添加链接 注册    登录
link之家
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
跑龙套的太阳  ·  教育奠基 人才开路 - 神州学人网·  2 月前    · 
帅气的蚂蚁  ·  《青春旅社》王源景甜深情合唱 ...·  3 月前    · 
逆袭的灭火器  ·  【名校进滏运】近三十所知名高校走进滏运中学_ ...·  4 月前    · 
冷冷的单杠  ·  极米只有声音没有图像 - 抖音·  1 年前    · 
唠叨的豌豆  ·  美失控卫星坠落太平洋后 ...·  1 年前    · 
link之家  ›  java - How to make Spring security to redirect user to the original requested page after successfully authenticated by the CAS ser
https://stackoverflow.com/questions/59632318/how-to-make-spring-security-to-redirect-user-to-the-original-requested-page-afte
小眼睛的牙膏
1 年前
Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

How to make Spring security to redirect user to the original requested page after successfully authenticated by the CAS server

Ask Question

I have a spring boot RESTFul web application, which uses CAS server for Enterprise Single Sign-On. If a user, who is not logged-in, tries to access a secure page, that user is redirected to the CAS server for authentication. On successful authentication, the user is redirected to the home page of spring boot RESTFul web application - not the secured page, the user tries to access. How can we directly redirect the user to the secure page, which the user wants to access after successful login?

The spring-security-cas-client is used to implement CAS authentication. An AuthenticationSuccessHandler is implemented to set UseReferer true. The spring security config class is as follows: 

package com.example.app
import java.util.Arrays;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationFilter;    
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private AuthenticationProvider authenticationProvider;
private AuthenticationEntryPoint authenticationEntryPoint;
private SingleSignOutFilter singleSignOutFilter;
private LogoutFilter logoutFilter;
@Autowired
public SecurityConfig(CasAuthenticationProvider casAuthenticationProvider, 
AuthenticationEntryPoint 
                      LogoutFilter lF
                      , SingleSignOutFilter ssF
    this.authenticationProvider = casAuthenticationProvider;
    this.authenticationEntryPoint = eP;
    this.logoutFilter = lF;
    this.singleSignOutFilter = ssF;
@Override
protected void configure(HttpSecurity http) throws Exception {
    .authorizeRequests()
    .antMatchers("/api/**", "/path-1", "/path-2")
    .authenticated()
    .and()
    .authorizeRequests()
    .regexMatchers("/")
    .permitAll()
    .and()
    .httpBasic()
    .authenticationEntryPoint(authenticationEntryPoint)
    .and()
    .logout().logoutSuccessUrl("/logout")
    .and()
    .addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
    .addFilterBefore(logoutFilter, LogoutFilter.class);
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  auth.authenticationProvider(authenticationProvider);
@Override
protected AuthenticationManager authenticationManager() throws Exception {
  return new ProviderManager(Arrays.asList(authenticationProvider));
@Bean
public CasAuthenticationFilter casAuthenticationFilter(ServiceProperties sP) throws Exception {
  CasAuthenticationFilter filter = new CasAuthenticationFilter();
  filter.setServiceProperties(sP);
  filter.setAuthenticationManager(authenticationManager());
  return filter;
@Bean
public AuthenticationSuccessHandler successHandler() {
    SimpleUrlAuthenticationSuccessHandler handler = new SimpleUrlAuthenticationSuccessHandler();
    handler.setUseReferer(true);
    return handler;

Using of SavedRequestAwareAuthenticationSuccessHandler instead of SimpleUrlAuthenticationSuccessHandler might help you achieve the redirection.


@Bean
public AuthenticationSuccessHandler successHandler() {
    SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
    handler.setTargetUrlParameter("redirectTo");
    handler.setDefaultTargetUrl("/");
    return handler;
        
Thanks for contributing an answer to Stack Overflow!
  • Please be sure to answer the question. Provide details and share your research!
But avoid
  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
 
推荐文章
跑龙套的太阳  ·  教育奠基 人才开路 - 神州学人网
2 月前
帅气的蚂蚁  ·  《青春旅社》王源景甜深情合唱 何穗王嘉尔走心 - 中国日报网
3 月前
逆袭的灭火器  ·  【名校进滏运】近三十所知名高校走进滏运中学_交流_张一凡_学子
4 月前
冷冷的单杠  ·  极米只有声音没有图像 - 抖音
1 年前
唠叨的豌豆  ·  美失控卫星坠落太平洋后 专家为公众化解心忧_新闻中心_新浪网
1 年前
今天看啥   ·   Py中国   ·   codingpro   ·   藏经阁   ·   小百科   ·   link之家   ·   卧龙AI搜索
删除内容请联系邮箱 2879853325@qq.com
link之家 - 链接快照平台
© 2024 ~ 沪ICP备11025650号