我有一个GWT应用程序,由两个模块组成:" application "用于主要功能,"Login"用于登录/忘记密码/注册新用户功能。
我使用Spring Security在成功登录时将用户重定向到Application.html:
<security:http auto-config="true">
<security:intercept-url pattern="/Application.html**" access="ROLE_USER"/>
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:form-login login-page="/Login.html" default-target-url="/MainApplication.html"
always-use-default-target="true" authentication-failure-url="/Login.html?failed=true"/>
</security:http>
通过Login.html认证成功后,加载Application.html模块并向服务器执行相应的请求,但浏览器内容保持不变,地址栏中的URL仍然是"Login.html"!
那么,问题是:为什么没有重定向?
提前感谢!
您正在通过SpringSecurityFilter拦截Application.html,目标URL指定为MainApplication.html。在mainApplication.html中,试着添加这个
<meta http-equiv="REFRESH" content="0;url=Application.html">
,这样它会把你移回Application.html。如果你需要的话,你可以在这里做一些授权。同时检查你的web.xml中是否正确设置了DelegatingFilterProxy。
我的配置如下。我使用一个GWT应用程序
在我的jsp
<form name="login" action="<c:url value="j_spring_security_check"/>" method="POST">
in my web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
in my welcome.jsp
<sec:authorize ifAnyGranted="<%=gRoles%>">
<meta http-equiv="REFRESH" content="0; url=demoApp/demoApp.jsp">
</sec:authorize>
spring-security.xml
<http auto-config="false" access-denied-page="/login.jsp?error=Access%20Denied">
<intercept-url pattern="/login.jsp*" filters="none" />
<intercept-url pattern="/demoApp/**" access="${app.roles}" />
<form-login login-page="/login.jsp"
default-target-url="/welcome.jsp"
always-use-default-target="true"
authentication-failure-url="/login.jsp?error=true" />
<logout logout-success-url="/login.jsp"/>
<anonymous/>