spring security-如何根据记录的用户决定控制器代码上的登陆URL

时间:2014-01-29 03:57:42

标签: spring-mvc spring-security

我能够实现spring安全性但是在spring security xml文件中,必须提供目标url。我需要决定登陆页面 成功登录后在服务器端控制器代码上。任何人都可以在这里分享过程!

我已经按照以下网址示例:

http://www.mkyong.com/spring-security/spring-security-form-login-example/

由于

1 个答案:

答案 0 :(得分:1)

考虑到你提到的例子, 在spring-security.xml里面:

<http auto-config="true">
 <intercept-url pattern="/welcome*" access="ROLE_USER" />
 <form-login login-page="/login" authentication-success-handler-ref="myAuthenticationSuccessHandler"
             authentication-failure-url="/loginfailed"/>
</http>

<beans:bean id="myAuthenticationSuccessHandler"
        class="com.somepkg.security.MyAuthenticationSuccessHandler" />

然后在MyAuthenticationSuccessHandler中:

public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    protected Log logger = LogFactory.getLog(this.getClass());
 
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
 
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, 
      HttpServletResponse response, Authentication authentication) throws IOException {
        handle(request, response, authentication);
        clearAuthenticationAttributes(request);
    }
 
    protected void handle(HttpServletRequest request, 
      HttpServletResponse response, Authentication authentication) throws IOException {
        String targetUrl = determineTargetUrl(authentication);
 
        if (response.isCommitted()) {
            logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
            return;
        }
 
        redirectStrategy.sendRedirect(request, response, targetUrl);
    }
 
    
    protected String determineTargetUrl(Authentication authentication) {
        boolean isUser = false;
        boolean isAdmin = false;
        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
        for (GrantedAuthority grantedAuthority : authorities) {
            if (grantedAuthority.getAuthority().equals("ROLE_ONE")) {// change roles accordingly
                isUser = true;
                break;
            } else if (grantedAuthority.getAuthority().equals("ROLE_TWO")) {// change roles accordingly
                isAdmin = true;
                break;
            }
        }
 
        if (isUser) {
            return "/somepage.html";
        } else if (isAdmin) {
            return "/otherpage.html";
        } else {
            throw new IllegalStateException();
        }
    }
 
    protected void clearAuthenticationAttributes(HttpServletRequest request) {
        HttpSession session = request.getSession(false);
        if (session == null) {
            return;
        }
        session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
    }
 
    public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
        this.redirectStrategy = redirectStrategy;
    }
    protected RedirectStrategy getRedirectStrategy() {
        return redirectStrategy;
    }
}
相关问题
最新问题