Spring MVC身份验证成功处理程序和控制器

时间:2016-06-17 13:54:54

标签: java spring spring-mvc forms-authentication

我创建了一个用户登录界面,用户可以使用spring security进行身份验证。

我制作了AuthenticationSuccessHandler,将用户重定向到新页面。

我还希望实现loginController以获取用户登录的名称以及显示错误凭据的错误消息。这是我的Handler代码:

public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
protected final Log logger = LogFactory.getLog(this.getClass());

private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

protected MySimpleUrlAuthenticationSuccessHandler() {
    super();
}

@Override
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException {
    handle(request, response, authentication);
    clearAuthenticationAttributes(request);
}

protected void handle(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException {
    final String targetUrl = determineTargetUrl(authentication);

    if (response.isCommitted()) {
        logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
        return;
    }

    redirectStrategy.sendRedirect(request, response, targetUrl);
}

protected String determineTargetUrl(final Authentication authentication) {
    boolean isUser = false;
    boolean isAdmin = false;
    final Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
    for (final GrantedAuthority grantedAuthority : authorities) {
        if (grantedAuthority.getAuthority().equals("ROLE_USER")) {
            isUser = true;
            break;
        } else if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {
            isAdmin = true;
            break;
        }
    }

    if (isUser) {
        return "/static_htm.html";
    } else if (isAdmin) {
        return "/console.html";
    } else {
        throw new IllegalStateException();
    }
}

我的controller代码:

@Controller
public class HelloController {

@RequestMapping(value="/login", method = RequestMethod.GET)
public String printWelcome(ModelMap model, Principal principal ) {

    String name = principal.getName();
    model.addAttribute("username", name);
    model.addAttribute("message", "Spring Security Hello World");
    return "static_htm";                 //page after successful login

}

@RequestMapping(value="/login", method = RequestMethod.GET)
public String login(ModelMap model) {

    return "login";                      //login page

}

@RequestMapping(value="/loginfailed", method = RequestMethod.GET)
public String loginerror(ModelMap model) {

    //String errormessage = resources.getMessage("login.error", null, null);
    model.addAttribute("error", "true");
    return "login";                      //login page

}

}

处理程序工作正常,但我无法获取用户名和错误消息。我应该怎样做才能使handlercontroller一起工作?

非常感谢任何建议。

1 个答案:

答案 0 :(得分:0)

根据您的问题,我认为您希望在登录控制器中获取用户名。

如果不是这样,请随意忽略我的回答。

你可能实际上已经落后了。

成功处理程序有点像“default-target-url”的自定义实现。

所以它实际上是在登录控制器后执行的......

当登录成功,并且没有先前请求的路径(这由SavedRequestAwareAuthenticationSuccessHandler实现)时,请求将被发送到“default-target-url”。

或者当有自定义成功处理程序时,成功处理程序将确定它前往的路径。