在会话结束时捕获 url 参数 con spring security

Question

我正在使用 Spring Security 3.2 和 Hibernate 4。目前我有一个自定义登录，其工作方式如下。 URL "/" (root) 是一个欢迎 jsp 请求，它要求一个参数以根据相同的参数显示不同的登录。例如，如果用户输入 url "/parameter1"（手动操作），此变量会显示由驱动程序生成的个性化登录，该驱动程序从那里收集 RequestMapping（值 =“/{parameter}”，所有 URLS 都将具有该参数，我遇到的问题是，当用户希望离开或您的会话到期时，spring 会向我发送 url "/" ，但我需要它向我发送 /parameter1 ，以便捕获参数 "parameter1" 以便它让我进入自定义登录。这样我就不必手动重新输入参数。我的安全设置如下：

    <custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
    <!-- <form-login login-page="/loginUser" login-processing-url="/testUser/j_spring_security_check"
        authentication-failure-url="/loginError"   default-target-url="/testUser"
        username-parameter="j_username" password-parameter="j_password" /> -->

    <logout invalidate-session="true" delete-cookies="JSESSIONID" logout-success-url="/loginUser" logout-url="/testUser/j_spring_security_logout"/>

    <session-management invalid-session-url="/"   session-fixation-protection="migrateSession" >
       <concurrency-control max-sessions="2"  expired-url="/" error-if-maximum-exceeded="false"/>
    </session-management>

 <beans:bean id="loginUrlAuthenticationEntryPoint"
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <beans:property  name="loginFormUrl" value="/loginUser" />
</beans:bean>  

<beans:bean id="myFilter" class="net.universia.test.autenticacionService.LoginAuthenticationFilter">
  <beans:property name="authenticationManager"  ref='UserauthenticationManager'/>
   <beans:property name="authenticationFailureHandler" ref="failureHandler"/>
   <beans:property name="authenticationSuccessHandler" ref="successHandler"/>   
   <beans:property name="filterProcessesUrl"  value="/testUser/j_spring_security_check"/>
</beans:bean>

  <beans:bean  id = "exceptionTranslationFilter" class = "org.springframework.security.web.access.ExceptionTranslationFilter" > 
    <beans:property  name = "authenticationEntryPoint"  ref = "loginUrlAuthenticationEntryPoint" /> 
    <beans:property  name = "accessDeniedHandler"  ref = "accessDeniedHandler" /> 
  </beans:bean> 


<beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
   <beans:property name="defaultTargetUrl" value="/testUser"/>
</beans:bean>

 <beans:bean  id = "accessDeniedHandler" class = "org.springframework.security.web.access.AccessDeniedHandlerImpl" > 
    <beans:property  name = "errorPage"  value = "/403" /> 
 </beans:bean>

显示登录表单的驱动是：

@RequestMapping(value ="/{testRef}", method = {RequestMethod.POST,RequestMethod.GET})
public @ResponseBody ModelAndView loginTestRef(@PathVariable("testRef") String testRef,HttpSession session, HttpServletRequest request) {

    session.setAttribute("ssidreffh", testRef);

    TestDatos test = testService.showTestUserByRef(testRef);

    request.getSession().setAttribute("test", test);

    ModelAndView mav = new ModelAndView("/loginUser");
    mav.addObject("test", test);

    return mav;

}

如果用户在 url /dominio/parametro1/paginaPerfil 中或您的会话结束，spring 将我重定向到 url “/myApp/parameter1” 所以会在登录而不是根“/”。

Answer 1

我终于可以解决我的问题了。我实现了一个自定义过滤器，用于使用SimpleUrlLogoutSuccessHandler 注销，我可以捕获以前的 URL 以及我通过重定向返回的参数 (/parameter1)。这是我的代码：

public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler  {
    @Override
    public void onLogoutSuccess(HttpServletRequest request,
            HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {
        String testRef = null;
        if (authentication != null) {
            String refererUrl = request.getHeader("Referer");
            System.out.println("variables: " +refererUrl);
            String[] parts = refererUrl.split("/");
            testRef = parts[5];
        }
        setDefaultTargetUrl("/"+testRef);
        super.onLogoutSuccess(request, response, authentication);
    }
}