使用spring security成功登录后如何将对象添加到视图中?

Posted

技术标签:

【中文标题】使用spring security成功登录后如何将对象添加到视图中?【英文标题】:How to add an object to a view after a successful login using spring security? 【发布时间】:2020-01-22 19:57:34 【问题描述】:

成功登录后,我尝试重定向到需要实例化对象的页面,如我的 HomeController 中所述:

@RequestMapping(value="/","/home", method=RequestMethod.GET)
public ModelAndView home() 
    ModelAndView view = new ModelAndView("home");
    view.addObject("client", new Client());
    return view;

问题是我不知道如何使用spring security来做到这一点,因为我唯一能做的就是在成功登录后设置页面:

.formLogin()
    .loginPage("/login")
    .defaultSuccessUrl("/home")
    .permitAll()

如何在使用 Spring Security 成功登录后将此对象添加到视图中?

【问题讨论】:

【参考方案1】:

假设您有这样的 WebSecurity 配置。你只需要添加一个successHandler 

@Configuration
@EnableWebSecurity
public class SecSecurityConfig extends WebSecurityConfigurerAdapter 


    @Autowired
    private SimpleAuthenticationSuccessHandler successHandler;

    @Bean("authenticationManager")
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception 
            return super.authenticationManagerBean();
    

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception 
        // @formatter:off
        auth.inMemoryAuthentication()
            .withUser("user1").password("noopuser1Pass").roles("USER")
            .and()
            .withUser("admin1").password("noopadmin1Pass").roles("ADMIN");
        // @formatter:on
    


    @Override
    protected void configure(final HttpSecurity http) throws Exception 
        http.authorizeRequests()
            .antMatchers("/anonymous*").anonymous()
            .antMatchers("/login*").permitAll()
            .anyRequest().authenticated()

            .and()
            .formLogin()
            .loginPage("/login.html")
            .loginProcessingUrl("/login")
            .successHandler(successHandler)
            // ...

SimpleAuthenticationSuccessHandler 类

// Change onAuthenticationSuccess logic as per your requirement

@Component
public class SimpleAuthenticationSuccessHandler implements AuthenticationSuccessHandler 

    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    @Override
    public void onAuthenticationSuccess(HttpServletRequest arg0, HttpServletResponse arg1, Authentication authentication)
            throws IOException, ServletException 


        redirectStrategy.sendRedirect(arg0, arg1, "/home");


        /*
        Collectionextends GrantedAuthority> authorities = authentication.getAuthorities();
        authorities.forEach(authority -> 
            if(authority.getAuthority().equals("ROLE_USER")) 
                try 
                    redirectStrategy.sendRedirect(arg0, arg1, "/user");
                 catch (Exception e) 
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                
             else if(authority.getAuthority().equals("ROLE_ADMIN")) 
                try 
                    redirectStrategy.sendRedirect(arg0, arg1, "/admin");
                 catch (Exception e) 
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                
             else 
                throw new IllegalStateException();
            
        );

        */

这会将您的调用重定向到"/home",控制器将进一步负责加载您的对象。

更多详情here

【讨论】:

以上是关于使用spring security成功登录后如何将对象添加到视图中?的主要内容,如果未能解决你的问题,请参考以下文章

使用 Spring Security 成功登录后如何正确更新登录日期时间?

使用 Spring Security 成功登录后如何将用户转发回所需的受保护页面

Spring Security登录成功后如何处理用户信息

成功登录后如何更新 Spring Security UserDetails impls?

登录后spring security重定向不正确

登录 Spring Security 后如何返回基本令牌?