Spring Security Core Plugin 九(URL属性)

PropertyDefault ValueMeaning

apf.filterProcessesUrl

“/login/authenticate”

Login form post URL, intercepted by Spring Security filter

apf.usernameParameter

“username”

Login form username parameter

apf.passwordParameter

“password”

Login form password parameter

apf.allowSessionCreation

true

Whether to allow authentication to create an HTTP session

apf.postOnly

true

Whether to allow only POST login requests

apf.continueChainBefore SuccessfulAuthentication

false

whether to continue calling subsequent filters in the filter chain

apf.storeLastUsername

false

Whether to store the login username in the HTTP session

failureHandler.defaultFailureUrl

“/login/authfail?login_error=1”

Redirect URL for failed logins

failureHandler.ajaxAuthFailUrl

“/login/authfail?ajax=true”

Redirect URL for failed Ajax logins

failureHandler.exceptionMappings

none

Map of exception class name (subclass of AuthenticationException) to which the URL will redirect for that exception type after authentication failure

failureHandler.useForward

false

Whether to render the error page (true) or redirect (false)

failureHandler.allowSessionCreation

true

Whether to enable session creation to store the authentication failure exception

successHandler.defaultTargetUrl

“/”

Default post-login URL if there is no saved request that triggered the login

successHandler.alwaysUseDefault

false

If true, always redirects to the value of successHandler.defaultTargetUrl after successful authentication; otherwise redirects to to originally-requested page

successHandler.targetUrlParameter

“spring-security-redirect”

Name of optional login form parameter that specifies destination after successful login

successHandler.useReferer

false

Whether to use the HTTP Referer header to determine post-login destination

successHandler.ajaxSuccessUrl

“/login/ajaxSuccess”

URL for redirect after successful Ajax login

auth.loginFormUrl

“/login/auth”

URL of login page

auth.forceHttps

false

If true, redirects login page requests to HTTPS

auth.ajaxLoginFormUrl

“/login/authAjax”

URL of Ajax login page

auth.useForward

false

Whether to render the login page (true) or redirect (false)

logout.afterLogoutUrl

“/”

URL for redirect after logout

logout.filterProcessesUrl

“/logoff”

Logout URL, intercepted by Spring Security filter

logout.handlerNames

['rememberMeServices', 'securityContextLogoutHandler']

Logout handler bean names. See Logout Handlers

logout.clearAuthentication

true

If true removes the Authentication from the SecurityContext to prevent issues with concurrent requests

logout.invalidateHttpSession

true

Whether to invalidate the HTTP session when logging out

logout.targetUrlParameter

none

the querystring parameter name for the post-logout URL

logout.alwaysUseDefaultTargetUrl

false

whether to always use the afterLogoutUrl as the post-logout URL

logout.redirectToReferer

false

whether to use the Referer header value as the post-logout URL

logout.postOnly

true

If true only POST requests will be allowed to logout

adh.errorPage

“/login/denied”

Location of the 403 error page (or set to nullto send a 403 error and not render a page)

adh.ajaxErrorPage

“/login/ajaxDenied”

Location of the 403 error page for Ajax requests

adh.useForward

true

If true a forward will be used to render the error page, otherwise a redirect is used

ajaxHeader

“X-Requested-With”

Header name sent by Ajax library, used to detect Ajax

ajaxCheckClosure

none

An optional closure that can determine if a request is Ajax

redirectStrategy.contextRelative

false

If true, the redirect URL will be the value after the request context path. This results in the loss of protocol information (HTTP or HTTPS), so causes problems if a redirect is being performed to change from HTTP to HTTPS or vice versa

switchUser URLs

 

See Switch User, under Customizing URLs

fii.alwaysReauthenticate

false

If true, re-authenticates when there is a Authentication in the SecurityContext

fii.rejectPublicInvocations

true

Disallow URL access when there is no request mapping

fii.validateConfigAttributes

true

Whether to check that all ConfigAttributeinstances are valid at startup

fii.publishAuthorizationSuccess

false

Whether to publish an AuthorizedEvent after successful access check

fii.observeOncePerRequest

true

If false allow checks to happen multiple times, for example when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值