iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

redirect after login

This commit is contained in:
eugenp 2013-07-15 18:08:19 +03:00
parent 909f05af95
commit 3a1897d610
4 changed files with 75 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
spring-security-mvc-custom/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java
View File

@ -7,32 +7,67 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.WebAttributes; import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper;
/** public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
* <tt>AuthenticationSuccessHandler</tt> which can be configured with a default URL which users should be protected final Log logger = LogFactory.getLog(this.getClass());
* sent to upon successful authentication.
* <p>
* The logic used is that of the {@link AbstractAuthenticationTargetUrlRequestHandler parent class}.
*
* @author Luke Taylor
* @since 3.0
*/
public class MySimpleUrlAuthenticationSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler implements AuthenticationSuccessHandler {
public MySimpleUrlAuthenticationSuccessHandler() { private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
protected MySimpleUrlAuthenticationSuccessHandler() {
super(); super();
} }
/** /**
* Constructor which sets the <tt>defaultTargetUrl</tt> property of the base class. * Invokes the configured {@code RedirectStrategy} with the URL returned by the {@code determineTargetUrl} method.
* @param defaultTargetUrl the URL to which the user should be redirected on successful authentication. * <p>
* The redirect will not be performed if the response has already been committed.
*/ */
public MySimpleUrlAuthenticationSuccessHandler(final String defaultTargetUrl) { protected void handle(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException {
setDefaultTargetUrl(defaultTargetUrl); final String targetUrl = determineTargetUrl(request, response);
if (response.isCommitted()) {
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
/**
* Builds the target URL according to the logic defined in the main class Javadoc.
*/
protected String determineTargetUrl(final HttpServletRequest requestRaw, final HttpServletResponse response) {
// Check for the parameter and use that if available
final SecurityContextHolderAwareRequestWrapper req = (SecurityContextHolderAwareRequestWrapper) requestRaw;
final boolean isUser = req.isUserInRole("ROLE_USER");
final boolean isAdmin = req.isUserInRole("ROLE_ADMIN");
if (isUser) {
return "/homepage.html";
} else if (isAdmin) {
return "/console.html";
} else {
throw new IllegalStateException();
}
}
/**
* Allows overriding of the behavior when redirecting to a target URL.
*/
public void setRedirectStrategy(final RedirectStrategy redirectStrategy) {
this.redirectStrategy = redirectStrategy;
}
protected RedirectStrategy getRedirectStrategy() {
return redirectStrategy;
} }
/** /**

1
spring-security-mvc-custom/src/main/java/org/baeldung/spring/MvcConfig.java
View File

@ -27,6 +27,7 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
registry.addViewController("/login.html"); registry.addViewController("/login.html");
registry.addViewController("/homepage.html"); registry.addViewController("/homepage.html");
registry.addViewController("/console.html");
} }
@Bean @Bean

1
spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml
View File

@ -34,6 +34,7 @@
<user-service> <user-service>
<user name="user1" password="user1Pass" authorities="ROLE_USER" /> <user name="user1" password="user1Pass" authorities="ROLE_USER" />
<user name="user2" password="user2Pass" authorities="ROLE_USER" /> <user name="user2" password="user2Pass" authorities="ROLE_USER" />
<user name="admin1" password="admin1Pass" authorities="ROLE_ADMIN" />
</user-service> </user-service>
</authentication-provider> </authentication-provider>
</authentication-manager> </authentication-manager>

22
spring-security-mvc-custom/src/main/webapp/WEB-INF/view/console.jsp Normal file
View File

@ -0,0 +1,22 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<html>
<head></head>
<body>
<h1>This is the body of the sample view</h1>
<security:authorize access="hasRole('ROLE_USER')">
This text is only visible to a user
<br/>
</security:authorize>
<security:authorize access="hasRole('ROLE_ADMIN')">
This text is only visible to an admin
<br/>
</security:authorize>
<a href="<c:url value="/perform_logout" />">Logout</a>
</body>
</html>