true) public class MyZSTUWebSecurityConfig extends WebSecurityConfigurerAdapter {@AutowiredIUserService iUserService;@AutowiredCustomFilterInvocationSecurityMetadataSource customFilterInvocationSecurityMetadataSource;@AutowiredCustomAccessDecisionManager customAccessDecisionManager;@AutowiredAuthenticationAccessDeniedHandler authenticationAccessDeniedHandler;@AutowiredCustomSavedRequestAwareAuthenticationSuccessHandler customSavedRequestAwareAuthenticationSuccessHandler;@AutowiredCustomAuthenticationFailureHandler customAuthenticationFailureHandler;@AutowiredCustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;@BeanPasswordEncoder passwordEncoder(){return NoOpPasswordEncoder.getInstance();}@Overridepublic void configure(WebSecurity web){web.ignoring().antMatchers("/index.html","/student/**","/wx/**","/qq/**");}@Overrideprotected void configure(AuthenticationManagerBuilder auth)throws Exception{auth.userDetailsService(iUserService);}@Overrideprotected void configure(HttpSecurity http)throws Exception{http.authorizeRequests().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {@Overridepublic <O extends FilterSecurityInterceptor> O postProcess(O object) {object.setSecurityMetadataSource(customFilterInvocationSecurityMetadataSource);object.setAccessDecisionManager(customAccessDecisionManager);return object;}}).and().formLogin()//.loginPage("/login").loginProcessingUrl("/login").usernameParameter("username").passwordParameter("password").failureHandler(customAuthenticationFailureHandler)//本需求關鍵句.successHandler(customSavedRequestAwareAuthenticationSuccessHandler).permitAll().and().logout().permitAll().and().csrf().disable().exceptionHandling().accessDeniedHandler(authenticationAccessDeniedHandler);} }

?

參考文章

https://www.jianshu.com/p/e1f41b27e902

https://my.oschina.net/jiyufei/blog/1635118

?

總結

以上是生活随笔為你收集整理的Spring Security——实现登录后跳转到登录前页面的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。