我有一个 Web 应用程序,您可以在其中使用 form-login 登录,或者您可以像那样进行预身份验证和登录。这两种方法都很好,但我只能找到使用 authentication-success-handler-ref 属性将成功处理程序与表单登录一起使用的方法。
我的问题是,如何在我的安全应用上下文中为 PRE_AUTH_FILTER 调用成功处理程序“mySuccessHandler”?我想我可以将其称为 PreAuthenticatedProcessingFilter、preauthAuthProvider 或自定义过滤器下的属性或其他内容。
如果用户是教师或学生角色,只需要转到不同的页面即可。
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http pattern="/**" use-expressions="true" create-session="always">
<intercept-url pattern="/login.jsp*" access="permitAll" />
<intercept-url pattern="/**/ErrorPages/**" access="permitAll" />
<intercept-url pattern="/**/Students/**" access="hasAnyRole('STUDENT, TEACHER')" />
<intercept-url pattern="/**/Teacher/**" access="hasRole('TEACHER')" />
<intercept-url pattern="/**/Login/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/**/Js/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/**/Css/**" access="permitAll" />
<intercept-url pattern="/**/Img/**" access="permitAll" />
<intercept-url pattern="/**/api/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/**" access="denyAll" />
<custom-filter position="PRE_AUTH_FILTER" ref="PreAuthenticatedProcessingFilter" />
<access-denied-handler
<form-login
username-parameter="idnumber"
password-parameter="password" login-processing-url="/athuga_innskraningu"
login-page='/login.jsp'
authentication-failure-handler-ref="myAuthErrorHandler"
authentication-success-handler-ref="mySuccessHandler"
always-use-default-target='true'
authentication-failure-url="/login.jsp?login_error=true"/>
<logout logout-url="/utskra/" logout-success-url="/login.jsp"/>
</http>
<beans:bean id="mySuccessHandler" class="is.inna.rest.login.AuthenticationSuccess"/>
<beans:bean id="myAuthErrorHandler" class="is.inna.rest.login.AuthenticationFailure"/>
<beans:bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<beans:bean name="myUserDetailsService" class="is.inna.rest.login.UserDetailServiceLogin" />
<beans:bean id="userDetailsServiceWrapper" class="is.inna.rest.login.UserDetailServicePreAuth" />
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="myUserDetailsService">
<password-encoder ref="passwordEncoder" />
</authentication-provider>
<authentication-provider ref="preauthAuthProvider" />
</authentication-manager>
<beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<beans:property name="preAuthenticatedUserDetailsService" ref="userDetailsServiceWrapper"/>
</beans:bean>
<beans:bean id="PreAuthenticatedProcessingFilter" class="is.inna.rest.login.PreAuthenticatedProcessingFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
最佳答案
您的要求是根据角色将用户重定向到不同的页面。您也可以使用身份验证成功处理程序来执行此操作。引用样本 success handler我写的课。您始终可以访问重写的 onAuthenticationSuccess
方法中的 Authentication
对象。您可以获得登录用户的权限和角色,并根据它随时将用户重定向到适当的页面。
希望这对您有所帮助。
关于java - Spring security 预认证成功处理程序,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25622670/