【问题标题】:Spring mvc maintain session after redirectSpring mvc在重定向后维护会话
【发布时间】:2017-04-10 20:38:25
【问题描述】:

我正在实现一个 facebook 登录流程,我需要在重定向之前保存状态并在重定向回应用程序后检索它以进行验证。我试过这样:

 @RequestMapping
    public void redirectToFacebook(HttpSession session, HttpServletResponse response) throws IOException {
        String state = UUID.randomUUID().toString();
        session.setAttribute("facebook_state", state);

        UriComponentsBuilder uriBuilder = UriComponentsBuilder
                .fromUriString(providerLoginEndpoint)
                .queryParam("redirect_uri", redirectUrl)
                .queryParam("client_id", clientId)
                .queryParam("scope", "public_profile")
                .queryParam("state", state)
                .queryParam("response_type", "code");

        response.sendRedirect(uriBuilder.toUriString());
    }

    @RequestMapping("/redirect")
    public String authorize(Model model, HttpSession session,
                            @RequestParam("code") final String code,
                            final @RequestParam("state") String state) {
        String originalState = (String) session.getAttribute("facebook_state");
        //...
    }

Hovever originalState 为空,callack 后会话 ID 不同。有没有办法在第三方主机重定向前后保持会话状态?

【问题讨论】:

    标签: spring facebook spring-mvc session oauth


    【解决方案1】:

    必须将此添加到 WebSecurityConfig

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.sessionManagement()
                .maximumSessions(1)
                .and()
                .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
                .sessionFixation().none();
        //..
    

    【讨论】:

      猜你喜欢
      • 2013-01-29
      • 2023-03-27
      • 1970-01-01
      • 1970-01-01
      • 2014-06-05
      • 2012-12-26
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多