由于会话过期，将用户重定向到最后一页

Question

如果会话由于长时间间隔而过期，我想将用户重定向到上次访问的页面。

但是，我通过referrer 属性以及发送到控制器的前端js 文件获取了URL，但控制器仍然无法将请求重定向到上次访问的URL。相反，它总是重定向到默认 URL：Login.js

---

var comesFromUrl  = document.referrer,
                    mySiteDomain = document.domain;
                    last_location = comesFromUrl,
                        current_location = document.URL;

                    // Check if cookie exists and if its value is not the current location
                    if(typeof last_location !== "undefined"
                       && last_location !== current_location) {
                        // Here is possible to choose if remove the cookie or refresh it. It's up to you.

                        window.location.href = last_location;
                    }


                    this.sendNotification( publicLogin.ApplicationFacade.LOGIN_SUCCESS);

这是我的成功处理程序类。

public void onAuthenticationSuccess(HttpServletRequest request,
            HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {
response.setHeader("Cache-Control", "no-cache,no-store,must-revalidate");
        response.setHeader("Pragma", "no-cache");
        response.setDateHeader("Expires", -1);
        Object obj = authentication.getDetails();
        if (obj instanceof PublicUserInfo) {
            PublicUserInfo objUser = (PublicUserInfo) obj;

            String cookieData = "userId|~~~" + objUser.getGuid() + "|~~~|instituteId|~~~" + objUser.getInstitutionId();

            Cookie ck= new Cookie("user_info", cookieData);

            ck.setPath("/");
            response.addCookie(ck);
}

这是我的控制器类

@RequestMapping(method = RequestMethod.GET, value = "/userlogin/iscaptcharequired.json")
    public ModelAndView isCaptchaRequired(HttpServletRequest objServletRequest,
            HttpServletResponse objServletRespose) {
        // Setting response header to tell client browser not to cache anything.
        objServletRespose.setHeader("Cache-Control",
                "no-cache,no-store,must-revalidate");
        objServletRespose.setHeader("Pragma", "no-cache");
        objServletRespose.setDateHeader("Expires", -1);
        String referrer = objServletRequest.getHeader("Referer");

            objServletRequest.getSession().setAttribute("url_prior_login", referrer);
}

这是我的 security-config.xml 文件

<sec:filter-chain pattern="/service/**"
                filters="publicSecurityContextPersistenceFilter, 
                    concurrentSessionFilter,
                    publicLogoutFilter,
                    SSOAutoLoginGatewayFilter, 
                    myNePublicUserNamePasswordAuthFilter, 
                    publicAnonymousFilter, 
                    publicExceptionTranslationFilter, 
                    publicFilterSecurityInterceptor" />
<bean id="myNePublicUserNamePasswordAuthFilter"
        class="com.ne.mynelson.authentication.publicuser.MyNePublicUserPasswordAuthFilter">
        <property name="filterProcessesUrl" value="/service/json_authentication_check"></property>
        <property name="authenticationManager" ref="myNePublicUserAuthenticationManager" />
        <property name="authenticationFailureHandler" ref="failureHandler" />
        <property name="authenticationSuccessHandler" ref="successHandler" />
        <property name="authenticationInputProcessor" ref="myNePublicUserAuthInputProcessor"></property>
    </bean>
<bean id="successHandler"
        class="com.ne.mynelson.authentication.publicuser.MyNePublicUserAuthSuccessHandler">
        <property name="authHandlerView" ref="authHandlerView"></property>
        <property name="sessionRegistry" ref="sessionRegistry"></property>
        <property name="publicLoginManager" ref="publicLoginManager"></property>
    </bean>
<bean id="concurrentSessionFilter" class="com.magic.spring.security.ConcurrentSessionFilter">
        <property name="sessionRegistry">
            <ref bean="sessionRegistry" />
        </property>
        <property name="expiredUrl" value="/webapp/staticcontent/html/PublicLogin.html" />
        <property name="logoutHandlers">
            <list>
                <ref bean="publicUserSessionCleanupLogoutHandler" />
                <ref bean="rememberMeServices" /> 
                <ref bean="publicSecurityContextLogoutHandler" />
            </list>
        </property>
    </bean>

Answer 1

像这样添加到你的 spring-security.xml 中

<sec:session-management invalid-session-url="/login">
        <sec:concurrency-control expired-url="/expired-page-url" />
</sec:session-management>

更新：

阅读本文 Spring Security redirect to previous page after successful login

你需要 SavedRequestAwareAuthenticationSuccessHandler

来自 javadoc

 * An authentication success strategy which can make use of the
 * {@link org.springframework.security.web.savedrequest.DefaultSavedRequest} which may have been stored in the session by the
 * {@link ExceptionTranslationFilter}. When such a request is intercepted and requires
 * authentication, the request data is stored to record the original destination before
 * the authentication process commenced, and to allow the request to be reconstructed when
 * a redirect to the same URL occurs. This class is responsible for performing the
 * redirect to the original URL if appropriate.