SpringSecurity實現多登陸成功頁面和登陸成功返回被攔截界面java
使用SrpingSceurity做爲認證和受權的安全框架能夠省下不少基礎工做. android
具體能夠參考SpringSecurity,這裏很少說了.主要是記錄一下使用中碰到的問題. web
問題1spring
項目有不一樣客戶端須要不一樣的返回界面,好比Android的登陸返回json格式數據.網頁登陸跳轉到登陸成功頁面.express
SpringSecurity的默認配置是作不到這點的.如下是配置登陸成功頁面的地方.apache
<s:form-login login-page="/login.action" default-target-url="/loginsuccess.jsp" authentication-failure-url="/login.action?error=true" />
這裏若是loginsuccess.jsp頁面是登陸成功頁,那麼Android的登陸就很差返回json格式了. json
解決方法安全
使用AuthenticationSuccessHandler session
----------------示例見下----------------框架
1.定製本身的AuthenticationSuccessHandler類,實現AuthenticationSuccessHandler接口
package com.gt.util; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication auth) throws IOException, ServletException { String f = request.getParameter("f"); if (StringUtils.isNotEmpty(f)) { if(f.equals("android")){ response.setCharacterEncoding("UTF-8"); response.getWriter().write("登陸成功"+LoginUserUtil.getUser()); } }else{ request.getRequestDispatcher("/account/user.exp").forward(request, response); } } }
2.登陸頁面中指定f參數.只是示例,能夠本身根據業務定製.
3.修改配置文件
增長authentication-success-handler-ref="expaiSuccessHandler"
去掉default-target-url="/loginsuccess.jsp"
<s:form-login login-page="/login.exp" authentication-success-handler-ref="expaiSuccessHandler" authentication-failure-url="/login.exp?error=true" />
官方文檔介紹
Attribute : authentication-success-handler-ref
Reference to an AuthenticationSuccessHandler bean which should be used to handle a successful
authentication request. Should not be used in combination with default-target-url (or always-use-
default-target-url) as the implementation should always deal with navigation to the subsequent
destination
4.修改配置文件,增長bean定義
<bean id="expaiSuccessHandler" class="com.gt.util.MyAuthenticationSuccessHandler"></bean>
---------------------------問題1end---------------------
問題2
登陸後返回攔截前的界面
思路
在攔截後,進入登陸頁面前,把被攔截地址放入session中.登陸成功從session取出被攔截地址而且跳轉.
-------------代碼示例-----------
1.增長MyLoginUrlAuthenticationEntryPoint 繼承 LoginUrlAuthenticationEntryPoint
package com.gt.util; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; import org.springframework.security.web.util.RedirectUrlBuilder; public class MyLoginUrlAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint { public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { String returnUrl = buildHttpReturnUrlForRequest(request); request.getSession().setAttribute("ru", returnUrl); super.commence(request, response, authException); } protected String buildHttpReturnUrlForRequest(HttpServletRequest request) throws IOException, ServletException { RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder(); urlBuilder.setScheme("http"); urlBuilder.setServerName(request.getServerName()); urlBuilder.setPort(request.getServerPort()); urlBuilder.setContextPath(request.getContextPath()); urlBuilder.setServletPath(request.getServletPath()); urlBuilder.setPathInfo(request.getPathInfo()); urlBuilder.setQuery(request.getQueryString()); return urlBuilder.getUrl(); } }
2.修改配置文件,增長引用
<s:http auto-config="true" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint"> <bean id="loginUrlAuthenticationEntryPoint" class="com.gt.util.MyLoginUrlAuthenticationEntryPoint"> <property name="useForward" value="true" /> <property name="loginFormUrl" value="/login.exp" /> </bean>
3.修改MyAuthenticationSuccessHandler,增長獲取被攔截地址而且跳轉代碼
package com.gt.util; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication auth) throws IOException, ServletException { String f = request.getParameter("f"); if (StringUtils.isNotEmpty(f)) { if(f.equals("android")){ response.setCharacterEncoding("UTF-8"); response.getWriter().write("登陸成功"+LoginUserUtil.getUser()); } }else{ String ru = (String)request.getSession().getAttribute("ru"); request.getSession().removeAttribute("ru"); if(StringUtils.isNotEmpty(ru)){ response.sendRedirect(ru); //request.getRequestDispatcher(ru).forward(request, response); }else{ request.getRequestDispatcher("/account/user.exp").forward(request, response); } } } }