How to use custom filter with authentication-success-handler-ref equivalent in spring security

后端未结

关注

 1  1530

伪装坚强ぢ 2021-01-24 14:35

I want to pass some parameters with login details to spring security such as some item id. then after i want to redirect to page according to the user type. For this i am using

1条回答

深忆病人 (楼主)

2021-01-24 15:12

I understood your question as follows: I want to submit an itemId in the form login which is used after a successful login for redirection.

In order to establish such a process you need to do following things.

Remove from your configuration. You should have:

Don't forget to add a for logout and the entry-point-ref attribute points to an authenticationEntryPoint.

Add a LoginUrlAuthenticationEntryPoint for entry-point-ref which points to your login page:

Refactor your ddAuthenticationFilter to meet the following configuration:

Create a new class CustomWebAuthenticationDetailsSource:

package security;

import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.web.authentication.WebAuthenticationDetails;

import javax.servlet.http.HttpServletRequest;

public class CustomWebAuthenticationDetailsSource implements AuthenticationDetailsSource {
    @Override
    public WebAuthenticationDetails buildDetails(HttpServletRequest context) {
        return new CustomWebAuthenticationDetails(context);
    }
}

and the related CustomWebAuthenticationDetails:

package security;

import org.springframework.security.web.authentication.WebAuthenticationDetails;
import javax.servlet.http.HttpServletRequest;

public class CustomWebAuthenticationDetails extends WebAuthenticationDetails {

    private final String itemId;

    public CustomWebAuthenticationDetails(HttpServletRequest request) {
        super(request);
        itemId = request.getParameter("itemId");
    }

    public String getItemId() {
        return itemId;
    }

    //TODO override hashCode, equals and toString to include itemId
    @Override
    public int hashCode() { /* collapsed */ }
    @Override
    public boolean equals(Object obj) { /* collapsed */ }
    @Override
    public String toString() { /* collapsed */ }
}

Your ddAuthenticationSuccessHandler should have a similiar logic like in this example:

package com.dd.security;

import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.util.StringUtils;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class DDAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        CustomWebAuthenticationDetails details = (CustomWebAuthenticationDetails) authentication.getDetails();
        if(StringUtils.hasText(details.getItemId())) {
            //TODO sanity and security check for itemId needed
            String redirectUrl = "item/" + details.getItemId();
            response.sendRedirect(redirectUrl);
        }
        throw new IllegalStateException("itemId in authentication details not found");
    }
}

A working example can be found here

0 讨论(0)