我有一个用户登录界面,使用 Spring Security 进行身份验证 .
我做了 authenticationsuccesshandler ,将用户重定向到其他页面 . 这是处理它的Java代码 .
protected String determineTargetUrl(final Authentication authentication) {
boolean isUser = false;
boolean isAdmin = false;
final Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
for (final GrantedAuthority grantedAuthority : authorities) {
if (grantedAuthority.getAuthority().equals("ROLE_USER")) {
isUser = true;
break;
} else if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {
isAdmin = true;
break;
}
}
if (isUser) {
return "/static_htm.html";
} else if (isAdmin) {
return "/console.html";
} else {
throw new IllegalStateException();
}
}
我似乎无法理解,如果我想添加 Controller 用于显示用户名或在错误登录时显示 error message ,我应该如何在有或没有控制器的情况下实现它 .
我也尝试添加一个具有 Controller 类的新Java包但它不起作用 . 有任何想法吗 ?
另外, authenticationsuccesshandler 和 controller 之间有什么区别?
编辑:我的websecurity.xml代码:
<?xml version="1.0" encoding="UTF-8"?>
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd“>
<http use-expressions="true">
<intercept-url pattern="/anonymous*" access="isAnonymous()" />
<intercept-url pattern="/login*" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page='/login.html' authentication-success-handler-ref="myAuthenticationSuccessHandler" authentication-failure-url="/login.html?error=true" />
<logout delete-cookies="JSESSIONID" />
<remember-me key="uniqueAndSecret" token-validity-seconds="86400" />
</http>
<beans:bean id="myAuthenticationSuccessHandler" class="org.personal.security.MySimpleUrlAuthenticationSuccessHandler" />
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user" password="abcd" authorities="ROLE_USER" />
<user name="admin" password="abc" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>