java - 从 https 登录后自动重定向到 http
问题描述
你好 StackOverflow 社区!
在登录页面上,Spring Security 将我从 https 自动重定向到 http,导致向用户显示“不安全”消息。我可以避免这种情况并在登录后保持在 https 上吗?请指教。我的配置附在下面:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@RequiredArgsConstructor
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
private final LoginUrlAuthenticationEntryPoint entryPoint;
private final SimpleUrlAuthenticationFailureHandler authenticationFailureHandler;
private final UserAuthenticationSuccessHandler authenticationSuccessHandler;
private final UserAuthenticationProvider authProvider;
@Override
protected void configure( AuthenticationManagerBuilder builder )
{
builder.authenticationProvider( authProvider );
}
@Override
protected void configure( HttpSecurity http ) throws Exception
{
http.csrf().disable()
.httpBasic( hb -> hb
.authenticationEntryPoint( entryPoint )
)
.headers( h -> h
.frameOptions().disable()
)
.authorizeRequests( ar -> ar
.antMatchers(
"/newAgreement/*",
"/signup/*",
"/createStation/*",
"/test", "/test.htm",
"/iclubCss", "/iclubCss.htm",
"/footer", "/footer.htm",
"/errorMessage", "/errorMessage.htm",
"/favicon.ico",
"/eventRemoval",
"/trial", "/trial.htm",
"/classlist", "/classlist.htm",
"/club/getClub", "/club/getClub.htm",
"/club/getClubExternal", "/club/getClubExternal.htm"
).permitAll()
.antMatchers( "/*" ).hasRole( "USER" )
)
.formLogin( fl -> fl
.loginProcessingUrl( "/performLogin" )
.loginPage( "/members/signin.htm" ).permitAll()
.failureHandler( authenticationFailureHandler )
.successHandler( authenticationSuccessHandler )
)
.logout( l -> l
.permitAll()
.invalidateHttpSession( true )
.logoutSuccessUrl( "/members/signin.htm?signout=1" )
.logoutUrl( "/members/signout.htm" )
.deleteCookies( "JSESSIONID" )
)
.sessionManagement( sm -> sm
.sessionFixation().newSession()
)
;
}
}
我的用户身份验证成功处理程序是
public class UserAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler
{
@Override
public void onAuthenticationSuccess( HttpServletRequest request,
HttpServletResponse response, Authentication authentication) throws ServletException, IOException
{
String url = getDefaultTargetUrl();
if (request.getParameter("spring-security-redirect") != null) {
url = url + request.getParameter("spring-security-redirect");
}
getRedirectStrategy().sendRedirect(request, response, url);
}
}
解决方案
推荐阅读
- python - 如何使用 MapReduce 在 python 中乘以矩阵?
- python - 通过多次加入自身表来创建新列
- reactjs - 如何在使用 redux-api-middleware 调用 API 后触发操作
- python - 两个数据框的特定列的总和值
- jquery - 通过自动完成 jQuery 填写文本字段值?
- flutter - Flutter:如何隐藏 AlertDialog
- c++ - 在 C++ 代码中添加终端间隙分数以获得最佳序列比对分数
- angular - 将角度 6 升级到 9 的最佳方法是什么?
- ios - 运行带有结果的 Swift Playground 会导致运行时错误
- git - 在执行 git 操作时在 java 中保持干净的代码