问题
I am using Spring Security with a login page and a remember-me filter. The remember-me filtering can happen on any page of the application.
But I want the same behaviour both when the user is authenticated from login page and from the cookie:
- I want to set some user information in session
- I want to redirect the user to the home page (always-use-default-target="true")
I have seen that the success-handler for the remember-me tag is supported by Spring Security since the 3.1.0 (https://jira.springsource.org/browse/SEC-1603).
Another solution for me would be to restrict the URL for the remember-me filter, like the intercept-url. I would allow the remember-me filtering only on the default or home page URL.
Is there a standard way to restrict the URL for the remember-me filter or to redirect the user after cookie authentication before the version 3.1.0?
回答1:
Sure - subclass RememberMeAuthenticationFilter and override doFilter(). If the request is for the home page call super.doFilter(), otherwise call chain.doFilter().
来源:https://stackoverflow.com/questions/7387436/spring-security-rememberme-success-handler-or-url-filtering