Spring 安全重定向 url 和单页哈希片段
Spring Security redirect url and single page hash fragments
有什么方法可以配置 Spring 安全性以便正确理解单页应用程序(使用 Vaadin 7 框架构建)中的哈希片段?
成功登录后,我需要将我的用户重定向到带有散列片段的正确页面,但 Spring 安全性破坏了原始路径。
已通过以下技巧修复(我使用 ThymeLeaf 作为模板引擎):
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<title>Login</title>
<script th:inline="javascript">
function getLoginAction(form){
var hash = unescape(self.document.location.hash.substring(1));
form.action = [[@{/login}]] + '#' + hash;
return true;
}
</script>
</head>
<body>
<h3>Please login</h3>
<p th:if="${param.error}">
Bad Credentials:
</p>
<form th:action="@{/login}" method="POST" onsubmit="getLoginAction(this);">
User Name : <input type="text" name="username"/> <br/><br/>
Password: <input type="password" name="password"/> <br/><br/>
<input type='checkbox' name="remember-me"/>Remember Me? <br/><br/>
<input type="submit" value="Login"/>
</form>
</body>
</html>
您可以在登录表单中带上hash部分,登录成功后将hash返回。
在登录表单提交时带上哈希部分:
<form name='login_form' action="/perform_login" method='POST' onsubmit="getHashPart()">
<table>
<tr>
<td>User:</td>
<td><input type='text' name='username' value=''></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password'/></td>
</tr>
<input type="hidden" name="hashPart" value=""/>
<tr>
<td><input name="submit" type="submit" value="submit"/></td>
</tr>
</table>
</form>
<script type="text/javascript">
var getHashPart = function () {
login_form.hashPart.value = location.hash;
}
</script>
创建一个 MyAuthenticationSuccessHandler:
public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws ServletException, IOException {
String hashPart = request.getParameter("hashPart");
if (hashPart == null || hashPart.trim().equals("")) {
super.onAuthenticationSuccess(request, response, authentication);
} else {
this.getRedirectStrategy().sendRedirect(request, response, "/" + hashPart);
}
}
}
将您的处理程序放入 SecurityConfig:
http
......
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/perform_login")
.successHandler(myAuthenticationSuccessHandler)
有什么方法可以配置 Spring 安全性以便正确理解单页应用程序(使用 Vaadin 7 框架构建)中的哈希片段?
成功登录后,我需要将我的用户重定向到带有散列片段的正确页面,但 Spring 安全性破坏了原始路径。
已通过以下技巧修复(我使用 ThymeLeaf 作为模板引擎):
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<title>Login</title>
<script th:inline="javascript">
function getLoginAction(form){
var hash = unescape(self.document.location.hash.substring(1));
form.action = [[@{/login}]] + '#' + hash;
return true;
}
</script>
</head>
<body>
<h3>Please login</h3>
<p th:if="${param.error}">
Bad Credentials:
</p>
<form th:action="@{/login}" method="POST" onsubmit="getLoginAction(this);">
User Name : <input type="text" name="username"/> <br/><br/>
Password: <input type="password" name="password"/> <br/><br/>
<input type='checkbox' name="remember-me"/>Remember Me? <br/><br/>
<input type="submit" value="Login"/>
</form>
</body>
</html>
您可以在登录表单中带上hash部分,登录成功后将hash返回。
在登录表单提交时带上哈希部分:
<form name='login_form' action="/perform_login" method='POST' onsubmit="getHashPart()">
<table>
<tr>
<td>User:</td>
<td><input type='text' name='username' value=''></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password'/></td>
</tr>
<input type="hidden" name="hashPart" value=""/>
<tr>
<td><input name="submit" type="submit" value="submit"/></td>
</tr>
</table>
</form>
<script type="text/javascript">
var getHashPart = function () {
login_form.hashPart.value = location.hash;
}
</script>
创建一个 MyAuthenticationSuccessHandler:
public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws ServletException, IOException {
String hashPart = request.getParameter("hashPart");
if (hashPart == null || hashPart.trim().equals("")) {
super.onAuthenticationSuccess(request, response, authentication);
} else {
this.getRedirectStrategy().sendRedirect(request, response, "/" + hashPart);
}
}
}
将您的处理程序放入 SecurityConfig:
http
......
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/perform_login")
.successHandler(myAuthenticationSuccessHandler)