如何在spring security和java中注销后获取用户角色?

时间:2017-08-07 07:06:07

标签: java spring spring-security

我希望在单击注销按钮后获取用户角色。 如果角色是 admin ,我必须在/ logout中返回/login.jsp 如果角色是用户,我必须在/ logout中返回/index.jsp

提前致谢

my controller.java: 

 @RequestMapping(value="/logout",method=RequestMethod.GET)
        public String logout(HttpServletRequest request,ModelMap model)
        {
    model.addAttribute("userForms",userService.getActiveUserList());
      model.addAttribute("Success",true);
      return "/login";
        }

UserService.java 

public List<UserForm> getActiveUserList() 
{
        List<UserForm> userForms = new ArrayList<UserForm>();

        List<User> users = new ArrayList<User>();

        users = userDAO.getActiveList();

        for (User user : users) {

            String crmDomainLink=crmProperties.getProperty("CRMAppDomain");
            UserForm userForm = new UserForm(
                    user.getUserId(),user.getName(), user.getCode(),
CRMConstants.convertUSAFormatWithTime(user.getCreatedDateTime()),
 user.getIsEnabled(), null);
            userForms.add(userForm);
        }

        return userForms;
    }

MyDAO.java 

public List<User> getActiveList() {
return this.sessionFactory.getCurrentSession().createCriteria(User.class).add(Restrictions.and(Restrictions.eq("isEnabled", 1),Restrictions.ne("userId", 1))).list();
    }

2 个答案:

答案 0 :(得分:0)

您应该实现自定义LogoutSuccessHandler。类似的东西:

@Component
public class CustomLogoutSuccessHandler implements LogoutSuccessHandler {

    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        if (AuthorityUtils.authorityListToSet(authentication.getAuthorities()).contains("ROLE_ADMIN")) {
            response.sendRedirect("/login.jsp");
        } else {
            response.sendRedirect("/index.jsp");
        }
    }
}

将其添加到安全配置中,如果是XML:

<logout success-handler-ref="customLogoutSuccessHandler" />

答案 1 :(得分:-1)

您可以通过以下

获取控制器中的Authentication对象 
@RequestMapping(value="/logout", method = RequestMethod.GET)
public String logout(ModelMap model, Authentication authentication) {
}

然后,您可以通过调用以下方法来获取登录用户的角色

authentication.getAuthorities();
相关问题
最新问题