Spring Security之实现登陆后跳转到登陆前页面

时间 2019-12-07

标签 spring security 实现登陆转到页面栏目 Spring 繁體版

原文原文链接

1.经过登陆页登陆后，跳转到后台首页。例如，直接打开login.htm登陆，登陆成功后应跳转到admin/adminIndex.htmexpress

2.直接访问后台其余须要权限的页面，由于权限控制的缘由会被跳转到登陆页，登陆成功后，应在此跳转到想直接访问的页面。例如，admin/b.htm须要权限才能够访问，未登陆的无权限用户直接访问改页面，会被跳转到登陆页login.htm，登录成功后，应自动跳转到admin/b.htm页。session

借用其余人画的流程图ide

当在ExceptionTranslationFilter中拦截时，会调用HttpSessionRequestCache保存原始的请求信息。在UsernamePasswordAuthenticationFilter过滤器登陆成功后，会调用SavedRequestAwareAuthenticationSuccessHandler。我建立一个MyAuthenticationSuccessHandler类，继承自SavedRequestAwareAuthenticationSuccessHandler，并在其中的onAuthenticationSuccess将页面重定向至须要的URL。url

public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    
    @Autowired
    private LogService logService;
    @Autowired
    private UserService userService;
    
    private final static Logger logger = LoggerFactory.getLogger(MyAuthenticationSuccessHandler.class);
    
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
        RequestCache requestCache = new HttpSessionRequestCache();
        UserDetails userDetails = (UserDetails) authentication.getPrincipal();
        User user = null;
        try {
            
            user = userService.getUserByMail(userDetails.getUsername());
            request.getSession().setAttribute("username",user.getUsername());
            request.getSession().setAttribute("userId",user.getId());
            logService.addLog("myUserDetailsService.loadUserByUsername","认证模块","低",
                    "登陆","成功","邮箱为" + user.getMail() + "的用户登陆成功，登陆IP为" + request.getRemoteAddr(),user.getId());
        }catch (Exception e){
            logService.addLog("MyAuthenticationSuccessHandler.onAuthenticationSuccess","认证模块","高","登陆","失败","保存session失败,mail为" + user.getMail(),user.getId());
        }
        String url = null;
        SavedRequest savedRequest = requestCache.getRequest(request,response);
        if(savedRequest != null){
            url = savedRequest.getRedirectUrl();
        }
        if(url == null){
            getRedirectStrategy().sendRedirect(request,response,"/admin/adminIndex.htm");
        }
        super.onAuthenticationSuccess(request, response, authentication);
    }
}

若URL为空，代表用户直接访问的登陆页，则跳转到后台首页，不然跳转到以前的页面中。orm

配置文件中须要设置authentication-success-handler-refhtm

<bean id="myAuthenticationSuccessHandler" class="com.jiyufei.security.security.MyAuthenticationSuccessHandler"></bean>

<sec:http auto-config="true" use-expressions="false">
    <sec:intercept-url pattern="/admin/login.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <sec:intercept-url pattern="/error/*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <sec:intercept-url pattern="/admin/*.htm" access="ROLE_ADMIN,ROLE_USER"/>
    <sec:intercept-url pattern="/*.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <sec:form-login login-page="/admin/login.htm" username-parameter="mail" password-parameter="password"
                    authentication-success-handler-ref="myAuthenticationSuccessHandler" authentication-failure-url="/admin/login.htm?err=1" login-processing-url="/admin/check.htm"/>

</sec:http>