Spring Security之實現登陸後跳轉到登陸前頁面

1.經過登陸頁登陸後，跳轉到後臺首頁 。例如，直接打開login.htm登陸，登陸成功後應跳轉到admin/adminIndex.htm

2.直接訪問後臺其餘須要權限的頁面，由於權限控制的緣由會被跳轉到登陸頁，登陸成功後，應在此跳轉到想直接訪問的頁面。例如，admin/b.htm須要權限才能夠訪問，未登陸的無權限用戶直接訪問改頁面，會被跳轉到登陸頁login.htm，登錄成功後，應自動跳轉到admin/b.htm頁。

借用其餘人畫的流程圖

    當在ExceptionTranslationFilter中攔截時，會調用HttpSessionRequestCache保存原始的請求信息。在UsernamePasswordAuthenticationFilter過濾器登陸成功後，會調用SavedRequestAwareAuthenticationSuccessHandler。我建立一個MyAuthenticationSuccessHandler類，繼承自SavedRequestAwareAuthenticationSuccessHandler，並在其中的onAuthenticationSuccess將頁面重定向至須要的URL。

public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    
    @Autowired
    private LogService logService;
    @Autowired
    private UserService userService;
    
    private final static Logger logger = LoggerFactory.getLogger(MyAuthenticationSuccessHandler.class);
    
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
        RequestCache requestCache = new HttpSessionRequestCache();
        UserDetails userDetails = (UserDetails) authentication.getPrincipal();
        User user = null;
        try {
            
            user = userService.getUserByMail(userDetails.getUsername());
            request.getSession().setAttribute("username",user.getUsername());
            request.getSession().setAttribute("userId",user.getId());
            logService.addLog("myUserDetailsService.loadUserByUsername","認證模塊","低",
                    "登陸","成功","郵箱爲" + user.getMail() + "的用戶登陸成功，登陸IP爲" + request.getRemoteAddr(),user.getId());
        }catch (Exception e){
            logService.addLog("MyAuthenticationSuccessHandler.onAuthenticationSuccess","認證模塊","高","登陸","失敗","保存session失敗,mail爲" + user.getMail(),user.getId());
        }
        String url = null;
        SavedRequest savedRequest = requestCache.getRequest(request,response);
        if(savedRequest != null){
            url = savedRequest.getRedirectUrl();
        }
        if(url == null){
            getRedirectStrategy().sendRedirect(request,response,"/admin/adminIndex.htm");
        }
        super.onAuthenticationSuccess(request, response, authentication);
    }
}

若URL爲空，代表用戶直接訪問 的登陸頁，則跳轉到後臺首頁，不然跳轉到以前的頁面中。

配置文件中須要設置authentication-success-handler-ref

<bean id="myAuthenticationSuccessHandler" class="com.jiyufei.security.security.MyAuthenticationSuccessHandler"></bean>

<sec:http auto-config="true" use-expressions="false">
    <sec:intercept-url pattern="/admin/login.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <sec:intercept-url pattern="/error/*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <sec:intercept-url pattern="/admin/*.htm" access="ROLE_ADMIN,ROLE_USER"/>
    <sec:intercept-url pattern="/*.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <sec:form-login login-page="/admin/login.htm" username-parameter="mail" password-parameter="password"
                    authentication-success-handler-ref="myAuthenticationSuccessHandler" authentication-failure-url="/admin/login.htm?err=1" login-processing-url="/admin/check.htm"/>

</sec:http>