开发者

Spring Security 3 Get Initially Requested URL

问答 作者:

I need to modify my spring security login page based on where the user came from. My client wants the styles different between the two. If you come from appcontextroot/test vs appcontextroot/choose. I tried to do the below but the String url=savedRequest.getRedirectUrl(); is equal to the spring login page already and not the initial page requested by the user. Any ideas?

ExternalContext externalContext = FacesUtils.getExternalContext();
    HttpServletRequest request = (HttpServletRequest)externalContext.getRequest();
    HttpSession session = request.getSession(false);
    if(session != null) {
        Save开发者_JAVA技巧dRequest savedRequest = new DefaultSavedRequest(request, new PortResolverImpl());
        String url=savedRequest.getRedirectUrl();
    }

You need to extract SavedRequest from the session, not to create a new one:

SavedRequest savedRequest = 
    new HttpSessionRequestCache().getRequest(request, response);


SavedRequest savedRequest =
    (SavedRequest)session.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
// ...check for null...
String targetUrl = savedRequest.getRedirectUrl();

Ugly but working, if you don't have the HttpServletResponse available (e.g. in case you use org.springframework.social.connect.web.SignInAdapter).

Tested with Spring Security 3.1.0.RC2.

I didn't make it work with the solution proposed, here's what i found : (Using spring 3.1).

In your fitler class :

CharsetFilter implements Filter {
    @OVerride public void doFilter(ServletRequest request, ServletResponse response, FilterChain next) throws IOException, ServletException {
        HttpServletRequest hsr = (HttpServletRequest) request;
        if (hsr.getUserPrincipal() == null) {
            HttpSession session = hsr.getSession();
            if (!(hsr == null)) {
                logger.info("path : " + hsr.getPathInfo());
                session.setAttribute("beforeLoginUrl", hsr.getPathInfo());
    }
  }
}

Then i your web.xml declare your filter :

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
    <filter-name>charsetFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
        <param-name>encoding</param-name>
        <param-value>UTF-8</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>charsetFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
    <filter-name>CharsetFilter</filter-name>
    <filter-class>com.ent.foo.CharsetFilter</filter-class>
    <init-param>
        <param-name>requestEncoding</param-name>
        <param-value>UTF-8</param-value>
    </init-param>
</filter>

Then in your redirect url after successful login just get the HttpSession back :

@RequestMapping(value = "successful")
public void showSuccessfulogin (HttpSession session) {
    String redirectUrl = (String) session.getAttribute("beforeLoginUrl");
    if (redirectUrl != null) {
        session.removeAttribute("beforeLoginUrl");
        return "redirect:" + redirectUrl;
    }
    return "redirect:/";
}

Here you got the stuff to make it work, but you'll have to check the

hsr.getPathInfo()

and see if it ends with .css or .js, etc...

Also if the login fail you'll should see if session attribute is already set and see any others special case !

Btw my filter was used before to format all input/output in utf-8.

Hope it'll help any.

For me I used Spring Security 3.0.0 and the following worked :

DefaultSavedRequest savedRequest=(DefaultSavedRequest) request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY"); targetUrl=savedRequest.getRedirectUrl();

继续阅读:springspring-security

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9