work on custom success handler
This commit is contained in:
eugenp
parent
dc2323f12d
commit
6458f2f32a
|
|
@ -3,7 +3,6 @@ package org.baeldung.security;
|
|||
import java.io.IOException;
|
||||
import java.util.Collection;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
|
@ -12,7 +11,6 @@ import org.apache.commons.logging.Log;
|
|||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.DefaultRedirectStrategy;
|
||||
import org.springframework.security.web.RedirectStrategy;
|
||||
import org.springframework.security.web.WebAttributes;
|
||||
|
|
@ -27,13 +25,18 @@ public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSu
|
|||
super();
|
||||
}
|
||||
|
||||
/**
|
||||
* Invokes the configured {@code RedirectStrategy} with the URL returned by the {@code determineTargetUrl} method.
|
||||
* <p>
|
||||
* The redirect will not be performed if the response has already been committed.
|
||||
*/
|
||||
protected void handle(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException {
|
||||
final String targetUrl = determineTargetUrl(request, response);
|
||||
// API
|
||||
|
||||
@Override
|
||||
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException {
|
||||
handle(request, response, authentication);
|
||||
clearAuthenticationAttributes(request);
|
||||
}
|
||||
|
||||
// IMPL
|
||||
|
||||
protected void handle(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException {
|
||||
final String targetUrl = determineTargetUrl(authentication);
|
||||
|
||||
if (response.isCommitted()) {
|
||||
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
|
||||
|
|
@ -43,13 +46,9 @@ public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSu
|
|||
redirectStrategy.sendRedirect(request, response, targetUrl);
|
||||
}
|
||||
|
||||
/**
|
||||
* Builds the target URL according to the logic defined in the main class Javadoc.
|
||||
*/
|
||||
protected String determineTargetUrl(final HttpServletRequest requestRaw, final HttpServletResponse response) {
|
||||
protected String determineTargetUrl(final Authentication authentication) {
|
||||
boolean isUser = false;
|
||||
boolean isAdmin = false;
|
||||
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||
final Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
|
||||
for (final GrantedAuthority grantedAuthority : authorities) {
|
||||
if (grantedAuthority.getAuthority().equals("ROLE_USER")) {
|
||||
|
|
@ -70,27 +69,6 @@ public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSu
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Allows overriding of the behavior when redirecting to a target URL.
|
||||
*/
|
||||
public void setRedirectStrategy(final RedirectStrategy redirectStrategy) {
|
||||
this.redirectStrategy = redirectStrategy;
|
||||
}
|
||||
|
||||
protected RedirectStrategy getRedirectStrategy() {
|
||||
return redirectStrategy;
|
||||
}
|
||||
|
||||
/**
|
||||
* Calls the parent class {@code handle()} method to forward or redirect to the target URL, and
|
||||
* then calls {@code clearAuthenticationAttributes()} to remove any leftover session data.
|
||||
*/
|
||||
@Override
|
||||
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException {
|
||||
handle(request, response, authentication);
|
||||
clearAuthenticationAttributes(request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Removes temporary authentication-related data which may have been stored in the session
|
||||
* during the authentication process.
|
||||
|
|
@ -105,4 +83,12 @@ public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSu
|
|||
session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
|
||||
}
|
||||
|
||||
public void setRedirectStrategy(final RedirectStrategy redirectStrategy) {
|
||||
this.redirectStrategy = redirectStrategy;
|
||||
}
|
||||
|
||||
protected RedirectStrategy getRedirectStrategy() {
|
||||
return redirectStrategy;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue