Question

我正在构建一个应用程序，我根据他的角色授权用户。角色在Ldap中定义。我们有三个角色：财务，云和销售。取决于我们想要在成功登录时重定向到特定页面的角色。如果登录失败，它应该重定向到某个错误页面。

我在spring-security.xml中编写了以下内容。我无法重定向到不同的页面。

 <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

    <http auto-config="true">
        <intercept-url pattern="/finance*" access="ROLE_FINANCE"  />

        <logout logout-success-url="/logout" />
        <intercept-url pattern="/cloud*" access="ROLE_CLOUD" />


        <logout logout-success-url="/logout" />
        <intercept-url pattern="/sales*" access="ROLE_SALES" />

        <!-- <form-login login-page="/login1" default-target-url="/login1"
            authentication-failure-url="/loginfailed" /> -->
        <logout logout-success-url="/logout" />
        <!-- <form-login login-page="/login.vtu" authentication-success-handler-ref="customHandler"
            authentication-failure-url="/login.vtu?error=true" default-target-url="/login.vtu"
            login-processing-url="/j_security_check"  />  -->
    </http>
 <authentication-manager>
         <ldap-authentication-provider 
           user-search-filter="(uid={0})"
           user-search-base="cn=worldAdmin"
           group-search-filter="(uniqueMember={0})"
           group-search-base="cn=worldAdmin"
           group-role-attribute="cn"
           role-prefix="ROLE_">
         </ldap-authentication-provider>
 </authentication-manager>

 <ldap-server url="ldap://localhost:12389/o=xyz" manager-dn="cn=xyzAdmin,cn=worldAdmin,o=xyz" manager-password="abc" /> 

</beans:beans>

Answer 1

使用authentication-success-handler-ref根据用户角色重定向到特定页面。 （根据Spring Security，authentication-success-handler-ref不应与default-target-url（或always-use-default-target-url）结合使用实现应始终处理导航到后续目的地
登录失败时使用authentication-failure-url重定向：

    <form-login login-page="/login.vtu" authentication-success-handler-ref="customHandler"
            authentication-failure-url="/login.vtu?error=true" />

     <bean id="customHandler" class="x.y.z.web.handler.CustomHandler " />

    public class CustomHandler extends SavedRequestAwareAuthenticationSuccessHandler {
       @Override
       public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {
              //authentication.getAuthorities() to check role
              if(isFinancialRole){
                  response.sendRedirect(getFinancialRedirectUrl());
              }
        }
    }

Answer 2

login.xhtml

<h:head >
    <f:metadata>
      <f:event type="preRenderView" listener="#{loginBean.onPageLoad}"/>
  </f:metadata>
</h:head>

loginBean

public void onPageLoad(){
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (!(auth instanceof AnonymousAuthenticationToken)) {
        try {
            FacesContext.getCurrentInstance().getExternalContext().redirect(url);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

根据身份验证和授权重定向到特定页面

2 个答案: