使用 Spring Security 根据用户角色登录后重定向到不同的页面
Posted
技术标签:
【中文标题】使用 Spring Security 根据用户角色登录后重定向到不同的页面【英文标题】:Redirect to different page after login based on user role with Spring Security 【发布时间】:2021-08-03 19:37:48 【问题描述】:<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>Welcome to Akash Home</title>
<link rel="stylesheet" type="text/css"
href="/webjars/bootstrap/css/bootstrap.min.css" />
<script type="text/javascript" src="/webjars/jquery/jquery.min.js"></script>
<script type="text/javascript"
src="/webjars/bootstrap/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container text-center">
<h1>Welcome to the portal</h1>
<h3>
<a href="/register">Register</a>
</h3>
<h3>
<a href="show-menu-list-admin">Login as a admin</a><br>
<a href="show-menu-list-customer">Login as a user</a><br>
<!-- <a href="login">login</a> -->
<a href="logout">logout</a>
</h3>
</div>
</body>
</html>
在这里,我正在创建单独的链接,以便以管理员/用户身份登录。如何根据输入的凭据添加单个登录页面重定向到下一页:如果 user1 是管理员,如果输入了他的凭据,他将被重定向到管理页面,反之亦然以进行用户登录
这是我的 spring 安全配置代码:
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Bean
public UserDetailsService getUserDetailService()
return new UserDetailsServiceImpl();
@Bean
public BCryptPasswordEncoder passwordEncoder()
return new BCryptPasswordEncoder();
@Bean
public DaoAuthenticationProvider authenticationProvider()
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(this.getUserDetailService());
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
// authentication - configure method
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
auth.authenticationProvider(authenticationProvider());
@Override
protected void configure(HttpSecurity http) throws Exception
http.authorizeRequests().antMatchers("/show-menu-list-admin").hasRole("ADMIN")
.antMatchers("/show-menu-list-customer").hasRole("USER").and().formLogin().and().csrf().disable();
【问题讨论】:
您好。到目前为止必须尝试什么来实施您的解决方案?尝试根据您的情况添加源代码或更多代码示例。 感谢您指出这一点,我已经成功实现了这个功能,下次我会确保添加更多代码示例 【参考方案1】:您可以提供自定义AuthenticationSuccessHandler
。AuthenticationSuccessHandler
告诉 Spring Security 在成功进行用户身份验证后该做什么。
默认实现通常使用SimpleUrlAuthenticationSuccessHandler
,一旦用户成功通过身份验证,它将重定向到提供的 URL。
在您的自定义实现中,您可以根据用户的角色委托给不同的SimpleUrlAuthenticationSuccessHandler
。
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler
SimpleUrlAuthenticationSuccessHandler userSuccessHandler =
new SimpleUrlAuthenticationSuccessHandler("/user-page");
SimpleUrlAuthenticationSuccessHandler adminSuccessHandler =
new SimpleUrlAuthenticationSuccessHandler("/admin-page");
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
for (final GrantedAuthority grantedAuthority : authorities)
String authorityName = grantedAuthority.getAuthority();
if (authorityName.equals("ROLE_ADMIN"))
// if the user is an ADMIN delegate to the adminSuccessHandler
this.adminSuccessHandler.onAuthenticationSuccess(request, response, authentication);
return;
// if the user is not an admin delegate to the userSuccessHandler
this.userSuccessHandler.onAuthenticationSuccess(request, response, authentication);
然后,在表单登录配置中提供CustomAuthenticationSuccessHandler
。
http
.formLogin(formLogin -> formLogin
.successHandler(new CustomAuthenticationSuccessHandler())
);
【讨论】:
以上是关于使用 Spring Security 根据用户角色登录后重定向到不同的页面的主要内容,如果未能解决你的问题,请参考以下文章
Spring Security(Java Config)登录 - 根据用户角色返回不同的 URL
如何使用spring security根据角色限制对html页面的访问?
Spring-Security权限管理框架——根据角色权限登录
如何使用 Spring Security 在我的控制器中获取用户登录的角色