Spring security 3中登入後跳轉到不同頁面
阿新 • • 發佈:2019-01-29
在spring security 3中,在登入 後,如何根據不同的需要跳轉到不同的頁面呢 ?
其中要 自定義的過濾器是 AuthenticationSuccessHandler,
Java程式碼
然後自定義的類要實現 AuthenticationSuccessHandler介面 ,程式碼如下 :
Java程式碼
其中要關注的是determineTargetUrl方法,傳入 的引數是 Authentication型別的,然後進行許可權的 判斷
其中要 自定義的過濾器是 AuthenticationSuccessHandler,
Java程式碼
- <?xml version="1.0" encoding="UTF-8"?>
- <beans:beans
- xmlns="http://www.springframework.org/schema/security"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-
xmlns:beans="http://www.springframework.org/schema/beans"
- xsi:schemaLocation="
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.1.xsd
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
-
<http use-expressions="true"
- <intercept-url pattern="/login*" access="permitAll" />
- <intercept-url pattern="/**" access="isAuthenticated()" />
- <form-login login-page='/login.html'
- authentication-failure-url="/login.html?error=true"
-
authentication-success-handler-ref="myAuthenticationSuccessHandler"
- <logout/>
- </http>
- <beans:bean id="myAuthenticationSuccessHandler"
- class="org.company.MySimpleUrlAuthenticationSuccessHandler" />
- <authentication-manager>
- <authentication-provider>
- <user-service>
- <user name="user1" password="user1Pass" authorities="ROLE_USER" />
- <user name="admin1" password="admin1Pass" authorities="ROLE_ADMIN" />
- </user-service>
- </authentication-provider>
- </authentication-manager>
- </beans:beans>
然後自定義的類要實現 AuthenticationSuccessHandler介面 ,程式碼如下 :
Java程式碼
- public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
- protected Log logger = LogFactory.getLog(this.getClass());
- private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
- @Override
- public void onAuthenticationSuccess(HttpServletRequest request,
- HttpServletResponse response, Authentication authentication) throws IOException {
- handle(request, response, authentication);
- clearAuthenticationAttributes(request);
- }
- protected void handle(HttpServletRequest request,
- HttpServletResponse response, Authentication authentication) throws IOException {
- String targetUrl = determineTargetUrl(authentication);
- if (response.isCommitted()) {
- logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
- return;
- }
- redirectStrategy.sendRedirect(request, response, targetUrl);
- }
- protected String determineTargetUrl(Authentication authentication) {
- boolean isUser = false;
- boolean isAdmin = false;
- Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
- for (GrantedAuthority grantedAuthority : authorities) {
- if (grantedAuthority.getAuthority().equals("ROLE_USER")) {
- isUser = true;
- break;
- } else if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {
- isAdmin = true;
- break;
- }
- }
- if (isUser) {
- return "/homepage.html";
- } else if (isAdmin) {
- return "/console.html";
- } else {
- throw new IllegalStateException();
- }
- }
- protected void clearAuthenticationAttributes(HttpServletRequest request) {
- HttpSession session = request.getSession(false);
- if (session == null) {
- return;
- }
- session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
- }
- public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
- this.redirectStrategy = redirectStrategy;
- }
- protected RedirectStrategy getRedirectStrategy() {
- return redirectStrategy;
- }
- }
其中要關注的是determineTargetUrl方法,傳入 的引數是 Authentication型別的,然後進行許可權的 判斷