Spring Security 已经通过RequestCache
(是 HttpSessionRequestCache
的默认实现) 把最后一个request存储在HTTP session中了.
attributeName 是 SPRING_SECURITY_SAVED_REQUEST
所以我们可以通过下面的代码把最后访问的页面取出来
public ModelAndView login(HttpServletRequest req, HttpSession session) {
ModelAndView mav = new ModelAndView("login");
if (session != null) {
SavedRequest savedRequest = session.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
if (savedRequest != null) {
mav.addObject("redirectUrl", savedRequest.getRedirectUrl());
}
}
return mav;
}
前端页面就可以获取到${redirectUrl}了
http://your.sso/login?url=${redirectUrl}