登录Spring Boot应用程序后维护用户的会话HttpSession

如何解决登录Spring Boot应用程序后维护用户的会话HttpSession

我正在Spring中创建一个简单的酒店预订Web应用程序。当前，我正在构建预订功能的实际实现，使用HttpSession在请求到服务器之间存储数据。

请在下面找到预订流程：

第1步：网址：“ /”（索引页）-用户选择位置，入住和退房日期

第2步：网址：“ / reservation / roomselection”-用户从三种可用的房间类型中选择一种

第3步：网址：“ / auth / guest / reservation / details”-用户添加其他信息并确认预订

重要 进入步骤3之前，用户需要在登录页面上进行身份验证（URL：“ / login”），因此，他将自动重定向到登录名页面，并且在成功认证后将重定向到Step的3网址。

整个会话工作正常（应用程序会记住所有信息，直到第三步为止），直到在步骤3之前引入身份验证为止。登录后，所有信息都将丢失，并且将重新创建JSESSIONID cookie（之前的信息将丢失）。 / p>

我确实了解导致该问题的原因-我的登录映射位于其他控制器中，我希望将其保留在该位置。

我想问一下是否有任何简单的解决方案，可以在步骤3（登录页面之后）之前保留相同的SESSIONID和所有信息？

我的愿望如下：

• 要避免将登录映射从HomeController移到ReservationController
• 想要在步骤2和步骤3之间保留身份验证。

我附加了ReservationController，ReservationDto和HomeController（带有登录页面）的代码。

感谢您提供所有答案！

@Controller
@RequestMapping("/")
@SessionAttributes("reservationDto")
public class ReservationController {

    private Logger LOG = LoggerFactory.getLogger(getClass());

    private final HotelService hotelService;

    public ReservationController(HotelService hotelService) {
        this.hotelService = hotelService;
    }

    @GetMapping
    public String home(Model model) {
        model.addAttribute("hotelsNames",hotelService.findAllHotelsNames());
        model.addAttribute("reservationDto",new ReservationDto());
        return "index";
    }

    @PostMapping("reservation/roomselection")
    public String getRoomSelectionPage(@ModelAttribute("reservationDto") ReservationDto reservationDto,HttpSession session,Model model) {
        ReservationDto reservation = (ReservationDto) session.getAttribute("reservationDto");
        LOG.info("Hotel Name form the session: {} and session id {} and creation time: {},checkin {} ",reservation.getHotelName(),session.getId(),session.getCreationTime(),reservation.getCheckInDate());
        model.addAttribute("reservationDto",reservation);
        return "reservation/roomselection";
    }

    @GetMapping("auth/guest/reservation/details")
    public String getReservationDetailsPage(@ModelAttribute("reservationDto") ReservationDto reservationDto,HttpServletRequest request,Principal principal,Model model) {
        String param = request.getParameter("roomType");
        ReservationDto reservation = (ReservationDto) session.getAttribute("reservationDto");
        reservation.setRoomTypeName(param);
        model.addAttribute("reservationDto",reservation);
        LOG.info("Hotel Name form the session: {},roomType {} and session id {} and creation time: {},checkin {} and username {}",reservation.getRoomTypeName(),reservation.getCheckInDate(),principal.getName());
        return "reservation/details";
    }

    @GetMapping("/auth/guest/reservation/summary")
    public String getReservationSummary() {
        return "reservation/summary";
    }

}

@Component
@Scope(value = WebApplicationContext.SCOPE_SESSION,proxyMode = ScopedProxyMode.TARGET_CLASS)
public class ReservationDto {

    private String username;

    private String reservationNumber;
    @DateTimeFormat(pattern = "yyyy-MM-dd")
    private LocalDate checkInDate;
    @DateTimeFormat(pattern = "yyyy-MM-dd")
    private LocalDate checkOutDate;

    private String secondGuestName;

    private String thirdGuestName;

    private String fourthGuestName;

    private String message;

    private String hotelName;

    private String roomTypeName;

}

@Controller
public class HomeController {

    private Logger LOG = LoggerFactory.getLogger(getClass());

    private final HotelService hotelService;

    public HomeController(HotelService hotelService) {
        this.hotelService = hotelService;
    }

    @GetMapping("/login")
    public String login() {

        return "login";
    }

}

更新-添加了安全配置

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {


    private final DataSource dataSource;

    public SecurityConfiguration(DataSource dataSource) {
        this.dataSource = dataSource;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication()
                .dataSource(dataSource)
                .passwordEncoder(passwordEncoder())
                .usersByUsernameQuery("SELECT username,password,active FROM users WHERE username = ?")
                .authoritiesByUsernameQuery("SELECT u.username,r.name FROM users u JOIN roles r ON r.id = u.role_id WHERE u.username = ?");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/hello").permitAll()
                .antMatchers("/register/**").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/auth/guest","/auth/guest/**").hasRole("GUEST")
                .antMatchers("/auth/admin","/auth/admin/**").permitAll() // it will be hasRole("ADMIN")
                .antMatchers("/auth/reception","/auth/reception/**").permitAll() // it will be hasRole("Receptionist")
                .anyRequest().permitAll()
                .and()
            .formLogin()
                .loginPage("/login")
                .usernameParameter("username")
                .passwordParameter("password")
                .defaultSuccessUrl("/")
                .and()
            .logout()
                .logoutSuccessUrl("/");

    }


    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers("/static/**")
                .antMatchers("/h2-console","/h2-console/**");
    }
    
}

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。