Redirect to login page with some extra parameters

2019-08-09 02:07发布

问题:

I'm using Spring Boot with Spring Security, and I would like to redirect to the login with a custom parameter in the URL different then login?error or login?logout.

Currently when I do the redirect the login url get strip from parameters different to "error" or "logout" pageI have authentication through AD that any authorized user can login.

For example in my controller I have something like:

   return "redirect:/login?invalid-token";

And I would like to do in the login page something likehe view

   <div th:if="${param.invalid-token}" class="alert alert-danger" role="alert">Invalid token message.</div>

Thanks in advance...

回答1:

I'm still not fully understanding your problem, but I am taking a pretty good guess.

Likely your problem is that you are redirecting to /login?invalid-token and Spring Security is not allowing anonymous access to that page. To fix it, use the following:

http
    .authorizeRequests()
        .antMatchers("/login").permitAll()
        ...

Note that formLogin().permitAll() is very restrictive. It only allows access to the login page and the login error page that Spring Security knows about. The above makes it more permissive.



回答2:

You can set it as a part of your model, in your controller:

if(invalid-token != null){
    model.addattribute("invalid-token", invalid-token);
}

return "view";

And then you can do the JSTL like this:

<c:if test=${!empty invalid-token}>
    <div class="alert alert-danger" role="alert">${!empty invalid-token}</div>
</c:if>

EDIT:

You don't actually have to do the check. You can just add the div like this:

<div class="alert alert-danger" role="alert">${invalid-token}</div>

It will only show if you have assigned the invalid-token on your model (depending on your styling)