我将用户重定向到首页,并将“默认目标网址”设置为“ /”。但是,如果用户登录到产品页面(/ p /)或搜索页面(/ search),则需要重定向用户。我该怎么做呢?我对Spring Security和重定向还不是很了解。
我尝试在AuthenticationSuccessHandler的onAuthenticationSuccess()方法内拦截该请求,并检查该URL是否包含产品页面或搜索页面URL。
在AuthenticationSuccessHandler中:
if (!response.isCommitted()) {
super.onAuthenticationSuccess(request,response,authentication);
}
在spring-security-config.xml中:
<bean id="authenticationSuccessHandler" class ="com.storefront.AuthenticationSuccessHandler" scope="tenant">
<property name="rememberMeCookieStrategy" ref="rememberMeCookieStrategy" />
<property name="customerFacade" ref="customerFacade" />
<property name="sCustomerFacade" ref="sCustomerFacade" />
<property name="sProductFacade" ref="sProductFacade" />
<property name="defaultTargetUrl" value="/" />
<property name="useReferer" value="true" />
<property name="requestCache" value="httpSessionRequestCache" />
预期结果将是:
Hybris OOTB(我指的是V6.7)具有一项功能,您可以在其中列出要重定向到“默认目标网址”的URL。这里的想法是用相反的逻辑有另一个列表(或替换现有的列表),该逻辑仅允许给定的URL并将所有其他URL重定向到默认目标URL。
在开箱即用的,你可以看到listRedirectUrlsForceDefaultTarget中spring-security-config.xml,在那里可以定义要重定向到默认的目标URL列表。像下面。
<alias name="defaultLoginAuthenticationSuccessHandler" alias="loginAuthenticationSuccessHandler"/>
<bean id="defaultLoginAuthenticationSuccessHandler" class="de.hybris.platform.acceleratorstorefrontcommons.security.StorefrontAuthenticationSuccessHandler" >
<property name="customerFacade" ref="customerFacade" />
<property name="defaultTargetUrl" value="#{'responsive' == '${commerceservices.default.desktop.ui.experience}' ? '/' : '/my-account'}"/>
<property name="useReferer" value="true"/>
<property name="requestCache" ref="httpSessionRequestCache" />
<property name="uiExperienceService" ref="uiExperienceService"/>
<property name="cartFacade" ref="cartFacade"/>
<property name="customerConsentDataStrategy" ref="customerConsentDataStrategy"/>
<property name="cartRestorationStrategy" ref="cartRestorationStrategy"/>
<property name="forceDefaultTargetForUiExperienceLevel">
<map key-type="de.hybris.platform.commerceservices.enums.UiExperienceLevel" value-type="java.lang.Boolean">
<entry key="DESKTOP" value="false"/>
<entry key="MOBILE" value="false"/>
</map>
</property>
<property name="bruteForceAttackCounter" ref="bruteForceAttackCounter" />
<property name="restrictedPages">
<list>
<value>/login</value>
</list>
</property>
<property name="listRedirectUrlsForceDefaultTarget">
<list>/example/redirect/todefault</list>
</property>
</bean>
StorefrontAuthenticationSuccessHandler
@Override
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response,
final Authentication authentication) throws IOException, ServletException
{
//...
//if redirected from some specific url, need to remove the cachedRequest to force use defaultTargetUrl
final RequestCache requestCache = new HttpSessionRequestCache();
final SavedRequest savedRequest = requestCache.getRequest(request, response);
if (savedRequest != null)
{
for (final String redirectUrlForceDefaultTarget : getListRedirectUrlsForceDefaultTarget())
{
if (savedRequest.getRedirectUrl().contains(redirectUrlForceDefaultTarget))
{
requestCache.removeRequest(request, response);
break;
}
}
}
//...
}
现在,通过声明新列表(例如listAllowedRedirectUrls)或用中的listAllowedRedirectUrls替换listRedirectUrlsForceDefaultTarget来反转该逻辑,并在SuccessHandler中spring-security-config.xml进行相应的更改。喜欢
<property name="listAllowedRedirectUrls">
<list>/p/</list>
<list>/search</list>
</property>
StorefrontAuthenticationSuccessHandler
if (savedRequest != null)
{
for (final String listAllowedRedirectUrl : getListAllowedRedirectUrls())
{
if ( ! savedRequest.getRedirectUrl().contains(listAllowedRedirectUrl))
{
requestCache.removeRequest(request, response);
break;
}
}
}
您还必须对/ login / checkout处理程序声明(defaultLoginCheckoutAuthenticationSuccessHandler)进行相同的更改。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句