天天看點

security3中使用者登入成功後的處理

本人用的security3 由于業務需求,需要對不同終端的LoginSuccess後的首頁進行不同的定義,實作如下

我所了解到的有兩種方式,第一種就是在你的security配置檔案中進行配置,可是一直沒有作用,不知是否與我實作AuthenticationSuccessHandler接口自定義處理類,有關。是以我采用的是第二種方式

第一種方式:

<!-- 		配置loginSuccess後的頁面,經測試無效 -->
	<beans:bean id="loginLogAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
	<beans:property name="defaultTargetUrl" value="/first.jsp"></beans:property>
	</beans:bean>
           

第二種方式:

實作AuthenticationSuccessHandler接口,代碼處理

重寫onAuthenticationSuccess方法就OK了

/**
 * @since  2015下午4:26:50
 * 處理security登入驗證通過後的頁面跳轉處理(以及權限驗證)
 */
import java.io.IOException;
import java.util.Collection;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

public class SparkAuthenticationSuccessHandler implements
		AuthenticationSuccessHandler {
	// @Override
	// public void onAuthenticationSuccess(HttpServletRequest request,
	// HttpServletResponse response,
	// Authentication authentication) throws IOException, ServletException {
	// SparkUserDetails user = (SparkUserDetails) authentication.getPrincipal();
	// request.getSession().setAttribute("USER_INFO", user);
	// response.reset();//TODO:清空頭資訊,可能解決response錯誤的問題
	// response.sendRedirect(request.getContextPath());
	// }

	protected Log logger = LogFactory.getLog(this.getClass());

	private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

	@Override
	public void onAuthenticationSuccess(HttpServletRequest request,
			HttpServletResponse response, Authentication authentication)
			throws IOException {
		handle(request, response, authentication);
		clearAuthenticationAttributes(request);
	}

	protected void handle(HttpServletRequest request,
			HttpServletResponse response, Authentication authentication)
			throws IOException {
		String targetUrl = determineTargetUrl(authentication);

		if (response.isCommitted()) {
			logger.debug("錯誤資訊:Response has already been committed. Unable to redirect to "
					+ targetUrl);
			return;
		}

		redirectStrategy.sendRedirect(request, response, targetUrl);
	}

	protected String determineTargetUrl(Authentication authentication) {
		boolean isUser = false;
		Collection<? extends GrantedAuthority> authorities = authentication
				.getAuthorities();
		for (GrantedAuthority grantedAuthority : authorities) {
			if (grantedAuthority.getAuthority().equals("ROLE_USER")) {
				isUser = true;
				break;
			}
		}
		if (isUser) {
			return "/index.jsp";
		} else {
			logger.error("security錯誤資訊:");
			throw new IllegalStateException();
		}
	}

	/**
	 * @return 如果根據不同的登入使用者(權限)跳轉到不同的頁面則可使用如下方法
	 */
	/*
	 * protected String determineTargetUrl(Authentication authentication) {
	 * boolean isUser = false; boolean isAdmin = false; Collection<? extends
	 * GrantedAuthority> authorities = authentication .getAuthorities(); for
	 * (GrantedAuthority grantedAuthority : authorities) { if
	 * (grantedAuthority.getAuthority().equals("ROLE_USER")) { isUser = true;
	 * break; } else if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {
	 * isAdmin = true; break; } }
	 * 
	 * if (isUser) { return "/homepage.html"; } else if (isAdmin) { return
	 * "/console.html"; } else { throw new IllegalStateException(); } }
	 */
	protected void clearAuthenticationAttributes(HttpServletRequest request) {
		HttpSession session = request.getSession(false);
		if (session == null) {
			return;
		}
		session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
	}

	public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
		this.redirectStrategy = redirectStrategy;
	}

	protected RedirectStrategy getRedirectStrategy() {
		return redirectStrategy;
	}
}
           

繼續閱讀