我有两种类型的管理员。 超级管理员和普通管理员。
两者都从页面admin.xhtml开始。
我想将超级管理员用户转发至super-admin.xhtml,将普通管理员转发至normal-admin.xhtml。
我如何在JSF中执行此操作(我使用的是Spring Security)?
答案 0 :(得分:0)
我不熟悉JSF,但假设它在Spring MVC JSP应用程序下运行,你可以让你的控制器根据用户持有的角色提供不同的页面:
@RequestMapping("/admin.xhtml")
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_SUPERADMIN')")
public String getAdminPage(Modelmap model, Principal principal) {
Collection<? extends GrantedAuthority> authorities = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
for (GrantedAuthority authority : authorities) {
if (authority.toString() == "ROLE_SUPERADMIN") { return "superadminpage"; }
}
//no need to check for admin privileges, since the annotation took care of that
//if you're not using annotations (or @PostAuthorize), you'd have to capture the
//'admin' role as well, and adjust the return statements accordingly.
return "adminpage";
}