Spring Security conditional default-target-url
I\'ve noticed that there are a couple of questions asking about this topic. I looked through them and I was unable to apply them to my specific Spring setup. I would like to con
-
I have tested the code and it works, there's no rocket science in it
public class MySuccessHandler implements AuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities()); if (roles.contains("ROLE_ADMIN")){ response.sendRedirect("/Admin.html"); return; } response.sendRedirect("/User.html"); } }Changes in your security context:
<bean id="mySuccessHandler" class="my.domain.MySuccessHandler"> </bean> <security:form-login ... authentication-success-handler-ref="mySuccessHandler"/>update if you want to use
default-target-urlapproach, it will work equally well, but will be triggered when your user first accesses the login page:<security:form-login default-target-url="/welcome.htm" />@Controller public class WelcomeController { @RequestMapping(value = "/welcome.htm") protected View welcome() { Set<String> roles = AuthorityUtils .authorityListToSet(SecurityContextHolder.getContext() .getAuthentication().getAuthorities()); if (roles.contains("ROLE_ADMIN")) { return new RedirectView("Admin.htm"); } return new RedirectView("User.htm"); } }讨论(0) -
A more appropriate approach IMO is to create a class which extends
SimpleUrlAuthenticationSuccessHandler, and then override itsdetermineTargetUrlmethod. From the docs:Builds the target URL according to the logic defined in the main class Javadoc.
...which sounds a little confusing, but basically you write whatever logic you need to determine the target URL, then just return it as a String.
讨论(0)
加载中...
- 热议问题