shiro用authc配置后登录成功后不能跳转到index页面

这两天发现一个问题，如题，尝试了很多方法，都没法解决，真是很郁闷。最后看源码才知道，我的配置如下。原意是从/api/user/login登录成功后，跳转到/index，但是怎么都不能跳转到/index。原来authc拦截器（即FormAuthenticationFilter），验证成功后只会跳转到最开始你进入的页面，因为我是从/api/user/login页面进入登录，所以只会跳转到/api/user/login。要想跳转到/index页面，只有最开始从/index页面进入，后台会重定向到/api/user/login页面，验证成功后，才返回/index页面。

配置如下：

<!-- Shiro的Web过滤器 ,id要与web.xml一致 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/api/user/login" />
<property name="successUrl" value="/index" />
<property name="unauthorizedUrl" value="/unauthorized" />
<property name="filters">
<map>
<entry key="authc" value-ref="formAuthenticationFilter" />
</map>
</property>
<property name="filterChainDefinitions">
<value>
/static/** = anon
/api/user/login = authc
/api/user/logout = logout
/api/user/register* = anon
/unauthorized = anon
/** = user
</value>
</property>
</bean>

FormAuthenticationFilter部分源码：

protected boolean onLoginSuccess(AuthenticationToken token, Subject subject,
ServletRequest request, ServletResponse response) throws Exception {
issueSuccessRedirect(request, response);
//we handled the success redirect directly, prevent the chain from continuing:
return false;
}

从源码我们可以看出，登录成功后，会执行

protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws Exception {
WebUtils.redirectToSavedRequest(request, response, getSuccessUrl());
}

这个方法就是

public static void redirectToSavedRequest(ServletRequest request, ServletResponse response, String fallbackUrl)
throws IOException {
String successUrl = null;
boolean contextRelative = true;
SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(request);
if (savedRequest != null && savedRequest.getMethod().equalsIgnoreCase(AccessControlFilter.GET_METHOD)) {
successUrl = savedRequest.getRequestUrl();
contextRelative = false;
}

if (successUrl == null) {
successUrl = fallbackUrl;
}

if (successUrl == null) {
throw new IllegalStateException("Success URL not available via saved request or via the " +
"successUrlFallback method parameter. One of these must be non-null for " +
"issueSuccessRedirect() to work.");
}

WebUtils.issueRedirect(request, response, successUrl, null, contextRelative);
}

关键在于successUrl = savedRequest.getRequestUrl()，会把successUrl重新赋值，配置的/index失效。