如何解决登录Spring Boot应用程序后维护用户的会话HttpSession
我正在Spring中创建一个简单的酒店预订Web应用程序。当前,我正在构建预订功能的实际实现,使用HttpSession在请求到服务器之间存储数据。
请在下面找到预订流程:
第1步:网址:“ /”(索引页)-用户选择位置,入住和退房日期
第2步:网址:“ / reservation / roomselection”-用户从三种可用的房间类型中选择一种
第3步:网址:“ / auth / guest / reservation / details”-用户添加其他信息并确认预订
重要 进入步骤3之前,用户需要在登录页面上进行身份验证(URL:“ / login”),因此,他将自动重定向到登录名页面,并且在成功认证后将重定向到Step的3网址。
整个会话工作正常(应用程序会记住所有信息,直到第三步为止),直到在步骤3之前引入身份验证为止。登录后,所有信息都将丢失,并且将重新创建JSESSIONID cookie(之前的信息将丢失)。 / p>
我确实了解导致该问题的原因-我的登录映射位于其他控制器中,我希望将其保留在该位置。
我想问一下是否有任何简单的解决方案,可以在步骤3(登录页面之后)之前保留相同的SESSIONID和所有信息?
我的愿望如下:
- 要避免将登录映射从HomeController移到ReservationController
- 想要在步骤2和步骤3之间保留身份验证。
我附加了ReservationController,ReservationDto和HomeController(带有登录页面)的代码。
感谢您提供所有答案!
@Controller
@RequestMapping("/")
@SessionAttributes("reservationDto")
public class ReservationController {
private Logger LOG = LoggerFactory.getLogger(getClass());
private final HotelService hotelService;
public ReservationController(HotelService hotelService) {
this.hotelService = hotelService;
}
@GetMapping
public String home(Model model) {
model.addAttribute("hotelsNames",hotelService.findAllHotelsNames());
model.addAttribute("reservationDto",new ReservationDto());
return "index";
}
@PostMapping("reservation/roomselection")
public String getRoomSelectionPage(@ModelAttribute("reservationDto") ReservationDto reservationDto,HttpSession session,Model model) {
ReservationDto reservation = (ReservationDto) session.getAttribute("reservationDto");
LOG.info("Hotel Name form the session: {} and session id {} and creation time: {},checkin {} ",reservation.getHotelName(),session.getId(),session.getCreationTime(),reservation.getCheckInDate());
model.addAttribute("reservationDto",reservation);
return "reservation/roomselection";
}
@GetMapping("auth/guest/reservation/details")
public String getReservationDetailsPage(@ModelAttribute("reservationDto") ReservationDto reservationDto,HttpServletRequest request,Principal principal,Model model) {
String param = request.getParameter("roomType");
ReservationDto reservation = (ReservationDto) session.getAttribute("reservationDto");
reservation.setRoomTypeName(param);
model.addAttribute("reservationDto",reservation);
LOG.info("Hotel Name form the session: {},roomType {} and session id {} and creation time: {},checkin {} and username {}",reservation.getRoomTypeName(),reservation.getCheckInDate(),principal.getName());
return "reservation/details";
}
@GetMapping("/auth/guest/reservation/summary")
public String getReservationSummary() {
return "reservation/summary";
}
}
@Component
@Scope(value = WebApplicationContext.SCOPE_SESSION,proxyMode = ScopedProxyMode.TARGET_CLASS)
public class ReservationDto {
private String username;
private String reservationNumber;
@DateTimeFormat(pattern = "yyyy-MM-dd")
private LocalDate checkInDate;
@DateTimeFormat(pattern = "yyyy-MM-dd")
private LocalDate checkOutDate;
private String secondGuestName;
private String thirdGuestName;
private String fourthGuestName;
private String message;
private String hotelName;
private String roomTypeName;
}
@Controller
public class HomeController {
private Logger LOG = LoggerFactory.getLogger(getClass());
private final HotelService hotelService;
public HomeController(HotelService hotelService) {
this.hotelService = hotelService;
}
@GetMapping("/login")
public String login() {
return "login";
}
}
更新-添加了安全配置
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final DataSource dataSource;
public SecurityConfiguration(DataSource dataSource) {
this.dataSource = dataSource;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.passwordEncoder(passwordEncoder())
.usersByUsernameQuery("SELECT username,password,active FROM users WHERE username = ?")
.authoritiesByUsernameQuery("SELECT u.username,r.name FROM users u JOIN roles r ON r.id = u.role_id WHERE u.username = ?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/hello").permitAll()
.antMatchers("/register/**").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/auth/guest","/auth/guest/**").hasRole("GUEST")
.antMatchers("/auth/admin","/auth/admin/**").permitAll() // it will be hasRole("ADMIN")
.antMatchers("/auth/reception","/auth/reception/**").permitAll() // it will be hasRole("Receptionist")
.anyRequest().permitAll()
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/")
.and()
.logout()
.logoutSuccessUrl("/");
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/static/**")
.antMatchers("/h2-console","/h2-console/**");
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。