Spring Security 根據權限跳轉不一樣畫面(使用authentication-suc...

最近項目開發中有這樣一個業務邏輯，一個登錄畫面，根據不一樣權限跳轉到不一樣的畫面(Action) 
開始的作法是直接跳到一個調度的Action，再由這個Action去分配。 
此次開發使用了安全框架，遂但願經過安全框架去作這個調度 
因而使用authentication-success-handler-ref 
來替換default-target-url和always-use-default-target,實現這一目的 

國際慣例，先上代碼 



Xml代碼  
1.<http auto-config='true'  >  
2.  <intercept-url pattern="/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>  
3.  <intercept-url pattern="/user/**" access="ROLE_SPACE_ADMIN,ROLE_SMALL_SPACE_ADMIN,ROLE_INSTITUTION_MEMBER,ROLE_SYSTEM_ADMIN"/>    
4.  <intercept-url pattern="/admin/**" access="ROLE_SUPER_ADMIN"/>    
5.  <form-login login-page="/user/login.action"   
6.            authentication-failure-url="/user/login.action?msg=fault"   
7.            authentication-success-handler-ref="authenticationDispatcher"  
8.            login-processing-url="/securityLogin"/>  
9.  <logout logout-success-url="/user/login.action" logout-url="/securityLogout"/>  
10.</http>  
11.<beans:bean id="authenticationDispatcher" class="com.lstp.service.security.impl.LstpAuthenticationSuccessHandler">  
12.  <beans:property name="authDispatcherMap">  
13.    <beans:ref local="dispatcherMap"/>  
14.  </beans:property>  
15.</beans:bean>  
16.<beans:bean id="dispatcherMap" class="java.util.HashMap">  
17.  <beans:constructor-arg>  
18.    <beans:map>  
19.      <beans:entry key="ROLE_SPACE_ADMIN" value="/user/userSpace.action"/>  
20.      <beans:entry key="ROLE_SMALL_SPACE_ADMIN" value="/user/userSpace.action"/>  
21.      <beans:entry key="ROLE_INSTITUTION_MEMBER" value="/user/userSpace.action"/>  
22.      <beans:entry key="ROLE_SYSTEM_ADMIN" value="/admin/adminSpace.action"/>  
23.      <beans:entry key="ROLE_SUPER_ADMIN" value="/admin/adminSpace.action"/>  
24.      </beans:map>  
25.  </beans:constructor-arg>  
26.</beans:bean>  
 
authentication-success-handler-ref="authenticationDispatcher"是相當重要的,當登錄成功會調用實現AuthenticationSuccessHandler接口的onAuthenticationSuccess方法.
 下面是實現類 



Java代碼  
1.package com.lstp.service.security.impl;  
2.  
3.import java.io.IOException;  
4.import java.util.Collection;  
5.import java.util.Map;  
6.  
7.import javax.servlet.ServletException;  
8.import javax.servlet.http.HttpServletRequest;  
9.import javax.servlet.http.HttpServletResponse;  
10.import org.springframework.security.core.Authentication;  
11.import org.springframework.security.core.GrantedAuthority;  
12.import org.springframework.security.core.authority.GrantedAuthorityImpl;  
13.import org.springframework.security.web.authentication.AuthenticationSuccessHandler;  
14.import org.springframework.util.Assert;  
15.  
16./** 
17. * 權限登陸成功句柄 
18. * 該類爲平臺成功跳轉到多個入口提供依據 
19. * @author  ryuu-kk 
20. * 
21. */  
22.public class LstpAuthenticationSuccessHandler implements AuthenticationSuccessHandler {  
23.  
24.    /** 
25.     * url參數 
26.     */  
27.    private Map<String, String> map;  
28.    /** 
29.     * 多role選擇,默認取得權限表第一個權限 
30.     */  
31.    private boolean isFirst = true;  
32.    @Override  
33.    public void onAuthenticationSuccess(HttpServletRequest request,  
34.            HttpServletResponse response, Authentication authentication)  
35.            throws IOException, ServletException {  
36.        Assert.notNull(map, "AuthInterceptMap is null!");  
37.        String url = "";  
38.        Collection<GrantedAuthority> authCollection = authentication.getAuthorities();  
39.  
40.        if (authCollection.isEmpty()) {  
41.            return;  
42.        }  
43.        //對於一個登陸用戶有多種角色,只取得第一個  
44.        if (isFirst) {  
45.            GrantedAuthority[] a = new GrantedAuthorityImpl[]{};  
46.            url = map.get(authCollection.toArray(a)[0].toString());  
47.            response.sendRedirect(request.getContextPath() + url);  
48.            return;  
49.        }  
50.        //選擇取得最後一個role掉轉;這裏一個用戶的多個角色較少  
51.        //迭代的速度比轉換成數組的速度要快  
52.        for (GrantedAuthority auth : authCollection) {  
53.            url = map.get(auth.getAuthority());  
54.        }  
55.        response.sendRedirect(url);  
56.    }  
57.      
58.    /** 
59.     * 權限跳轉依據 
60.     * @param map 參數 
61.     *  key:url 
62.     *  value:role 
63.     */  
64.    public void setAuthDispatcherMap(Map<String, String> map) {  
65.        this.map = map;  
66.    }  
67.  
68.    /** 
69.     * 多種角色方案 
70.     * 設置是否只取得第一個role 
71.     * @param isFirst true:多種角色只取第一個，false:取得最後一個 
72.     */  
73.    public void setMultipleAuth(boolean isFirst) {  
74.        this.isFirst = isFirst;  
75.    }  
76.}