java - 使用spring security进行身份验证后如何根据角色进行重定向

原文 标签 java spring hibernate jsf spring-security

这个问题在这里已经有了答案:





How redirect based on role after authentication with spring security

(2 个回答)


7年前关闭。




我使用 spring security,spring、hibernate 和 jsf 身份验证工作正常,但它总是将我重定向到页面 home.jsf

我想在认证后管理用户的访问

我想在认证后管理用户的访问

if authority = ROLE_ADMIN 重定向 ves homeadmin.jsf

if authority = ROLE_RH redirect ves homerh.jsf

if authority = ROLE_EXCUTIVE 重定向 ves homeex.jsf

if authority = ROLE_MANAGER 重定向 ves homem.jsf

if authority = ROLE_GP redirect ves homegp.jsf

Collaborateur 表中的权限字段

Colaborateur 类是

private Integer idColaborateur;
    private Rolecol rolecol;
    private String matriculeColaborateur;
    private String nomColaborateur;
    private String prenomColaborateur;
    private String mailColaborateur;
    private String pwdColaboratuer;
    private String loginColaborateur;

    private String adresseColaborateur;
    private Boolean flgSuspendu;
    private Set<HistoriqueNoteObjctif> historiqueNoteObjctifs = new HashSet<HistoriqueNoteObjctif>(
            0);
    private Set<Note> notes = new HashSet<Note>(0);
    private Set<NoteObjectifs> noteObjectifses = new HashSet<NoteObjectifs>(0);
    private Set<CompagneDevaluation> compagneDevaluations = new HashSet<CompagneDevaluation>(
            0);
    private Set<ColaborateurHierarchique> colaborateurHierarchiques = new HashSet<ColaborateurHierarchique>(
            0);
    private String authority;
  //getter and seter

数据源配置在文件 applicationContext.xml
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource">
        <property name="user" value="root" />
        <property name="driverClass" value="com.mysql.jdbc.Driver" />
        <property name="jdbcUrl" value="jdbc:mysql://localhost:3306/modulevsql" />
        <property name="password" value="root" />
        <property name="maxStatementsPerConnection" value="0" />
        <property name="maxAdministrativeTaskTime" value="0" />
        <property name="maxConnectionAge" value="0" />
        <property name="maxIdleTime" value="0" />
        <property name="maxIdleTimeExcessConnections" value="0" />
        <property name="maxPoolSize" value="0" />
        <property name="maxStatements" value="0" />
    </bean>

用户类是
public class User implements UserDetails {


    private static final long serialVersionUID = 1L;
    private String name;
    private String password;
    private Colaborateur user;

    public void setUser(Colaborateur user) {
        this.user = user;
    }

    public User(String name) {
        FacesContext fc=FacesContext.getCurrentInstance();      
        UserBean userBean=(UserBean) fc.getApplication().createValueBinding("#{UserBean}").getValue(fc);

        userBean.chargerUtilisateur(name);
        user = userBean.getUtilisateur();


        System.err.println("USERS    >>> "+user);


        PasswordSupport pswdSupport = new PasswordSupport();

        if (user!=null){

            System.out.println("User.getLogin() :"+user.getLoginColaborateur());
            System.out.println("user.getPwd() :"+user.getPwdColaboratuer());
            this.name=user.getMatriculeColaborateur();
            this.password=user.getPwdColaboratuer();
            System.err.println(pswdSupport.getMD5Hash("1"));
        }
    }


    public Collection<GrantedAuthority> getAuthorities() {

        List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();



        System.out.println("GrantedAuthorityImpl  1");
        System.out.println("GrantedAuthorityImpl  2");
        System.out.println("GrantedAuthorityImpl  3");
        System.out.println("GrantedAuthorityImpl  4");

        grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_VISITEUR"));


        return grantedAuthorities;
    }
           //getter and setter

这是 applicationContext-security.xml 文件
<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans" 
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security-3.1.xsd">

      <global-method-security secured-annotations="enabled">
      </global-method-security>


      <http pattern="/modules/members/**" access-denied-page="/modules/members/accessDenied.jsf" authentication-manager-ref="MembersAuthenticationManager">

              <intercept-url pattern="/modules/members/secure/**" access="ROLE_VISITEUR" /> 
            <intercept-url pattern="/modules/members/secure/homeadmin.jsf" access="ROLE_ADMIN" />

            <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

            <form-login login-page="/modules/members/login.jsf"
                   default-target-url="/modules/members/secure/home.jsf" 
                  login-processing-url="/modules/members/j_spring_security_check"
                  authentication-failure-url="/modules/members/login.jsf" /> 
            <logout logout-url="/modules/members/secure/logout"
                  logout-success-url="/modules/members/login.jsf" delete-cookies="true" />

      </http>


      <authentication-manager alias="MembersAuthenticationManager">
            <authentication-provider user-service-ref="securityManager">
                  <password-encoder hash="md5" />
            </authentication-provider>
      </authentication-manager>
      <beans:bean id="securityManager" class="tn.com.security.SecurityManager" />

</beans:beans>

这是 MyAuthSuccessHandler 类
@Component
public class MyAuthSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

    //    @Autowired
    //    private UserService userService;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {

        //        // changeLastLoginTime(username)
        // userService.changeLastLoginTime(authentication.getName());

        setDefaultTargetUrl("/modules/members/secure/home.jsf");

        super.onAuthenticationSuccess(request, response, authentication);
    }


    protected boolean hasRole(String role) {
        // get security context from thread local
        SecurityContext context = SecurityContextHolder.getContext();
        if (context == null)
            return false;

        Authentication authentication = context.getAuthentication();
        if (authentication == null)
            return false;

        for (GrantedAuthority auth : authentication.getAuthorities()) {
            if (role.equals(auth.getAuthority()))
                return true;
        }

        return false;
    }
}

如何更新 MyAuthSuccessHandler 类、USer 和 applicationContext.xml 文件
认证后管理用户的访问

if authority = ROLE_ADMIN 重定向 ves homeadmin.jsf

if authority = ROLE_RH redirect ves homerh.jsf

if authority = ROLE_EXCUTIVE 重定向 ves homeex.jsf

if authority = ROLE_MANAGER 重定向 ves homem.jsf

if authority = ROLE_GP redirect ves homegp.jsf

这是 UserBean 类
@Component("UserBean")
@Scope("session")
public final class UserBean implements Serializable {

    /**
     * 
     */
    private static final long serialVersionUID = 1L;

    @Autowired
    private Colaborateurservice colaborateurservice;

    private Colaborateur utilisateur;

    public UserBean() {
        super();
        // TODO Auto-generated constructor stub
    }

    @PostConstruct
    public void initiate() {

        try {

        } catch (Exception e) {
            e.printStackTrace();

        }

    }

    public void testBean() {
        System.out.println("testBean");

    }

    public void chargerParametreGlob() {

        try {

            System.out.println("chargerParametreGlob  ");

        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

    }

    public void chargerUtilisateur(String login) {
        System.out.println(login);
        try {

            utilisateur = new Colaborateur();
            List<Colaborateur> list = colaborateurservice
                    .findByMatriculeColaborateurlo(login);

            System.out.println(list);

            if (list.size() > 0) {

                this.utilisateur = (Colaborateur) list.get(0);
                System.out.println("utilisateur.getLogin() :"
                        + utilisateur.getMatriculeColaborateur());

                System.out.println("utilisateur.getPwd() :"
                        + utilisateur.getLoginColaborateur().length());
            }

        } catch (Exception e) {
            e.printStackTrace();

        }

    }

    public String logout() {
        FacesContext context = FacesContext.getCurrentInstance();
        HttpSession session = (HttpSession) context.getExternalContext()
                .getSession(true);
        if (session == null) {
            return "logout";
        } else {
            session.invalidate();
            return "logout";
        }
    }

    public void setUtilisateur(Colaborateur utilisateur) {
        this.utilisateur = utilisateur;
    }

    public Colaborateur getUtilisateur() {
        return utilisateur;
    }

}

最佳答案

您正在扩展 AuthenticationSuccessHandler , 调用 super.onAuthenticationSuccess() 并不能真正帮助您.

尝试以下操作:

public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authResult){
        Collection<? extends GrantedAuthority> auths = authResult.getAuthorities();
        for (GrantedAuthority authorities : auths)
        {
            if (authorities.getAuthority().equals("ROLE_ADMIN")){
                response.sendRedirect(response.encodeURL("homeadmin.jsf");
            }
            else if(authorities.getAuthority().equals("ROLE_RH")){
                response.sendRedirect(response.encodeURL("homerh.jsf");
        .  .  .
           //Repeat pattern until all roles checked
        }

然后将您的配置更改为:
<http pattern="/modules/members/**" 
    <!-- Pass in a reference to your customAuthenticationSuccessHandler -->
    authentication-success-handler-ref="customAuthenticationSuccessHandler"
    access-denied-page="/modules/members/accessDenied.jsf" 
    authentication-manager-ref="MembersAuthenticationManager">

        <intercept-url pattern="/modules/members/secure/**" access="ROLE_VISITEUR" /> 
        <intercept-url pattern="/modules/members/secure/homeadmin.jsf" access="ROLE_ADMIN" />

        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

        <form-login login-page="/modules/members/login.jsf"
              default-target-url="/modules/members/secure/home.jsf" 
              login-processing-url="/modules/members/j_spring_security_check"
              authentication-failure-url="/modules/members/login.jsf" /> 
        <logout logout-url="/modules/members/secure/logout"
              logout-success-url="/modules/members/login.jsf" delete-cookies="true" />

  </http>

<beans:bean id="customAuthenticationSuccessHandler"  
      class="foo.bar.CustomAuthenticationSuccessHandler" />

伸出 SimpleUrlAuthenticationSuccessHandler几乎没有意义,因为您无法设置希望父类(super class)将您发送到的位置。你也可以实现 AuthenticationSuccessHandler接口(interface)并将您的自定义实现传递给 Spring Security。

此外,因为您正在实现一个接口(interface),所以您可以 Autowiring 任何服务类。

我自己使用过这种方法,它工作正常,假设每个用户只有 1 个角色。如果用户拥有多个角色,他们将被重定向到找到的第一个角色。您可能希望订购您的 if 语句,以便将用户发送到责任最小的区域。

关于java - 使用spring security进行身份验证后如何根据角色进行重定向,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23677717/

相关文章:

java - 如何从Windows 7任务栏中单击一次关闭多个命令行窗口?

java - 在存储过程(oracle)中将日期作为参数传递

java - 使用@Where 子句 hibernate @OneToOne 映射

mysql - 关于在spring/jpa/hibernate中进行乐观锁定的简单设计问题

Java-使用反射获取对静态类的引用

java - Java读取大写/小写字符并将其转换

java - 错误原因:com.mongodb.MongoCommandException:命令失败,错误61:命令中的查询必须针对服务器上的单个分片键

java - 从未通过ID找到的Spring Data JPA实体

java - 在 java/spring 中使用以下格式从属性文件中读取和提取对象

java - 为什么显示元素类型 "bean"必须后跟属性规范 ">"或 "/>".at <property name ="list">