在spring security 的config型別中配置.defaultSuccessUrl("/path")失敗，如果登陸前有預設登陸路徑的話登入成功後依舊跳轉為登入前的路徑，而沒有按照我們設定中的.defaultSuccessUrl進行跳轉;

    其中設定程式碼如下

 public final T defaultSuccessUrl(String defaultSuccessUrl, boolean alwaysUse) {
        SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
        handler.setDefaultTargetUrl(defaultSuccessUrl);
        handler.setAlwaysUseDefaultTargetUrl(alwaysUse);
        return this.successHandler(handler);
    }
 

    這個時候spring中是把路徑設定到SavedRequestAwareAuthenticationSuccessHandler 類的defaultTargetUrl屬性中；

再看登入成功後的處理類。

public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
        SavedRequest savedRequest = this.requestCache.getRequest(request, response);
        if (savedRequest == null) {
            super.onAuthenticationSuccess(request, response, authentication);
        } else {
             String targetUrlParameter = this.getTargetUrlParameter();
            if (!this.isAlwaysUseDefaultTargetUrl() && (targetUrlParameter == null || !StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
                this.clearAuthenticationAttributes(request);
                String targetUrl = savedRequest.getRedirectUrl();
                this.logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl);
                this.getRedirectStrategy().sendRedirect(request, response, targetUrl);
            } else {
                this.requestCache.removeRequest(request, response);
                super.onAuthenticationSuccess(request, response, authentication);
            }
        }
    }
 

String targetUrlParameter = this.getTargetUrlParameter();

該程式碼中取到的跳轉路徑取值的屬性不是我們設定的defaultTargetUrl所以沒法生效;

    如果需要強制指定登陸之後跳轉的路徑，需要重新設定一個AuthenticationSuccessHandler處理類,在配置類中設定以下程式碼可以強制指定登陸成功後的跳轉路徑.

// 強制指定登陸成功後跳轉的路徑
 .successHandler(new ForwardAuthenticationSuccessHandler("/loginStatus?status=true"))

protected void configure(HttpSecurity http) throws Exception {
        http.
                authorizeRequests()
                // 設定靜態的資源允許所有訪問
                .antMatchers("/static/base/**").permitAll()
                // 其他所有資源都需要登陸後才能訪問
                .anyRequest().authenticated()
                // 設定預設登陸頁面/login
                .and().formLogin().loginPage("/login")
                // 強制指定登陸成功後跳轉的路勁
               .successHandler(new ForwardAuthenticationSuccessHandler("/loginStatus?status=true"))
                .failureUrl("/loginStatus?status=false")
                .permitAll()
                // 設定快取，預設2周有效
                .and().rememberMe().tokenValiditySeconds(1209600).key("mykey")
                // 設定登出的路徑和登出成功後訪問的路徑
                .and().logout().logoutUrl("/loginOut").logoutSuccessUrl("/login").permitAll()
                // 金庸crsf
                .and().csrf().disable()
        ;
    }