SpringSecurity兌現多登陸成功頁面和登陸成功返回被攔截界面

SpringSecurity實現多登陸成功頁面和登陸成功返回被攔截界面

使用SrpingSceurity做爲認證和受權的安全框架能夠省下不少基礎工做.

具體能夠參考SpringSecurity,這裏很少說了.主要是記錄一下使用中碰到的問題.

問題1

項目有不一樣客戶端須要不一樣的返回界面,好比Android的登陸返回json格式數據.網頁登陸跳轉到登陸成功頁面.

SpringSecurity的默認配置是作不到這點的.如下是配置登陸成功頁面的地方.

<s:form-login login-page="/login.action" default-target-url="/loginsuccess.jsp" authentication-failure-url="/login.action?error=true" />

 這裏若是loginsuccess.jsp頁面是登陸成功頁,那麼Android的登陸就很差返回json格式了.

解決方法

使用AuthenticationSuccessHandler

----------------示例見下----------------

1.定製本身的AuthenticationSuccessHandler類,實現AuthenticationSuccessHandler接口

 

package com.gt.util;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

public class MyAuthenticationSuccessHandler implements
        AuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request,
            HttpServletResponse response, Authentication auth)
            throws IOException, ServletException {        
        String f = request.getParameter("f");
        if (StringUtils.isNotEmpty(f)) {
            if(f.equals("android")){
                response.setCharacterEncoding("UTF-8");
                response.getWriter().write("登陸成功"+LoginUserUtil.getUser());
            }
            
        }else{
            
            request.getRequestDispatcher("/account/user.exp").forward(request, response);
                        
        }

    }

}

2.登陸頁面中指定f參數.只是示例,能夠本身根據業務定製.

3.修改配置文件

增長authentication-success-handler-ref="expaiSuccessHandler"

去掉default-target-url="/loginsuccess.jsp"

<s:form-login login-page="/login.exp" authentication-success-handler-ref="expaiSuccessHandler" authentication-failure-url="/login.exp?error=true" />

 官方文檔介紹

 Attribute : authentication-success-handler-ref

Reference to an AuthenticationSuccessHandler bean which should be used to handle a successful 

 authentication request. Should not be used in combination with default-target-url (or always-use-

 default-target-url) as the implementation should always deal with navigation to the subsequent 

 destination

4.修改配置文件,增長bean定義

<bean id="expaiSuccessHandler" class="com.gt.util.MyAuthenticationSuccessHandler"></bean>

---------------------------問題1end--------------------- 

 問題2

登陸後返回攔截前的界面

思路

在攔截後,進入登陸頁面前,把被攔截地址放入session中.登陸成功從session取出被攔截地址而且跳轉.

-------------代碼示例-----------

1.增長MyLoginUrlAuthenticationEntryPoint 繼承 LoginUrlAuthenticationEntryPoint

package com.gt.util;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.util.RedirectUrlBuilder;

public class MyLoginUrlAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {

    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
            throws IOException, ServletException {
        String returnUrl = buildHttpReturnUrlForRequest(request);
        request.getSession().setAttribute("ru", returnUrl);
        super.commence(request, response, authException);
    }

    protected String buildHttpReturnUrlForRequest(HttpServletRequest request)
            throws IOException, ServletException {


        RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
        urlBuilder.setScheme("http");
        urlBuilder.setServerName(request.getServerName());
        urlBuilder.setPort(request.getServerPort());
        urlBuilder.setContextPath(request.getContextPath());
        urlBuilder.setServletPath(request.getServletPath());
        urlBuilder.setPathInfo(request.getPathInfo());
        urlBuilder.setQuery(request.getQueryString());

        return urlBuilder.getUrl();
    }

}

2.修改配置文件,增長引用

<s:http auto-config="true" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint"> 
<bean id="loginUrlAuthenticationEntryPoint" class="com.gt.util.MyLoginUrlAuthenticationEntryPoint">
        <property name="useForward" value="true" />
        <property name="loginFormUrl" value="/login.exp" />
</bean>

3.修改MyAuthenticationSuccessHandler,增長獲取被攔截地址而且跳轉代碼

 

package com.gt.util;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request,
            HttpServletResponse response, Authentication auth)
            throws IOException, ServletException {        
        String f = request.getParameter("f");
        if (StringUtils.isNotEmpty(f)) {
            if(f.equals("android")){
                response.setCharacterEncoding("UTF-8");
                response.getWriter().write("登陸成功"+LoginUserUtil.getUser());
            }
            
        }else{
            String ru = (String)request.getSession().getAttribute("ru");
            request.getSession().removeAttribute("ru");
            if(StringUtils.isNotEmpty(ru)){
                response.sendRedirect(ru);
                //request.getRequestDispatcher(ru).forward(request, response);
            }else{
                request.getRequestDispatcher("/account/user.exp").forward(request, response);
            }
            
        }

    }

}