【问题标题】:How redirect based on role after authentication with spring security使用spring security进行身份验证后如何基于角色进行重定向
【发布时间】:2014-07-01 18:44:25
【问题描述】:

我使用 spring security、spring、hibernate 和 jsf 身份验证工作正常,但它总是将我重定向到页面 home.jsf

我想在认证后管理用户的访问权限

我想在认证后管理用户的访问权限

如果权限 = ROLE_ADMIN 重定向 ves homeadmin.jsf

if authority = ROLE_RH redirect ves homerh.jsf

如果权限 = ROLE_EXCUTIVE 重定向 ves homeex.jsf

如果权限 = ROLE_MANAGER 重定向 ves homem.jsf

if authority = ROLE_GP redirect ves homegp.jsf

Collaborateur 表中的权限字段

Colaborateur 类是

private Integer idColaborateur;
    private Rolecol rolecol;
    private String matriculeColaborateur;
    private String nomColaborateur;
    private String prenomColaborateur;
    private String mailColaborateur;
    private String pwdColaboratuer;
    private String loginColaborateur;

    private String adresseColaborateur;
    private Boolean flgSuspendu;
    private Set<HistoriqueNoteObjctif> historiqueNoteObjctifs = new HashSet<HistoriqueNoteObjctif>(
            0);
    private Set<Note> notes = new HashSet<Note>(0);
    private Set<NoteObjectifs> noteObjectifses = new HashSet<NoteObjectifs>(0);
    private Set<CompagneDevaluation> compagneDevaluations = new HashSet<CompagneDevaluation>(
            0);
    private Set<ColaborateurHierarchique> colaborateurHierarchiques = new HashSet<ColaborateurHierarchique>(
            0);
    private String authority;
  //getter and seter

数据源配置在文件applicationContext.xml中

<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource">
        <property name="user" value="root" />
        <property name="driverClass" value="com.mysql.jdbc.Driver" />
        <property name="jdbcUrl" value="jdbc:mysql://localhost:3306/modulevsql" />
        <property name="password" value="root" />
        <property name="maxStatementsPerConnection" value="0" />
        <property name="maxAdministrativeTaskTime" value="0" />
        <property name="maxConnectionAge" value="0" />
        <property name="maxIdleTime" value="0" />
        <property name="maxIdleTimeExcessConnections" value="0" />
        <property name="maxPoolSize" value="0" />
        <property name="maxStatements" value="0" />
    </bean>

用户类是

public class User implements UserDetails {


    private static final long serialVersionUID = 1L;
    private String name;
    private String password;
    private Colaborateur user;

    public void setUser(Colaborateur user) {
        this.user = user;
    }

    public User(String name) {
        FacesContext fc=FacesContext.getCurrentInstance();      
        UserBean userBean=(UserBean) fc.getApplication().createValueBinding("#{UserBean}").getValue(fc);

        userBean.chargerUtilisateur(name);
        user = userBean.getUtilisateur();


        System.err.println("USERS    >>> "+user);


        PasswordSupport pswdSupport = new PasswordSupport();

        if (user!=null){

            System.out.println("User.getLogin() :"+user.getLoginColaborateur());
            System.out.println("user.getPwd() :"+user.getPwdColaboratuer());
            this.name=user.getMatriculeColaborateur();
            this.password=user.getPwdColaboratuer();
            System.err.println(pswdSupport.getMD5Hash("1"));
        }
    }


    public Collection<GrantedAuthority> getAuthorities() {

        List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();



        System.out.println("GrantedAuthorityImpl  1");
        System.out.println("GrantedAuthorityImpl  2");
        System.out.println("GrantedAuthorityImpl  3");
        System.out.println("GrantedAuthorityImpl  4");

        grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_VISITEUR"));


        return grantedAuthorities;
    }
           //getter and setter

这是 applicationContext-security.xml 文件

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans" 
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security-3.1.xsd">

      <global-method-security secured-annotations="enabled">
      </global-method-security>


      <http pattern="/modules/members/**" access-denied-page="/modules/members/accessDenied.jsf" authentication-manager-ref="MembersAuthenticationManager">

              <intercept-url pattern="/modules/members/secure/**" access="ROLE_VISITEUR" /> 
            <intercept-url pattern="/modules/members/secure/homeadmin.jsf" access="ROLE_ADMIN" />

            <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

            <form-login login-page="/modules/members/login.jsf"
                   default-target-url="/modules/members/secure/home.jsf" 
                  login-processing-url="/modules/members/j_spring_security_check"
                  authentication-failure-url="/modules/members/login.jsf" /> 
            <logout logout-url="/modules/members/secure/logout"
                  logout-success-url="/modules/members/login.jsf" delete-cookies="true" />

      </http>


      <authentication-manager alias="MembersAuthenticationManager">
            <authentication-provider user-service-ref="securityManager">
                  <password-encoder hash="md5" />
            </authentication-provider>
      </authentication-manager>
      <beans:bean id="securityManager" class="tn.com.security.SecurityManager" />

</beans:beans>

【问题讨论】:

    标签: spring spring-security


    【解决方案1】:

    实现AuthenticationSuccessHandler 并根据您传入的Authentication 中包含的GrantedAuthority 对象集合进行重定向。

    public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
        @Override
        public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException {
                /* Redirect on the successful authentication of the user */
                logger.info("Hit the AuthSuccessHandler");
                String redirectAddress = null;
                Collection<? extends GrantedAuthority> auths = authResult.getAuthorities();
                if(auths.contains("ROLE_ADMIN"){
                    response.sendRedirect(response.encodeURL("homeadmin.jsf");
                }
    

    等等等等等等

    您甚至可以将角色添加到 Enum 并编写 switch 语句来确定重定向位置。

    确保在您的安全配置中声明您的AuthenticationSuccessHandler

    <beans:bean id="customAuthenticationSuccessHandler" class="foo.bar.CustomAuthenticationSuccessHandler" /> 
    
    <form-login login-page="/LoginView"
            authentication-success-handler-ref="customAuthenticationSuccessHandler" 
            authentication-failure-url="/FailedLogin" />
    

    【讨论】:

      【解决方案2】:

      JamesENL 给出的答案是正确的,但有一点:
      您需要遍历 GrantedAuthority 的集合,然后才检查 ROLE:

       收藏?扩展 GrantedAuthority> 权限 = authResult.getAuthorities();
            对于(GrantedAuthoritygrantAuthority:权威){
                  if (grantedAuthority.getAuthority().equals("ROLE_USER")) {
                      response.sendRedirect("/userHome);
                      返回;
                  } else if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {
                     response.sendRedirect("/adminHome);
                     返回;
                  }
              }
      

      【讨论】:

        猜你喜欢
        • 2014-07-03
        • 2011-04-30
        • 2019-04-23
        • 1970-01-01
        • 2012-11-27
        • 1970-01-01
        • 1970-01-01
        • 2018-08-09
        相关资源
        最近更新 更多