java Spring Security 条件 default-target-url
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11930980/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring Security conditional default-target-url
提问by ThreaT
I've noticed that there are a couple of questions asking about this topic. I looked through them and I was unable to apply them to my specific Spring setup. I would like to configure my login redirect to be conditional, based on the user's role. This is what I have so far:
我注意到有几个关于这个主题的问题。我查看了它们,但无法将它们应用于我的特定 Spring 设置。我想根据用户的角色将我的登录重定向配置为有条件的。这是我到目前为止:
<http auto-config="true" use-expressions="true">
<custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR"/>
<access-denied-handler ref="accessDeniedHandler"/>
<form-login
login-page="/login"
default-target-url="/admin/index"
authentication-failure-url="/index?error=true"
/>
<logout logout-success-url="/index" invalidate-session="true"/>
</http>
I thought this questionmight be in the same line as what I'm trying to do. Anyone know how I can apply it though?
我认为这个问题可能与我想要做的在同一条线上。有谁知道我可以如何应用它?
EDIT 1
编辑 1
<bean id="authenticationProcessingFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
</bean>
<bean id="authenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/login.jsp"/>
</bean>
EDIT 2
编辑 2
Currently I do not have a class like public class Test implements AuthenticationSuccessHandler {}as shown in this example.
目前我没有像这个例子中public class Test implements AuthenticationSuccessHandler {}所示的类。
回答by Boris Treukhov
I have tested the code and it works, there's no rocket science in it
我已经测试了代码并且它有效,其中没有火箭科学
public class MySuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
if (roles.contains("ROLE_ADMIN")){
response.sendRedirect("/Admin.html");
return;
}
response.sendRedirect("/User.html");
}
}
Changes in your security context:
您的安全环境的变化:
<bean id="mySuccessHandler" class="my.domain.MySuccessHandler">
</bean>
<security:form-login ... authentication-success-handler-ref="mySuccessHandler"/>
updateif you want to use default-target-urlapproach, it will work equally well, but will be triggered when your user first accesses the login page:
更新如果你想使用default-target-url方法,它会同样有效,但会在你的用户第一次访问登录页面时触发:
<security:form-login default-target-url="/welcome.htm" />
<security:form-login default-target-url="/welcome.htm" />
@Controller
public class WelcomeController {
@RequestMapping(value = "/welcome.htm")
protected View welcome() {
Set<String> roles = AuthorityUtils
.authorityListToSet(SecurityContextHolder.getContext()
.getAuthentication().getAuthorities());
if (roles.contains("ROLE_ADMIN")) {
return new RedirectView("Admin.htm");
}
return new RedirectView("User.htm");
}
}
回答by Madbreaks
A more appropriate approach IMO is to create a class which extends SimpleUrlAuthenticationSuccessHandler, and then override its determineTargetUrlmethod. From the docs:
IMO 更合适的方法是创建一个扩展类SimpleUrlAuthenticationSuccessHandler,然后覆盖其determineTargetUrl方法。从文档:
Builds the target URL according to the logic defined in the main class Javadoc.
根据主类 Javadoc 中定义的逻辑构建目标 URL。
...which sounds a little confusing, but basically you write whatever logic you need to determine the target URL, then just return it as a String.
...这听起来有点令人困惑,但基本上您可以编写确定目标 URL 所需的任何逻辑,然后将其作为字符串返回。
