stackoom
  简体   繁体   中英

Spring security Pre authentication success handler

 原文  2014-09-02 11:47:16       java/ spring/ spring-security

Question

I have a web app where you can login with form-login or you can be pre-authenticated and be logged in like that. Both method work well but I only can find way to use a success handler with the form-login using the authentication-success-handler-ref property.

My question is, how can I call the success handler "mySuccessHandler" for the PRE_AUTH_FILTER in my security-app-context? I would guess I can call it as a property or something under the PreAuthenticatedProcessingFilter, preauthAuthProvider or the custom-filter.

Just need to go to different pages if the user has the role Teacher or Student. 

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
                http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                http://www.springframework.org/schema/security
                http://www.springframework.org/schema/security/spring-security-3.2.xsd">


<http pattern="/**" use-expressions="true" create-session="always">
    <intercept-url pattern="/login.jsp*" access="permitAll" />
    <intercept-url pattern="/**/ErrorPages/**" access="permitAll" />
    <intercept-url pattern="/**/Students/**" access="hasAnyRole('STUDENT, TEACHER')" />
    <intercept-url pattern="/**/Teacher/**" access="hasRole('TEACHER')" />
    <intercept-url pattern="/**/Login/**" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/**/Js/**" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/**/Css/**" access="permitAll" />
    <intercept-url pattern="/**/Img/**" access="permitAll" />
    <intercept-url pattern="/**/api/**" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/**" access="denyAll" />
    <custom-filter position="PRE_AUTH_FILTER" ref="PreAuthenticatedProcessingFilter" />
    <access-denied-handler
    <form-login
            username-parameter="idnumber"
            password-parameter="password" login-processing-url="/athuga_innskraningu"
            login-page='/login.jsp'
            authentication-failure-handler-ref="myAuthErrorHandler"
            authentication-success-handler-ref="mySuccessHandler"
            always-use-default-target='true'
            authentication-failure-url="/login.jsp?login_error=true"/>
    <logout logout-url="/utskra/" logout-success-url="/login.jsp"/>
</http>


<beans:bean id="mySuccessHandler" class="is.inna.rest.login.AuthenticationSuccess"/>
<beans:bean id="myAuthErrorHandler" class="is.inna.rest.login.AuthenticationFailure"/>
<beans:bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

<beans:bean name="myUserDetailsService" class="is.inna.rest.login.UserDetailServiceLogin" />
<beans:bean id="userDetailsServiceWrapper"  class="is.inna.rest.login.UserDetailServicePreAuth" />

<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="myUserDetailsService">
        <password-encoder ref="passwordEncoder" />
    </authentication-provider>
    <authentication-provider ref="preauthAuthProvider" />
</authentication-manager>


<beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    <beans:property name="preAuthenticatedUserDetailsService" ref="userDetailsServiceWrapper"/>
</beans:bean>
<beans:bean id="PreAuthenticatedProcessingFilter" class="is.inna.rest.login.PreAuthenticatedProcessingFilter">
    <beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>

1 answers

solution1
 3 ACCPTED  2014-09-02 13:46:37

Your requirement is to redirect user to different pages depending on the role. You can do this using authentication success handler also. Refer the sample success handler class I have written. You always have access to Authentication object in the overridden onAuthenticationSuccess method. You can get the authorities and role of logged in user and depending upon it, you can always redirect user to appropriate page.

Hope this helps.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why is my spring security not forwarding the request to authentication-success-handler? Spring security LDAP success handler Spring Security pre-authentication Moving Spring Security To Java Config, where does authentication-success-handler-ref go? Spring 4 Security Tiles 3 Custom Success Handler Spring MVC Authentication Success Handler and Controller spring security HttpSession is null after Authentication success Custom response after success authentication spring security Pre-authentication in Spring Security + LDAP Spring security pre-authentication for development mode
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM