Question

我正在开发基于Spring MVC的WebApp，并且我使用Spring Security来实现身份验证和授权原则。我需要知道是否可以覆盖J_Spring_Security_Check控制器，因为我需要在将用户重定向到请求的页面之前执行一些特定的操作...

我想检查这是否是该用户的第一次登录，如果是，那么他将重定向到自定义页面以修改它的密码......问题是我有{{1}当我获得用户属性时，我无法检查用户并重定向它......

我在我的用户模型中添加了bool属性，以检查其是否已注册或已注册...如何通过选中此字段来重定向用户？

Answer 1

如果用户是第一次登录，我已经做了同样的事情并在我的用户模型中添加了布尔属性我已经使用了这段代码

/**
 * 
 * @author sunil.khokhar
 * Override SavedRequestAwareAuthenticationSuccessHandler class of spring security
 *  to redirect to changePassword Screen on first time login after reset password
 */
public class CustomAuthenticationSuccesshandler extends SavedRequestAwareAuthenticationSuccessHandler {
  //  private AuthenticationSuccessHandler target = new SavedRequestAwareAuthenticationSuccessHandler();

    /**
     * To redirect to changePassword Screen on first time login after reset password
     */

    public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication auth) throws IOException, ServletException {
        UserInfo userInfo = (UserInfo) auth.getPrincipal();
        if (userInfo.getIsCredentialChangeRequired()) {
            String url = "/forcedChangePassword";
             String redirectUrl = request.getContextPath()+url;
                redirectUrl = response.encodeRedirectURL(redirectUrl);

            response.sendRedirect(redirectUrl);
        } else {
            //setting browser details object in session 
            BrowserInfo.setBrowserObjectInSession(request);

            BrowserInfo.setCookieToken(request, response);

            super.onAuthenticationSuccess(request, response, auth);
        }
    }

    public void proceed(HttpServletRequest request, 
        HttpServletResponse response, Authentication auth) throws IOException, ServletException {
        super.onAuthenticationSuccess(request, response, auth);
    }


}

将此bean定义为spring-security.xml文件

如果你有任何疑问，你可以问。

覆盖J_Spring_Security_Check

1 个答案: