Fatal编程技术网
  • authentication/
  • Authentication 根据struts2的角色确定目标url

Authentication 根据struts2的角色确定目标url

authentication struts2 spring-security

Authentication 根据struts2的角色确定目标url,authentication,struts2,spring-security,authorization,j-security-check,Authentication,Struts2,Spring Security,Authorization,J Security Check,我不熟悉struts和spring安全性。 有谁能帮我弄清楚如何重定向到不同的URL不同的用户有不同的角色?换句话说,如何使用action controller在struts2中提供基于用户角色的确定目标url 我发现了以下问题,但我不知道如何配置操作 我尝试了以下设置,但不起作用: security.xml <form-login login-page="/login" authentication-failure-url="/login?error=true" login-proce

我不熟悉struts和spring安全性。 有谁能帮我弄清楚如何重定向到不同的URL不同的用户有不同的角色?换句话说,如何使用action controller在struts2中提供基于用户角色的确定目标url

我发现了以下问题,但我不知道如何配置操作

我尝试了以下设置,但不起作用:

security.xml

 <form-login login-page="/login" authentication-failure-url="/login?error=true" login-processing-url="/j_security_check" default-target-url="/default"/>

<action name="default" class="com.moblab.webapp.action.RoleRedirectAction" method="defaultAfterLogin"/>
编辑2 我的最终解决方案如下所示。我不确定这是否是最好的方法,但它是有效的:

public class StartPageRouter extends SimpleUrlAuthenticationSuccessHandler {


@Autowired
private UserService userService;

protected final Logger logger = Logger.getLogger(this.getClass());
private RequestCache requestCache = new HttpSessionRequestCache();

@Override
public void onAuthenticationSuccess(HttpServletRequest request,
                                    HttpServletResponse response,
                                    Authentication authentication) throws IOException, ServletException {


    Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();

    //default path for ROLE_USER
    String redirectPath = <url>;

    if (authorities != null && !authorities.isEmpty()) {

        Set<String> roles = getUserRoles(authorities);

        if (roles.contains("ROLE_ADMIN"))
            redirectPath = <url>;
        else if (roles.contains("ROLE_INSTRUCTOR"))
            redirectPath = <url>;
    }

    getRedirectStrategy().sendRedirect(request, response, redirectPath);
}

public void setRequestCache(RequestCache requestCache) {
    this.requestCache = requestCache;
}

private Set<String> getUserRoles(Collection<? extends GrantedAuthority> authorities) {

    Set<String> userRoles = new HashSet<String>();

    for (GrantedAuthority authority : authorities) {
        userRoles.add(authority.getAuthority());
    }
    return userRoles;
}
}

public类StartPageRouter扩展了SimpleRuthenticationSuccessHandler{
@自动连线
私人用户服务;
受保护的最终记录器=Logger.getLogger(this.getClass());
private-RequestCache-RequestCache=new-HttpSessionRequestCache();
@凌驾
验证成功时公共无效(HttpServletRequest请求,
HttpServletResponse,
身份验证)引发IOException、ServletException{

Collection假设您的意思是希望根据用户分配的角色将用户重定向到不同的起始页,那么您可以尝试这样做

首先创建您自己的类,该类扩展Springs SimpleRuthenticationSuccessHandler并重写onAuthenticationSuccess()方法。实际重定向在onAuthenticationSuccess()方法中通过getRedirectStrategy()行执行。sendRedirect(请求,响应,)

因此,您所需要的只是一种替换您自己的url的方法

例如,我有


package com.blackbox.x.web.security;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;

import com.blackbox.x.entities.UserDTO;
import com.blackbox.x.services.UserService;


public class StartPageRouter extends SimpleUrlAuthenticationSuccessHandler {


 @Autowired
 UserService userService;

 @Autowired
 LoginRouter router;


 protected final Logger logger = Logger.getLogger(this.getClass());
 private RequestCache requestCache = new HttpSessionRequestCache();

@Override
public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication authentication) throws IOException,
        ServletException {


    requestCache.removeRequest(request, response);

    User user = (User) authentication.getPrincipal();
    UserDTO userDTO = userService.find(user.getUsername());

    getRedirectStrategy().sendRedirect(request, response, router.route(userDTO));
}

public void  setRequestCache(RequestCache requestCache) {
            this.requestCache = requestCache;
        }
}


其中LoginRouter是我自己的类,它接受已登录的用户,并根据分配的角色确定该用户应指向的URL

然后,使用


authentication-success-handler-ref="customTargetUrlResolver"/> 







在您的安全上下文xml文件中。
谢谢。您的回答帮助很大。不过我有几个问题。1.为什么需要requestCache.removeRequest(请求,响应);2.为什么请求没有角色,为什么我不能使用request.isUserInRole()?谢谢。1)我不确定,但我认为这是因为Spring会先缓存原始浏览器请求,然后再将其路由到登录过程中。成功登录后,Spring会使用该过程重定向用户。因此,如果用户请求安全资源,Spring会缓存请求,执行身份验证,然后将用户重定向到他们最初访问的页面equested。由于我们在用户登录后强制用户进入特定页面,因此我们不需要最初请求的页面-所以我们只是整理一下。2)我不知道,request.isUserInRole()应该可以工作。当然,将ActionSupport扩展为您操作的基类并使用isUserInRole()对我很有用。

package com.blackbox.x.web.security;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;

import com.blackbox.x.entities.UserDTO;
import com.blackbox.x.services.UserService;


public class StartPageRouter extends SimpleUrlAuthenticationSuccessHandler {


 @Autowired
 UserService userService;

 @Autowired
 LoginRouter router;


 protected final Logger logger = Logger.getLogger(this.getClass());
 private RequestCache requestCache = new HttpSessionRequestCache();

@Override
public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication authentication) throws IOException,
        ServletException {


    requestCache.removeRequest(request, response);

    User user = (User) authentication.getPrincipal();
    UserDTO userDTO = userService.find(user.getUsername());

    getRedirectStrategy().sendRedirect(request, response, router.route(userDTO));
}

public void  setRequestCache(RequestCache requestCache) {
            this.requestCache = requestCache;
        }
}



authentication-success-handler-ref="customTargetUrlResolver"/> 



<beans:bean id="customTargetUrlResolver" class="com.blackbox.x.web.security.StartPageRouter"/>