always-use-default-target sample

2019-08-10 22:20发布

问题:

Is there a complete example where always-use-default-target is used in Spring Security? Especially I had asked the following question at the following link "Does it mean that for any page requested the spring security will start checking if the user has logged in? If not then if you mean to say that only when /secure/kittens.html is requested, the spring will try to check if the user is logged in, i would like to know where or how this check is made? The reason i am asking is i just tested but it did not work, i would like to know if i have to write some redirect logic in /secure/kittens.html?

Spring MVC and login redirect

回答1:

Spring will use a filter to make the security check based on your configuration. In your spring-security configuration you will need to setup an entry for /secure/kittens.html (or more generally /secure ) to tell spring-security that the user must be authenticated, or must have a given role in order to view the page. Once that is configured the filter will check against your rules, in order, to see if the user has permission to view the page. If not, spring-security will send them to the configured login page.

Have a look at the configuration of spring-security, specifically the intercept-url configuration for examples of configuring spring-security for your url space. That configuration page also has an example of configuring always-use-default-target. Again, note that the rules are evaluated in order, so a general case check at the top of the list will be matched before a specific one at the bottom, so make sure your rules are in order, specific to general.



回答2:

As mentioned before, the intercept-url in your spring security configuration will define the URLs that are going to be handled by the FilterChainProxy but in order to be more precise, it is the RequestCacheAwareFilter which will retrieve a SavedRequest from the RequestCache in order to appropriately redirect the user to the URL one initially requested.