基于角色的Spring安全重定向 [英] spring security redirect based on role

问题描述

我有以下spring-security.xml文件:-

i have the following spring-security.xml file :-

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <http auto-config="true">
           <intercept-url pattern="/Freelancer/**" access="ROLE_FREELANCE" />
           <intercept-url pattern="/Client/**" access="ROLE_CLIENT" />
           <intercept-url pattern="/Agency/**" access="ROLE_AGENCY" />
           <intercept-url pattern="/Manager/**" access="ROLE_MANAGER" />
           <intercept-url pattern="/User/**" access="ROLE_USER" />
           <form-login default-target-url="/${role}" login-page="/login.jsp" />
           <logout logout-url="/logout" logout-success-url="/" />
    </http>

    <authentication-manager>
           <authentication-provider>
             <jdbc-user-service data-source-ref="dataSource" 
               users-by-username-query="select user_name,password, enabled from Users where user_name=?"  
               authorities-by-username-query="select u.user_name, u.role from Users u where u.user_name =?"/>                 
           </authentication-provider>
    </authentication-manager>

</beans:beans>  

我想要什么，我想将用户重定向到他们的工作区，例如，如果客户端登录，那么他将被重定向到/Client/index.jsp，如果代理商登录，他们将被重定向到/Agency/index .jsp.

what i want, i want to redirect the user to their workspace, for example if Client login then he will be redirected to the /Client/index.jsp, if Agency login, they will be redirected to the /Agency/index.jsp.

之前没有任何方法可以访问该角色，他将在spring-security.xml文件中重定向到他们的工作区.

is there any way to access the role before, he will be redirected to their workspace in spring-security.xml file.

<form-login default-target-url="/${role}" login-page="/login.jsp" />

我的目录结构类似于角色.

I have the directory structure similer to role.

有任何想法.

推荐答案

编写一个spring控制器，该控制器将根据用户角色显示不同的页面.编写身份验证成功处理程序类，并编写代码以根据角色决定重定向的位置.

Write a spring controller which will serve different pages to be shown based on user role. Write Authentication success handler class and write code to decide where to redirect based on roles.

首先需要更改<form-login />标签.

<form-login login-page="/landing" authentication-success-handler-ref="authSuccessHandler" />

<beans:bean id="authSuccessHandler" class="com.package.AuthSuccessHandler" />

删除default-target-url属性.让auth处理程序决定将用户重定向到何处.

Remove default-target-url attribute. Let auth handler decide where to redirect the user.

身份验证成功处理程序类如下:

Auth success handler class will be like :

public class AuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    @Override
    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
        // Get the role of logged in user
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        String role = auth.getAuthorities().toString();

        String targetUrl = "";
        if(role.contains("client")) {
            targetUrl = "/client/index";
        } else if(role.contains("agency")) {
            targetUrl = "/agency/index";
        }
        return targetUrl;
    }
}

这是示例代码.根据您的要求进行更改.

This is a sample code. Change it as per your requirements.

这篇关于基于角色的Spring安全重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！