Spring MVC 身份验证成功处理程序和控制器
Spring MVC Authentication Success Handler and Controller
我制作了一个用户登录界面,用户使用 spring security 进行身份验证。
我制作了一个 AuthenticationSuccessHandler 将用户重定向到新页面。
我还想实现 loginController 以获取登录用户的名称以及显示错误凭据的错误消息。这是我的 Handler 代码:
public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
protected final Log logger = LogFactory.getLog(this.getClass());
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
protected MySimpleUrlAuthenticationSuccessHandler() {
super();
}
@Override
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException {
handle(request, response, authentication);
clearAuthenticationAttributes(request);
}
protected void handle(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException {
final String targetUrl = determineTargetUrl(authentication);
if (response.isCommitted()) {
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
protected String determineTargetUrl(final Authentication authentication) {
boolean isUser = false;
boolean isAdmin = false;
final Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
for (final GrantedAuthority grantedAuthority : authorities) {
if (grantedAuthority.getAuthority().equals("ROLE_USER")) {
isUser = true;
break;
} else if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {
isAdmin = true;
break;
}
}
if (isUser) {
return "/static_htm.html";
} else if (isAdmin) {
return "/console.html";
} else {
throw new IllegalStateException();
}
}
还有我的 controller 代码:
@Controller
public class HelloController {
@RequestMapping(value="/login", method = RequestMethod.GET)
public String printWelcome(ModelMap model, Principal principal ) {
String name = principal.getName();
model.addAttribute("username", name);
model.addAttribute("message", "Spring Security Hello World");
return "static_htm"; //page after successful login
}
@RequestMapping(value="/login", method = RequestMethod.GET)
public String login(ModelMap model) {
return "login"; //login page
}
@RequestMapping(value="/loginfailed", method = RequestMethod.GET)
public String loginerror(ModelMap model) {
//String errormessage = resources.getMessage("login.error", null, null);
model.addAttribute("error", "true");
return "login"; //login page
}
}
处理程序工作正常,但我无法获取用户名和错误消息。我应该怎么做才能让 handler 和 controller 一起工作?
非常感谢任何建议。
根据你的问题,我推测你想在登录控制器中获取用户名。
如果不是这样,请无视我的回答。
你可能实际上把它弄反了。
成功处理程序有点像 "default-target-url" 的自定义实现。
所以它实际上是在登录控制器后执行的...
当登录成功,并且没有之前请求的路径(这是由 SavedRequestAwareAuthenticationSuccessHandler 实现的),那么请求将被发送到 "default-target-url"。
或者当有自定义成功处理程序时,成功处理程序将确定它去的路径。
我制作了一个用户登录界面,用户使用 spring security 进行身份验证。
我制作了一个 AuthenticationSuccessHandler 将用户重定向到新页面。
我还想实现 loginController 以获取登录用户的名称以及显示错误凭据的错误消息。这是我的 Handler 代码:
public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
protected final Log logger = LogFactory.getLog(this.getClass());
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
protected MySimpleUrlAuthenticationSuccessHandler() {
super();
}
@Override
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException {
handle(request, response, authentication);
clearAuthenticationAttributes(request);
}
protected void handle(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException {
final String targetUrl = determineTargetUrl(authentication);
if (response.isCommitted()) {
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
protected String determineTargetUrl(final Authentication authentication) {
boolean isUser = false;
boolean isAdmin = false;
final Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
for (final GrantedAuthority grantedAuthority : authorities) {
if (grantedAuthority.getAuthority().equals("ROLE_USER")) {
isUser = true;
break;
} else if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {
isAdmin = true;
break;
}
}
if (isUser) {
return "/static_htm.html";
} else if (isAdmin) {
return "/console.html";
} else {
throw new IllegalStateException();
}
}
还有我的 controller 代码:
@Controller
public class HelloController {
@RequestMapping(value="/login", method = RequestMethod.GET)
public String printWelcome(ModelMap model, Principal principal ) {
String name = principal.getName();
model.addAttribute("username", name);
model.addAttribute("message", "Spring Security Hello World");
return "static_htm"; //page after successful login
}
@RequestMapping(value="/login", method = RequestMethod.GET)
public String login(ModelMap model) {
return "login"; //login page
}
@RequestMapping(value="/loginfailed", method = RequestMethod.GET)
public String loginerror(ModelMap model) {
//String errormessage = resources.getMessage("login.error", null, null);
model.addAttribute("error", "true");
return "login"; //login page
}
}
处理程序工作正常,但我无法获取用户名和错误消息。我应该怎么做才能让 handler 和 controller 一起工作?
非常感谢任何建议。
根据你的问题,我推测你想在登录控制器中获取用户名。
如果不是这样,请无视我的回答。
你可能实际上把它弄反了。
成功处理程序有点像 "default-target-url" 的自定义实现。
所以它实际上是在登录控制器后执行的...
当登录成功,并且没有之前请求的路径(这是由 SavedRequestAwareAuthenticationSuccessHandler 实现的),那么请求将被发送到 "default-target-url"。
或者当有自定义成功处理程序时,成功处理程序将确定它去的路径。