基於角色的spring安全重定向
[英]spring security redirect based on role
問題描述
我有以下spring-security.xml文件: -
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true">
<intercept-url pattern="/Freelancer/**" access="ROLE_FREELANCE" />
<intercept-url pattern="/Client/**" access="ROLE_CLIENT" />
<intercept-url pattern="/Agency/**" access="ROLE_AGENCY" />
<intercept-url pattern="/Manager/**" access="ROLE_MANAGER" />
<intercept-url pattern="/User/**" access="ROLE_USER" />
<form-login default-target-url="/${role}" login-page="/login.jsp" />
<logout logout-url="/logout" logout-success-url="/" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select user_name,password, enabled from Users where user_name=?"
authorities-by-username-query="select u.user_name, u.role from Users u where u.user_name =?"/>
</authentication-provider>
</authentication-manager>
</beans:beans>
我想要的是,我想將用戶重定向到他們的工作區,例如,如果客戶端登錄,那么他將被重定向到/Client/index.jsp,如果代理登錄,他們將被重定向到/Agency/index.jsp。
有沒有辦法在以前訪問該角色,他將被重定向到spring-security.xml文件中的工作區。
<form-login default-target-url="/${role}" login-page="/login.jsp" />
我有目錄結構similer到角色。
有任何想法。
3 個解決方案
解決方案1
14 2014-02-24 12:13:40
編寫一個彈簧控制器,根據用戶角色顯示不同的頁面。 編寫身份驗證成功處理程序類並編寫代碼以根據角色決定重定向的位置。
首先需要更改<form-login />標簽。
<form-login login-page="/landing" authentication-success-handler-ref="authSuccessHandler" />
<beans:bean id="authSuccessHandler" class="com.package.AuthSuccessHandler" />
刪除default-target-url屬性。 讓auth處理程序決定重定向用戶的位置。
Auth成功處理程序類將如下:
public class AuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
// Get the role of logged in user
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String role = auth.getAuthorities().toString();
String targetUrl = "";
if(role.contains("client")) {
targetUrl = "/client/index";
} else if(role.contains("agency")) {
targetUrl = "/agency/index";
}
return targetUrl;
}
}
這是一個示例代碼。 根據您的要求進行更改。
解決方案2
4 2017-12-08 09:25:04
您可以使用自定義成功處理程序使用基於注釋的解決方案,如下所示
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
@Component
public class CustomSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException {
String targetUrl = determineTargetUrl(authentication);
if (response.isCommitted()) {
System.out.println("Can't redirect");
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
/*
* This method extracts the roles of currently logged-in user and returns
* appropriate URL according to his/her role.
*/
protected String determineTargetUrl(Authentication authentication) {
String url = "";
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
List<String> roles = new ArrayList<String>();
for (GrantedAuthority a : authorities) {
roles.add(a.getAuthority());
}
if (isDba(roles)) {
url = "/db";
} else if (isAdmin(roles)) {
url = "/admin";
} else if (isUser(roles)) {
url = "/home";
} else {
url = "/accessDenied";
}
return url;
}
private boolean isUser(List<String> roles) {
if (roles.contains("ROLE_USER")) {
return true;
}
return false;
}
private boolean isAdmin(List<String> roles) {
if (roles.contains("ROLE_ADMIN")) {
return true;
}
return false;
}
private boolean isDba(List<String> roles) {
if (roles.contains("ROLE_DBA")) {
return true;
}
return false;
}
public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
this.redirectStrategy = redirectStrategy;
}
protected RedirectStrategy getRedirectStrategy() {
return redirectStrategy;
}
}
安全配置為:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
CustomSuccessHandler customSuccessHandler;
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("bill").password("abc123").roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("root123").roles("ADMIN");
auth.inMemoryAuthentication().withUser("dba").password("root123").roles("ADMIN","DBA");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/home").access("hasRole('USER')")
.antMatchers("/admin/**").access("hasRole('ADMIN')")
.antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")
.and().formLogin().loginPage("/login").successHandler(customSuccessHandler)
.usernameParameter("ssoId").passwordParameter("password")
.and().csrf()
.and().exceptionHandling().accessDeniedPage("/Access_Denied");
}
}
解決方案3
1 2017-02-02 04:40:32
最好在授予權限的情況下使用equals檢查角色,如果多個角色存在於同一部分,則包含可能會失敗。
在表單登錄配置中添加身份驗證成功處理程序如下
<http auto-config="true">
<intercept-url pattern="/Freelancer/**" access="ROLE_FREELANCE" />
<intercept-url pattern="/Client/**" access="ROLE_CLIENT" />
<intercept-url pattern="/Agency/**" access="ROLE_AGENCY" />
<intercept-url pattern="/Manager/**" access="ROLE_MANAGER" />
<intercept-url pattern="/User/**" access="ROLE_USER" />
<form-login login-page='/login.html'
authentication-failure-url="/login.html?error=true"
authentication-success-handler-ref="myAuthenticationSuccessHandler"/>
<logout logout-url="/logout" logout-success-url="/" />
</http>
成功處理程序如下:
public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
protected Log logger = LogFactory.getLog(this.getClass());
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
handle(request, response, authentication);
clearAuthenticationAttributes(request);
}
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
String targetUrl = determineTargetUrl(authentication);
if (response.isCommitted()) {
logger.debug(
"Response has already been committed. Unable to redirect to "
+ targetUrl);
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
protected String determineTargetUrl(Authentication authentication) {
boolean isUser = false;
boolean isFreelance = false;
boolean isClient = false;
boolean isAgency = false;
boolean isManager = false;
Collection<? extends GrantedAuthority> authorities
= authentication.getAuthorities();
for (GrantedAuthority grantedAuthority : authorities) {
if (grantedAuthority.getAuthority().equals("ROLE_FREELANCE")) {
isFreelance = true;
break;
} else if (grantedAuthority.getAuthority().equals("ROLE_CLIENT")) {
isClient = true;
break;
} else if (grantedAuthority.getAuthority().equals("ROLE_AGENCY")) {
isAgency = true;
break;
} else if (grantedAuthority.getAuthority().equals("ROLE_MANAGER")) {
isManager = true;
break;
} else if (grantedAuthority.getAuthority().equals("ROLE_USER")) {
isUser = true;
break;
}
}
if (isFreelance) {
return "freelance/homepage.html";
} else if (isClient) {
return "client/homepage.html";
} else if (isAgency) {
return "agency/homepage.html";
} else if (isManager) {
return "manager/homepage.html";
} else if (isUser) {
return "user/homepage.html";
} else {
throw new IllegalStateException();
}
}
protected void clearAuthenticationAttributes(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session == null) {
return;
}
session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
this.redirectStrategy = redirectStrategy;
}
protected RedirectStrategy getRedirectStrategy() {
return redirectStrategy;
}
}
使用Spring Security進行身份驗證后如何基於角色重定向
[英]How redirect based on role after authentication with spring security
使用 Spring 安全配置基於用戶角色登錄后重定向到 User_dashboard 頁面
[英]Redirect to User_dashboard page after login based on user role with Spring Security Configuration
Spring Security - GrantedAuthority 和基於角色的訪問
[英]Spring Security - GrantedAuthority and role-based access
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
基於角色的Spring安全重定向不起作用
使用Spring Security進行身份驗證后如何基於角色重定向
spring security 通過 ROLE 重定向用戶
Spring Security中基於角色的儀表板
spring security - 基於角色的訪問
Spring 基於安全用戶的權限? (不基於角色)
使用 Spring 安全配置基於用戶角色登錄后重定向到 User_dashboard 頁面
Spring Security - GrantedAuthority 和基於角色的訪問
基於Spring MVC和安全角色的限制問題
Spring Security RESTful基於路徑的角色控制
相關標簽