我使用此模板https://github.com/hellokoding/registration-login-spring-xml-maven-jsp-mysql进行注册。Spring Security - 注册
控制器
@RequestMapping(value = "/register", method = POST)
public String registration(@ModelAttribute("userForm") User userForm) {
userService.add(userForm);
securityService.autologin(userForm.getUsername(), userForm.getPassword());
return "redirect:/notes/";
}
方法自动登录:
@Override
public void autologin(final String username, final String password) {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
authenticationManager.authenticate(usernamePasswordAuthenticationToken);
if (usernamePasswordAuthenticationToken.isAuthenticated()) {
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
方法loadUserByUsername:
@Override
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException {
User user = userRepository.findByName(username);
Set<GrantedAuthority> grantedAuthorities = user.getRoles().stream().map(role -> new SimpleGrantedAuthority(role.getName())).collect(Collectors.toSet());
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), grantedAuthorities);
}
HTTP配置:
<http auto-config="true" >
<intercept-url pattern="/notes**" access="authenticated" />
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/auth**" access="permitAll" />
<intercept-url pattern="/accessDenied" access="permitAll" />
<access-denied-handler error-page="/accessDenied" />
<logout logout-success-url="/auth/login?logout" />
<form-login
default-target-url="/notes/"
login-page="/auth/login"
login-processing-url="/j_spring_security_check"
username-parameter="username"
password-parameter="password"
/>
<remember-me data-source-ref="dataSource" />
<session-management session-fixation-protection="newSession" >
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
</http>
但是,当我创建一个帐户,之后“注册”页面,我去上的“符号”。并且这个用户被添加到数据库。但是,我必须重定向:/ notes /。
删除'默认目标url',并添加一些[AuthenticationSuccessHandler](http://docs.spring.io/spring-安全/网站/文档/电流/ apidocs /组织/ springframework的/安全/网络/认证/ AuthenticationSuccessHandler.html)做重定向基于谁连接(即委托人) –
我这样做,但我有同样的效果。我也尝试改变控制器中的返回值,以“重定向:/ NotesWeb/notes /”,但这也没有改变任何东西。 – jack
我没有看到'NotesWeb'必须在这里做什么。你改变了你的问题,现在你想重定向到'/ notes'?也许'usernamePasswordAuthenticationToken.isAuthenticated()'为false,所以没有通过身份验证登录页面(你应该看到在应用程序日志中) –