如何根据用户的角色让spring-security在登录后更改重定向页面?
答案 0 :(得分:2)
根据mmounirou提供的链接,我刚刚复制了用于设置基于角色的重定向的链接的内容,以防链接变为非活动状态:
public class RoleBasedAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
private Map<String, String> roleUrlMap;
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
if (authentication.getPrincipal() instanceof UserDetails) {
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
String role = userDetails.getAuthorities().isEmpty() ? null : userDetails.getAuthorities().toArray()[0]
.toString();
response.sendRedirect(request.getContextPath() + roleUrlMap.get(role));
}
}
public void setRoleUrlMap(Map<String, String> roleUrlMap) {
this.roleUrlMap = roleUrlMap;
}
}
bean初始化取决于哪个角色应重定向到哪里:
<beans:bean id="redirectRoleStrategy" class="dk.amfibia....security.RoleBasedAuthenticationSuccessHandler">
<beans:property name="roleUrlMap">
<beans:map>
<beans:entry key="ROLE_SYSTEM" value="/system/index.htm"/>
<beans:entry key="ROLE_ADMIN" value="/admin/index.htm"/>
<beans:entry key="ROLE_USER" value="/index.htm"/>
</beans:map>
</beans:property>
</beans:bean>
最后,我们需要告诉spring-security使用此redirectRoleStrategy。在form-login标记中,设置此属性: 认证成功处理程序-REF =” redirectRoleStrategy”。
答案 1 :(得分:1)
答案 2 :(得分:0)
给出了基于角色的网址的示例:
RoleBasedUrlHandler.java
@Component
public class RoleBaseUrlHandler extends SimpleUrlAuthenticationSuccessHandler {
//provide redirection logic
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
this.redirectStrategy = redirectStrategy;
}
protected RedirectStrategy getRedirectStrategy() {
return redirectStrategy;
}
/**
* Invokes the configured RedirectStrategy with the URL returned by the
* determineTargetUrl method.
* */
@Override
protected void handle(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication)throws IOException {
String targetUrl = determineTargetUrl(authentication);
if (response.isCommitted()) {
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
/**
* Builds the target URL according to the logic defined
* This method extracts the roles of currently logged-in user and returns
* appropriate URL according to his/her role.
*/
protected String determineTargetUrl(Authentication authentication) {
String url = "";
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
List<String> roles = new ArrayList<String>();
for (GrantedAuthority a : authorities) {
roles.add(a.getAuthority());
}
if (isUser(roles)) {
url = "/user";
} else if (isAdmin(roles)) {
url = "/admin";
} else {
url = "/accessDenied";
}
return url;
}
private boolean isUser(List<String> roles) {
if (roles.contains("ROLE_User")) {
return true;
}
return false;
}
private boolean isAdmin(List<String> roles) {
if (roles.contains("ROLE_Admin")) {
return true;
}
return false;
}
}
SpringSecurityConfig.java
@EnableWebSecurity
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
RoleBaseUrlHandler urlHandler;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth)throws Exception {
auth.inMemoryAuthentication()
.withUser("Patel")
.password("Patel")
.authorities("ROLE_Admin")
.and()
.withUser("Shah")
.password("Shah")
.authorities("ROLE_User");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/admin").hasRole("Admin")
.antMatchers("/user").hasAnyRole("User","Admin")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login").successHandler(urlHandler).permitAll()
.failureUrl("/login?error")
.usernameParameter("username").passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/login?logout")
.and()
.exceptionHandling().accessDeniedPage("/accessDenied")
.and()
.csrf()
.and()
.httpBasic();
}
}
DemoSecurity.java
@Controller
public class DemoSecurity {
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String loginPage(
@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout,
Model model) {
if (error != null) {
model.addAttribute("error", "Invalid Credentials provided.");
}
if (logout != null) {
model.addAttribute("message", "Logged out successfully.");
}
return "login";
}
@RequestMapping(value="/logout", method = RequestMethod.POST)
public String logoutPage (HttpServletRequest request, HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null){
new SecurityContextLogoutHandler().logout(request, response, auth);
}
return "redirect:/login?logout";
}
@RequestMapping(value = { "/admin" }, method = RequestMethod.GET)
public String adminPage(Model model) {
model.addAttribute("user", getPrincipal());
return "admin";
}
@RequestMapping(value = { "/user" }, method = RequestMethod.GET)
public String employeePage(Model model) {
model.addAttribute("user", getPrincipal());
return "user";
}
@RequestMapping(value = { "/accessDenied" }, method = RequestMethod.GET)
public String accessDenied(Model model) {
model.addAttribute("user", getPrincipal());
return "accessDenied";
}
private String getPrincipal(){
String userName = null;
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (principal instanceof UserDetails) {
userName = ((UserDetails)principal).getUsername();
} else {
userName = principal.toString();
}
return userName;
}
}