Spring Security 中的 AuthenticationSuccessHandler [英] AuthenticationSuccessHandler in Spring Security

问题描述

我在 Spring Boot 应用程序中使用了 spring security，有两种类型的用户:一种是管理员，一种只是简单用户.我从 DataSource 获取数据，然后执行 SQL 查询.

I've used spring security in a Spring Boot application and there are 2 types of users: one is an ADMIN, and one just a simple user. I get the data from a DataSource, then I execute an SQL query.

我的问题是重定向:对于每个用户，我都有不同的主页.我正在尝试使用 AthenticationSuccessHandler，但它不起作用.

My problem is with a redirection: for every user I have a different homepage. I'm trying to use to AthenticationSuccessHandler, but it won't work.

请帮忙.

我的 Spring 安全类配置:

My Spring security class configuration :

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;

import javax.sql.DataSource;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    Securityhandler successHandler;

    // Pour l'authentification des Utilisateur de Table Utilisateur
    @Autowired  
    public void GlobalConfig(AuthenticationManagerBuilder auth,DataSource dataSource) throws Exception {
        auth.jdbcAuthentication()
            .dataSource(dataSource) 
            .usersByUsernameQuery("SELECT  "Pseudo" AS principal , "Password" AS  credentials , true FROM "UTILISATEUR" WHERE "Pseudo" =  ? ")
            .authoritiesByUsernameQuery("SELECT  u."Pseudo" AS principal , r.role as role  FROM "UTILISATEUR" u ,"Role" r where u.id_role=r.id_role AND "Pseudo" = ?  ")
            .rolePrefix("_ROLE");
    }

    // ne pas appliqué la securité sur les ressources 
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
        .antMatchers("/bootstrap/**","/css/**");

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()   
            .authorizeRequests()
            .anyRequest()   
                .authenticated()        
                .and()
                .formLogin()
                .loginPage("/login")
                .permitAll()
                .successHandler(successHandler);
    }

}

这是我的AuthenticationSuccessHandler:

import java.io.IOException;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

public class Securityhandler implements AuthenticationSuccessHandler {

    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
        Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
        if (roles.contains("ROLE_Admin")) {
            response.sendRedirect("/admin/home.html");
        }
    }
}

这是控制台中的错误:

And this is the error in the console:

org.springframework.beans.factory.BeanCreationException:错误用名字创建bean'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':自动装配依赖注入失败；

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Injection of autowired dependencies failed;

推荐答案

import java.io.IOException;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

@Component
public class Securityhandler implements AuthenticationSuccessHandler {

     public void onAuthenticationSuccess(HttpServletRequest request,   HttpServletResponse response, Authentication authentication) throws IOException  {
        Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
        if (roles.contains("ROLE_ADMIN")) {
            response.sendRedirect("admin/home.html");
        }
    }
}

你错过了 @Component 成功处理程序类中的注释.

You've missed the @Component annotation in your success handler class.

这篇关于Spring Security 中的 AuthenticationSuccessHandler的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！