URL на основе ролей безопасности Spring

Question

Как получить Spring-Security для изменения страницы перенаправления после входа в систему в зависимости от роли пользователя?

Answer 1

На основе ссылки, предоставленной mmounirou, я просто скопировал содержимое этой ссылки, которую использовал для настройки перенаправления на основе ролей в случае, если ссылка становится неактивной:

public class RoleBasedAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    private Map<String, String> roleUrlMap;

    public void onAuthenticationSuccess(HttpServletRequest request,
            HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {

        if (authentication.getPrincipal() instanceof UserDetails) {
            UserDetails userDetails = (UserDetails) authentication.getPrincipal();
            String role = userDetails.getAuthorities().isEmpty() ? null : userDetails.getAuthorities().toArray()[0]
                    .toString();
            response.sendRedirect(request.getContextPath() + roleUrlMap.get(role));
        }
    }

    public void setRoleUrlMap(Map<String, String> roleUrlMap) {
        this.roleUrlMap = roleUrlMap;
    }
}

инициализация компонента в зависимости от ролиследует перенаправить туда, где:

<beans:bean id="redirectRoleStrategy" class="dk.amfibia....security.RoleBasedAuthenticationSuccessHandler">
    <beans:property name="roleUrlMap">
        <beans:map>
            <beans:entry key="ROLE_SYSTEM" value="/system/index.htm"/>
            <beans:entry key="ROLE_ADMIN" value="/admin/index.htm"/>
            <beans:entry key="ROLE_USER" value="/index.htm"/>
        </beans:map>
    </beans:property>
</beans:bean>

Наконец, нам нужно сообщить Spring-Security об использовании этого redirectRoleStrategy.В теге form-login установите этот атрибут: authentication-success-handler-ref = ”redirectRoleStrategy”.

Answer 2

Пример перенаправления входа на основе ролей.

http://oajamfibia.wordpress.com/2011/07/07/role-based-login-redirect/#comment-12

Answer 3

Приведен пример ролевого URL:

RoleBasedUrlHandler.java

 @Component
    public class RoleBaseUrlHandler extends SimpleUrlAuthenticationSuccessHandler {

    //provide redirection logic
        private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

        public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
            this.redirectStrategy = redirectStrategy;
        }

        protected RedirectStrategy getRedirectStrategy() {
            return redirectStrategy;
        }

        /**
         * Invokes the configured RedirectStrategy with the URL returned by the
         * determineTargetUrl method.
         * */
        @Override
        protected void handle(HttpServletRequest request,
                              HttpServletResponse response, 
                              Authentication authentication)throws IOException {

            String targetUrl = determineTargetUrl(authentication);

            if (response.isCommitted()) {
                return;
            }
            redirectStrategy.sendRedirect(request, response, targetUrl);
        }


        /**
         * Builds the target URL according to the logic defined
         * This method extracts the roles of currently logged-in user and returns
         * appropriate URL according to his/her role.
         */
        protected String determineTargetUrl(Authentication authentication) {
            String url = "";

            Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();

            List<String> roles = new ArrayList<String>();

            for (GrantedAuthority a : authorities) {
                roles.add(a.getAuthority());
            }

            if (isUser(roles)) {
                url = "/user";
            } else if (isAdmin(roles)) {
                url = "/admin";
            } else {
                url = "/accessDenied";
            }

            return url;
        }

        private boolean isUser(List<String> roles) {
            if (roles.contains("ROLE_User")) {
                return true;
            }
            return false;
        }

        private boolean isAdmin(List<String> roles) {
            if (roles.contains("ROLE_Admin")) {
                return true;
            }
            return false;
        }
}

SpringSecurityConfig.java

@EnableWebSecurity
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{

    @Autowired
    RoleBaseUrlHandler urlHandler;


    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth)throws Exception {
        auth.inMemoryAuthentication()
                .withUser("Patel")
                .password("Patel")
                .authorities("ROLE_Admin")
            .and()
                .withUser("Shah")
                .password("Shah")
                .authorities("ROLE_User");
    }



    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/admin").hasRole("Admin")
                .antMatchers("/user").hasAnyRole("User","Admin")
                .anyRequest().authenticated()
            .and()
                .formLogin()
                .loginPage("/login").successHandler(urlHandler).permitAll()
                .failureUrl("/login?error")
                .usernameParameter("username").passwordParameter("password")
            .and()
                .logout().logoutSuccessUrl("/login?logout")
            .and()
                .exceptionHandling().accessDeniedPage("/accessDenied")
            .and()
                .csrf()
            .and()
                .httpBasic();

    }

}

DemoSecurity.java

@Controller
public class DemoSecurity {

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String loginPage(
            @RequestParam(value = "error", required = false) String error,
            @RequestParam(value = "logout", required = false) String logout,
            Model model) {
        if (error != null) {
            model.addAttribute("error", "Invalid Credentials provided.");
        }
        if (logout != null) {
            model.addAttribute("message", "Logged out successfully.");
        }
        return "login";
    }

    @RequestMapping(value="/logout", method = RequestMethod.POST)
    public String logoutPage (HttpServletRequest request, HttpServletResponse response) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        if (auth != null){    
            new SecurityContextLogoutHandler().logout(request, response, auth);
        }
        return "redirect:/login?logout";
    }

    @RequestMapping(value = { "/admin" }, method = RequestMethod.GET)
    public String adminPage(Model model) {
        model.addAttribute("user", getPrincipal());
        return "admin";
    }

    @RequestMapping(value = { "/user" }, method = RequestMethod.GET)
    public String employeePage(Model model) {
        model.addAttribute("user", getPrincipal());
        return "user";
    }

    @RequestMapping(value = { "/accessDenied" }, method = RequestMethod.GET)
    public String accessDenied(Model model) {
        model.addAttribute("user", getPrincipal());
        return "accessDenied";
    }

    private String getPrincipal(){
        String userName = null;
        Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();

        if (principal instanceof UserDetails) {
            userName = ((UserDetails)principal).getUsername();
        } else {
            userName = principal.toString();
        }
        return userName;
    }

}