我注意到有几个关于这个主题的问题。我浏览了它们,但无法将它们应用到我的特定 Spring 设置中。我想根据用户的角色将登录重定向配置为有条件的。这是我到目前为止所拥有的:
<http auto-config="true" use-expressions="true">
<custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR"/>
<access-denied-handler ref="accessDeniedHandler"/>
<form-login
login-page="/login"
default-target-url="/admin/index"
authentication-failure-url="/index?error=true"
/>
<logout logout-success-url="/index" invalidate-session="true"/>
</http>
我想这个问题 https://stackoverflow.com/questions/3139718/spring-security-changing-spring-security-login-form可能与我想做的事情是同一行。有人知道我该如何应用它吗?
EDIT 1
<bean id="authenticationProcessingFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
</bean>
<bean id="authenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/login.jsp"/>
</bean>
EDIT 2
目前我没有像这样的课程public class Test implements AuthenticationSuccessHandler {}
如图所示这个例子 https://stackoverflow.com/questions/7470405/authenticationsuccesshandler-example-for-spring-security-3/7470476#7470476.
我已经测试了代码并且它可以工作,其中没有火箭科学
public class MySuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
if (roles.contains("ROLE_ADMIN")){
response.sendRedirect("/Admin.html");
return;
}
response.sendRedirect("/User.html");
}
}
安全环境的变化:
<bean id="mySuccessHandler" class="my.domain.MySuccessHandler">
</bean>
<security:form-login ... authentication-success-handler-ref="mySuccessHandler"/>
update如果你想使用default-target-url
方法,它同样可以很好地工作,但会在您的用户首次访问登录页面时触发:
<security:form-login default-target-url="/welcome.htm" />
@Controller
public class WelcomeController {
@RequestMapping(value = "/welcome.htm")
protected View welcome() {
Set<String> roles = AuthorityUtils
.authorityListToSet(SecurityContextHolder.getContext()
.getAuthentication().getAuthorities());
if (roles.contains("ROLE_ADMIN")) {
return new RedirectView("Admin.htm");
}
return new RedirectView("User.htm");
}
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)