SpringSecurity实现多登录成功页面和登录成功返回被拦截界面
使用SrpingSceurity作为认证和授权的安全框架可以省下很多基础工作.
具体可以参考SpringSecurity,这里不多说了.主要是记录一下使用中碰到的问题.
?
问题1
项目有不同客户端需要不同的返回界面,比如Android的登录返回json格式数据.网页登录跳转到登录成功页面.
SpringSecurity的默认配置是做不到这点的.以下是配置登录成功页面的地方.
?
?
<s:form-login login-page="/login.action" default-target-url="/loginsuccess.jsp" authentication-failure-url="/login.action?error=true" />
?
?这里如果loginsuccess.jsp页面是登录成功页,那么Android的登录就不好返回json格式了.
?
解决方法
使用AuthenticationSuccessHandler
?
----------------示例见下----------------
1.定制自己的AuthenticationSuccessHandler类,实现AuthenticationSuccessHandler接口
?
package com.gt.util;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.commons.lang.StringUtils;import org.springframework.security.core.Authentication;import org.springframework.security.web.authentication.AuthenticationSuccessHandler;public class MyAuthenticationSuccessHandler implementsAuthenticationSuccessHandler {@Overridepublic void onAuthenticationSuccess(HttpServletRequest request,HttpServletResponse response, Authentication auth)throws IOException, ServletException {String f = request.getParameter("f");if (StringUtils.isNotEmpty(f)) {if(f.equals("android")){response.setCharacterEncoding("UTF-8");response.getWriter().write("登录成功"+LoginUserUtil.getUser());}}else{request.getRequestDispatcher("/account/user.exp").forward(request, response);}}}?
?
2.登录页面中指定f参数.只是示例,可以自己根据业务定制.
?
3.修改配置文件
增加authentication-success-handler-ref="expaiSuccessHandler"
去掉default-target-url="/loginsuccess.jsp"
?
<s:form-login login-page="/login.exp"authentication-success-handler-ref="expaiSuccessHandler"authentication-failure-url="/login.exp?error=true" />
?
官方文档介绍
?Attribute : authentication-success-handler-ref
Reference to an AuthenticationSuccessHandler bean which should be used to handle a successful?
?authentication request. Should not be used in combination with default-target-url (or always-use-
?default-target-url) as the implementation should always deal with navigation to the subsequent?
?destination
?
4.修改配置文件,增加bean定义
?
<!-- 登录成功处理器 --><bean id="expaiSuccessHandler" name="code">package com.gt.util;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.springframework.security.core.AuthenticationException;import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;import org.springframework.security.web.util.RedirectUrlBuilder;public class MyLoginUrlAuthenticationEntryPoint extendsLoginUrlAuthenticationEntryPoint {public void commence(HttpServletRequest request,HttpServletResponse response, AuthenticationException authException)throws IOException, ServletException {String returnUrl = buildHttpReturnUrlForRequest(request);request.getSession().setAttribute("ru", returnUrl);super.commence(request, response, authException);}protected String buildHttpReturnUrlForRequest(HttpServletRequest request)throws IOException, ServletException {RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();urlBuilder.setScheme("http");urlBuilder.setServerName(request.getServerName());urlBuilder.setPort(request.getServerPort());urlBuilder.setContextPath(request.getContextPath());urlBuilder.setServletPath(request.getServletPath());urlBuilder.setPathInfo(request.getPathInfo());urlBuilder.setQuery(request.getQueryString());return urlBuilder.getUrl();}}?
?
2.修改配置文件,增加引用
?
<s:http auto-config="true" use-expressions="true"entry-point-ref="loginUrlAuthenticationEntryPoint">
?
?
?
?
<bean id="loginUrlAuthenticationEntryPoint"value="true" /><property name="loginFormUrl" value="/login.exp" /></bean>
?
3.修改MyAuthenticationSuccessHandler,增加获取被拦截地址并且跳转代码
?
package com.gt.util;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.commons.lang.StringUtils;import org.springframework.security.core.Authentication;import org.springframework.security.web.authentication.AuthenticationSuccessHandler;public class MyAuthenticationSuccessHandler implementsAuthenticationSuccessHandler {@Overridepublic void onAuthenticationSuccess(HttpServletRequest request,HttpServletResponse response, Authentication auth)throws IOException, ServletException {String f = request.getParameter("f");if (StringUtils.isNotEmpty(f)) {if(f.equals("android")){response.setCharacterEncoding("UTF-8");response.getWriter().write("登录成功"+LoginUserUtil.getUser());}}else{String ru = (String)request.getSession().getAttribute("ru");request.getSession().removeAttribute("ru");if(StringUtils.isNotEmpty(ru)){response.sendRedirect(ru);//request.getRequestDispatcher(ru).forward(request, response);}else{request.getRequestDispatcher("/account/user.exp").forward(request, response);}}}}?
?
?