Spring Security 根据权限跳转不一样画面(使用authentication-suc...

最近项目开发中有这样一个业务逻辑，一个登录画面，根据不一样权限跳转到不一样的画面(Action) 
开始的作法是直接跳到一个调度的Action，再由这个Action去分配。 
此次开发使用了安全框架，遂但愿经过安全框架去作这个调度 
因而使用authentication-success-handler-ref 
来替换default-target-url和always-use-default-target,实现这一目的 

国际惯例，先上代码 



Xml代码  
1.<http auto-config='true'  >  
2.  <intercept-url pattern="/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>  
3.  <intercept-url pattern="/user/**" access="ROLE_SPACE_ADMIN,ROLE_SMALL_SPACE_ADMIN,ROLE_INSTITUTION_MEMBER,ROLE_SYSTEM_ADMIN"/>    
4.  <intercept-url pattern="/admin/**" access="ROLE_SUPER_ADMIN"/>    
5.  <form-login login-page="/user/login.action"   
6.            authentication-failure-url="/user/login.action?msg=fault"   
7.            authentication-success-handler-ref="authenticationDispatcher"  
8.            login-processing-url="/securityLogin"/>  
9.  <logout logout-success-url="/user/login.action" logout-url="/securityLogout"/>  
10.</http>  
11.<beans:bean id="authenticationDispatcher" class="com.lstp.service.security.impl.LstpAuthenticationSuccessHandler">  
12.  <beans:property name="authDispatcherMap">  
13.    <beans:ref local="dispatcherMap"/>  
14.  </beans:property>  
15.</beans:bean>  
16.<beans:bean id="dispatcherMap" class="java.util.HashMap">  
17.  <beans:constructor-arg>  
18.    <beans:map>  
19.      <beans:entry key="ROLE_SPACE_ADMIN" value="/user/userSpace.action"/>  
20.      <beans:entry key="ROLE_SMALL_SPACE_ADMIN" value="/user/userSpace.action"/>  
21.      <beans:entry key="ROLE_INSTITUTION_MEMBER" value="/user/userSpace.action"/>  
22.      <beans:entry key="ROLE_SYSTEM_ADMIN" value="/admin/adminSpace.action"/>  
23.      <beans:entry key="ROLE_SUPER_ADMIN" value="/admin/adminSpace.action"/>  
24.      </beans:map>  
25.  </beans:constructor-arg>  
26.</beans:bean>  
 
authentication-success-handler-ref="authenticationDispatcher"是相当重要的,当登录成功会调用实现AuthenticationSuccessHandler接口的onAuthenticationSuccess方法.
 下面是实现类 



Java代码  
1.package com.lstp.service.security.impl;  
2.  
3.import java.io.IOException;  
4.import java.util.Collection;  
5.import java.util.Map;  
6.  
7.import javax.servlet.ServletException;  
8.import javax.servlet.http.HttpServletRequest;  
9.import javax.servlet.http.HttpServletResponse;  
10.import org.springframework.security.core.Authentication;  
11.import org.springframework.security.core.GrantedAuthority;  
12.import org.springframework.security.core.authority.GrantedAuthorityImpl;  
13.import org.springframework.security.web.authentication.AuthenticationSuccessHandler;  
14.import org.springframework.util.Assert;  
15.  
16./** 
17. * 权限登陆成功句柄 
18. * 该类为平台成功跳转到多个入口提供依据 
19. * @author  ryuu-kk 
20. * 
21. */  
22.public class LstpAuthenticationSuccessHandler implements AuthenticationSuccessHandler {  
23.  
24.    /** 
25.     * url参数 
26.     */  
27.    private Map<String, String> map;  
28.    /** 
29.     * 多role选择,默认取得权限表第一个权限 
30.     */  
31.    private boolean isFirst = true;  
32.    @Override  
33.    public void onAuthenticationSuccess(HttpServletRequest request,  
34.            HttpServletResponse response, Authentication authentication)  
35.            throws IOException, ServletException {  
36.        Assert.notNull(map, "AuthInterceptMap is null!");  
37.        String url = "";  
38.        Collection<GrantedAuthority> authCollection = authentication.getAuthorities();  
39.  
40.        if (authCollection.isEmpty()) {  
41.            return;  
42.        }  
43.        //对于一个登陆用户有多种角色,只取得第一个  
44.        if (isFirst) {  
45.            GrantedAuthority[] a = new GrantedAuthorityImpl[]{};  
46.            url = map.get(authCollection.toArray(a)[0].toString());  
47.            response.sendRedirect(request.getContextPath() + url);  
48.            return;  
49.        }  
50.        //选择取得最后一个role掉转;这里一个用户的多个角色较少  
51.        //迭代的速度比转换成数组的速度要快  
52.        for (GrantedAuthority auth : authCollection) {  
53.            url = map.get(auth.getAuthority());  
54.        }  
55.        response.sendRedirect(url);  
56.    }  
57.      
58.    /** 
59.     * 权限跳转依据 
60.     * @param map 参数 
61.     *  key:url 
62.     *  value:role 
63.     */  
64.    public void setAuthDispatcherMap(Map<String, String> map) {  
65.        this.map = map;  
66.    }  
67.  
68.    /** 
69.     * 多种角色方案 
70.     * 设置是否只取得第一个role 
71.     * @param isFirst true:多种角色只取第一个，false:取得最后一个 
72.     */  
73.    public void setMultipleAuth(boolean isFirst) {  
74.        this.isFirst = isFirst;  
75.    }  
76.}