Java Spring安全性:根据某些条件重定向已登录的用户
我是使用SpringSecurity3的新手 我想做以下事情:当用户登录时,我想让系统验证用户是否已确认其电子邮件地址,以及用户是否已配置其帐户配置文件 我不知道该怎么做 我试过这个:Java Spring安全性:根据某些条件重定向已登录的用户,java,spring,spring-mvc,spring-security,Java,Spring,Spring Mvc,Spring Security,我是使用SpringSecurity3的新手 我想做以下事情:当用户登录时,我想让系统验证用户是否已确认其电子邮件地址,以及用户是否已配置其帐户配置文件 我不知道该怎么做 我试过这个: <http use-expressions="true" auto-config="true"> <intercept-url ... /> ... <custom-filter after="SECURITY_CONTEXT_FILTER" ref="usr
<http use-expressions="true" auto-config="true">
<intercept-url ... />
...
<custom-filter after="SECURITY_CONTEXT_FILTER" ref="usrFilter" />
...
</http>
<b:bean id="usrFilter"
class="com.zxxztech.zecure.security.MyAuthenticationFilter">
<b:property name="authenticationManager" ref="authenticationManager" />
<b:property name="failureHandler">
<b:bean
class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
<b:property name="exceptionMappings">
<b:map>
<b:entry key="org.springframework.security.authentication.DisabledException" value="/disabled.htm" />
</b:map>
</b:property>
</b:bean>
</b:property>
</b:bean>
但是,当我一步一步地调试应用程序和loggin时,过滤器被无限期地调用,就像它在循环中一样
如何正确执行此操作?您需要在重定向到的URL上继续筛选链。例如:
import org.springframework.security.web.util.UrlUtils;
public class MyAuthenticationFilter extends GenericFilterBean {
...
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null) {
String currentUrl = UrlUtils.buildRequestUrl((HttpServletRequest) request);
Usuario usuario=(Usuario) authentication.getPrincipal();
if("/activacion".equals(currentUrl) || "/configuracion_modelo".equals(currentUrl)) {
chain.doFilter(request, response);
return;
} else if (usuario.getActivationKey()!=null) {
((HttpServletResponse) response).sendRedirect("/activacion");
return;
} else if (authentication.getAuthorities().contains(AppRole.NUEVO_USUARIO)) {
((HttpServletResponse)response).sendRedirect("/configuracion_modelo");
return;
}
}
chain.doFilter(request, response);
}
...
}
import org.springframework.security.web.util.UrlUtils;
public class MyAuthenticationFilter extends GenericFilterBean {
...
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null) {
String currentUrl = UrlUtils.buildRequestUrl((HttpServletRequest) request);
Usuario usuario=(Usuario) authentication.getPrincipal();
if("/activacion".equals(currentUrl) || "/configuracion_modelo".equals(currentUrl)) {
chain.doFilter(request, response);
return;
} else if (usuario.getActivationKey()!=null) {
((HttpServletResponse) response).sendRedirect("/activacion");
return;
} else if (authentication.getAuthorities().contains(AppRole.NUEVO_USUARIO)) {
((HttpServletResponse)response).sendRedirect("/configuracion_modelo");
return;
}
}
chain.doFilter(request, response);
}
...
}