[英]AuthenticationSuccessHandler in Spring Security
我在Spring Boot應用程序中使用了spring security,有兩種類型的用戶:一個是ADMIN,一個只是一個簡單的用戶。 我從DataSource獲取數據,然后執行SQL查詢。
我的問題是重定向 :對於每個用戶我都有不同的主頁。 我正在嘗試使用AthenticationSuccessHandler ,但它不起作用。
請幫忙。
我的Spring安全類配置:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import javax.sql.DataSource;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
Securityhandler successHandler;
// Pour l'authentification des Utilisateur de Table Utilisateur
@Autowired
public void GlobalConfig(AuthenticationManagerBuilder auth,DataSource dataSource) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("SELECT \"Pseudo\" AS principal , \"Password\" AS credentials , true FROM \"UTILISATEUR\" WHERE \"Pseudo\" = ? ")
.authoritiesByUsernameQuery("SELECT u.\"Pseudo\" AS principal , r.role as role FROM \"UTILISATEUR\" u ,\"Role\" r where u.id_role=r.id_role AND \"Pseudo\" = ? ")
.rolePrefix("_ROLE");
}
// ne pas appliqué la securité sur les ressources
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/bootstrap/**","/css/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.successHandler(successHandler);
}
}
這是我的AuthenticationSuccessHandler :
import java.io.IOException;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
public class Securityhandler implements AuthenticationSuccessHandler {
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
if (roles.contains("ROLE_Admin")) {
response.sendRedirect("/admin/home.html");
}
}
}
這是控制台中的錯誤:
org.springframework.beans.factory.BeanCreationException:創建名為'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration'的bean時出錯:注入自動連接的依賴項失敗;
import java.io.IOException;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
@Component
public class Securityhandler implements AuthenticationSuccessHandler {
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
if (roles.contains("ROLE_ADMIN")) {
response.sendRedirect("admin/home.html");
}
}
}
您已經錯過了成功處理程序類中的@Component注釋。
而不是下傳AuthenticationSuccessHandler ,值得了解Spring安全角色檢查配置:
@Configuration
@EnableWebSecurity
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN");
}
...
}
或預先檢查每個端點的角色:
@Autowired
@PreAuthorize("hasRole('ADMIN')")
@RequestMapping("/")
public ModelAndView home(HttpServletRequest request) throws Exception {
}
其中默認的Role前綴是ROLE_
https://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html https://www.baeldung.com/spring-security-expressions-basic
用於RememberMeAuthenticationFilter的Spring Security authenticationSuccessHandler
[英]Spring Security authenticationSuccessHandler for RememberMeAuthenticationFilter
Spring Security 3的AuthenticationSuccessHandler示例
[英]AuthenticationSuccessHandler example for Spring Security 3
Spring Security自定義AuthenticationSuccessHandler
[英]spring security custom AuthenticationSuccessHandler
Spring Security自定義AuthenticationSuccessHandler被忽略
[英]Spring Security custom AuthenticationSuccessHandler is ignored
Spring Security以編程方式登錄(AuthenticationSuccessHandler)
[英]Spring Security login programmatically (AuthenticationSuccessHandler)
春季安全性沒有類型為AuthenticationSuccessHandler和AuthenticationFalureHandler的合格Bean
[英]spring security No qualifying bean of type AuthenticationSuccessHandler and AuthenticationFalureHandler
Spring Security - AuthenticationSuccessHandler中的身份驗證用戶名為null
[英]Spring Security - Authentication's username is null in AuthenticationSuccessHandler
如何在Spring Security的SAML擴展中注冊AuthenticationSuccessHandler或SAMLRelayStateSuccessHandler?
[英]How to register AuthenticationSuccessHandler or SAMLRelayStateSuccessHandler in Spring Security's SAML extension?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.