Request enterprise/A, A is protected, and is not logged in, then jumps to the login page, and returns to A after login is complete,
But if the passport requests enterprise/B during the login process, then after the login is completed, it will jump to B instead of A
This problem is the reason for the large number of customer complaints today
==============================
Request resources - there is continuity in the login process, request B will overwrite the spring-security session and lastRequest, resulting in a jump to B after the login is completed
RequestCacheAwareFilter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest wrappedSavedRequest =
requestCache.getMatchingRequest((HttpServletRequest)request, (HttpServletResponse)response);
chain.doFilter(wrappedSavedRequest == null ? request : wrappedSavedRequest, response);
}
HttpSessionRequestCache
public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
DefaultSavedRequest saved = (DefaultSavedRequest) getRequest(request, response);
if (saved == null) {
return null;
}
if (!saved.doesRequestMatch(request, portResolver)) {
logger.debug("saved request doesn't match");
return null;
}
removeRequest(request, response); // After the lastRequest is taken out, it needs to be removed
return new SavedRequestAwareWrapper(saved, request);
}
------------------------
ExceptionTranslationFilter
protected void sendStartAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
AuthenticationException reason) throws ServletException, IOException {
// SEC-112: Clear the SecurityContextHolder's Authentication, as the
// existing Authentication is no longer considered valid
SecurityContextHolder.getContext().setAuthentication(null);
requestCache.saveRequest(request, response);
logger.debug("Calling Authentication entry point.");
authenticationEntryPoint.commence(request, response, reason);
}
public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
Assert.notNull(accessDeniedHandler, "AccessDeniedHandler required");
this.accessDeniedHandler = accessDeniedHandler;
}
public class HttpSessionRequestCache implements RequestCache {
static final String SAVED_REQUEST = "SPRING_SECURITY_SAVED_REQUEST";
/**
* Stores the current request, provided the configuration properties allow it.
*/
public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
if (requestMatcher.matches(request)) {
DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, portResolver);
if (createSessionAllowed || request.getSession(false) != null) {
// Store the HTTP request itself. Used by AbstractAuthenticationProcessingFilter
// for redirection after successful authentication (SEC-29)
request.getSession().setAttribute(SAVED_REQUEST, savedRequest);
logger.debug("DefaultSavedRequest added to Session: " + savedRequest);
}
} else {
logger.debug("Request not saved as configured RequestMatcher did not match");
}
}
-------------------------------------
1 When requesting the login page, https requests the getLoggingInfo interface of enterprise, which covers the previous request for the home page.
After successful login, the result of getLoggingInfo is displayed
2 https packets are encrypted after they are captured
