本人用的security3 由于业务需求,需要对不同终端的LoginSuccess后的首页进行不同的定义,实现如下
我所了解到的有两种方式,第一种就是在你的security配置文件中进行配置,可是一直没有作用,不知是否与我实现AuthenticationSuccessHandler接口自定义处理类,有关。所以我采用的是第二种方式
第一种方式:
<!-- 配置loginSuccess后的页面,经测试无效 -->
<beans:bean id="loginLogAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/first.jsp"></beans:property>
</beans:bean>
第二种方式:
实现AuthenticationSuccessHandler接口,代码处理
重写onAuthenticationSuccess方法就OK了
/**
* @since 2015下午4:26:50
* 处理security登录验证通过后的页面跳转处理(以及权限验证)
*/
import java.io.IOException;
import java.util.Collection;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
public class SparkAuthenticationSuccessHandler implements
AuthenticationSuccessHandler {
// @Override
// public void onAuthenticationSuccess(HttpServletRequest request,
// HttpServletResponse response,
// Authentication authentication) throws IOException, ServletException {
// SparkUserDetails user = (SparkUserDetails) authentication.getPrincipal();
// request.getSession().setAttribute("USER_INFO", user);
// response.reset();//TODO:清空头信息,可能解决response错误的问题
// response.sendRedirect(request.getContextPath());
// }
protected Log logger = LogFactory.getLog(this.getClass());
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException {
handle(request, response, authentication);
clearAuthenticationAttributes(request);
}
protected void handle(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException {
String targetUrl = determineTargetUrl(authentication);
if (response.isCommitted()) {
logger.debug("错误信息:Response has already been committed. Unable to redirect to "
+ targetUrl);
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
protected String determineTargetUrl(Authentication authentication) {
boolean isUser = false;
Collection<? extends GrantedAuthority> authorities = authentication
.getAuthorities();
for (GrantedAuthority grantedAuthority : authorities) {
if (grantedAuthority.getAuthority().equals("ROLE_USER")) {
isUser = true;
break;
}
}
if (isUser) {
return "/index.jsp";
} else {
logger.error("security错误信息:");
throw new IllegalStateException();
}
}
/**
* @return 如果根据不同的登录用户(权限)跳转到不同的页面则可使用如下方法
*/
/*
* protected String determineTargetUrl(Authentication authentication) {
* boolean isUser = false; boolean isAdmin = false; Collection<? extends
* GrantedAuthority> authorities = authentication .getAuthorities(); for
* (GrantedAuthority grantedAuthority : authorities) { if
* (grantedAuthority.getAuthority().equals("ROLE_USER")) { isUser = true;
* break; } else if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {
* isAdmin = true; break; } }
*
* if (isUser) { return "/homepage.html"; } else if (isAdmin) { return
* "/console.html"; } else { throw new IllegalStateException(); } }
*/
protected void clearAuthenticationAttributes(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session == null) {
return;
}
session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
this.redirectStrategy = redirectStrategy;
}
protected RedirectStrategy getRedirectStrategy() {
return redirectStrategy;
}
}