Question

我想根据角色重定向页面。但它不起作用。

这是我的WebSecurityConfig

@Configuration

@EnableWebMvcSecurity

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    DataSource dataSource;

    @Autowired
    AuthenticationSuccessHandler authenticationSuccessHandler;

    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {

      auth.jdbcAuthentication().dataSource(dataSource)

     .usersByUsernameQuery(
            "select username,password,role from user where username=?")
        .authoritiesByUsernameQuery(
            "select username, role from user where username=?");

    }   

    @Override
    protected void configure(HttpSecurity http) throws Exception {

      http

      .authorizeRequests()

        .antMatchers("/hello").access("hasRole(1)")
        .antMatchers("/demo").access("hasRole(2) or hasRole(1)")
        .anyRequest().permitAll()
        .and()
         .formLogin().loginProcessingUrl("/login")
      .loginPage("/login")

      .usernameParameter("username").passwordParameter("password")
      .successHandler(authenticationSuccessHandler)
      .and() 

          .logout().logoutSuccessUrl("/login?logout")   
         .and()
         .exceptionHandling().accessDeniedPage("/403")
        .and()
          .csrf();

    }

}

这是我的MvcConfig

@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/home").setViewName("home");

        registry.addViewController("/").setViewName("home");
        //registry.addViewController("/").setViewName("hello");
        registry.addViewController("/hello").setViewName("hello");
        registry.addViewController("/login").setViewName("login");
        //registry.addViewController("/demo").setViewName("demo");
        registry.addViewController("/demoPage").setViewName("demoPage");
        registry.addRedirectViewController("/demo", "demo");
        registry.addViewController("/403").setViewName("403");
    }

    @Bean(name = "dataSource")
    public DriverManagerDataSource dataSource() {
        DriverManagerDataSource driverManagerDataSource = new DriverManagerDataSource();
        driverManagerDataSource.setDriverClassName("com.mysql.jdbc.Driver");
        driverManagerDataSource.setUrl("jdbc:mysql://localhost:3306/userbase");
        driverManagerDataSource.setUsername("root");
        driverManagerDataSource.setPassword("yungry");
        return driverManagerDataSource;
    }

    @Bean
    public InternalResourceViewResolver viewResolver() {
        InternalResourceViewResolver resolver = new InternalResourceViewResolver();
        resolver.setPrefix("/WEB-INF/jsp/");
        resolver.setSuffix(".jsp");
        return resolver;
    }

}

这是我的AuthenticationSuccessHandler班级

@Configuration

public class AuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {

    @Bean(name = "authenticationSuccessHandler")
    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
        // Get the role of logged in user
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        String role = auth.getAuthorities().toString();
        System.out.println(role+"");
        String targetUrl = "";
        if(role.contains("1")) {
            targetUrl = "/hello";
        } else if(role.contains("2")) {
            targetUrl = "/demo";
        }
        return targetUrl;
    }
}

这里我想在登录后为角色1重定向/ hello页面，在登录后需要角色2的/ demo页面，但是它不能正常工作，它会重定向到/ home页面。

Answer 1

你的配置似乎没问题，只需检查角色的名字是否以前缀＆＃34; ROLE _＆＃34;开头。在数据库中，对于你的情况＆＃34; ROLE_1＆＃34;或＆＃34; ROLE_2＆＃34;。

spring security查找前缀＆＃34; ROLE _＆＃34;默认情况下，在属性上，以确保您的角色具有此前缀。

Spring Boot Security中的页面重定向问题

1 个答案: