好的,我在localhost / login上有登录页面,我有两个表单,其中有相同的操作,即/ login(现在)。我正在尝试完成这种情况:
用户在登录页面上,他可以在两个表单之间进行选择1.提供一个表格,将他重定向到/ employees / home 2.提供表格/ administrator / home。请记住,具有ADMIN角色的用户也可以登录/ employees / home
该应用程序有两个角色ADMIN和EMP。
我希望网络应用能够为每个用户正确授予权限,并将其重定向到需要的位置。我可以用一个角色做到这一点,但是当我放入另一个角色时,应用程序开始失去它。这是我的代码:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;
@Autowired
private DataSource dataSource;
@Value("${spring.queries.users-query}")
private String usersQuery;
@Value("${spring.queries.roles-query}")
private String rolesQuery;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.
jdbcAuthentication()
.usersByUsernameQuery(usersQuery)
.authoritiesByUsernameQuery(rolesQuery)
.dataSource(dataSource)
.passwordEncoder(bCryptPasswordEncoder);
}
protected void configure(HttpSecurity http) throws Exception {
http.
authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/admin/**").hasAuthority("ADMIN").anyRequest()
.authenticated().and().formLogin()
.loginPage("/login/administrator").failureUrl("/login?error=true")
.defaultSuccessUrl("/admin/home")
.usernameParameter("email")
.passwordParameter("password")
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").and().exceptionHandling()
.accessDeniedPage("/access-denied")
.and()
.authorizeRequests()
.antMatchers("/employee/**").hasAuthority("EMP")
.anyRequest().authenticated().and().formLogin()
.loginPage("/login").failureUrl("/login?error=true")
.defaultSuccessUrl("/employee/home")
.usernameParameter("email")
.passwordParameter("password")
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").and().exceptionHandling()
.accessDeniedPage("/access-denied")
;
/* http.
authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/admin/**").hasAuthority("ADMIN").anyRequest()
.authenticated().and().csrf().disable().formLogin()
.loginPage("/login").failureUrl("/login?error=true")
.defaultSuccessUrl("/admin/home")
.usernameParameter("email")
.passwordParameter("password")
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").and().exceptionHandling()
.accessDeniedPage("/access-denied");*/
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/images/**");
}
查询
spring.queries.users-query=select email, password, active from user where email=?
spring.queries.roles-query=select u.email, r.role from user u inner join user_role ur on(u.user_id=ur.user_id) inner join role r on(ur.role_id=r.role_id) where u.email=?
主登录控制器
@Controller
public class LoginController {
@RequestMapping(value={"/","/login"}, method = RequestMethod.GET)
public ModelAndView login(){
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("login");
return modelAndView;
}
存储库和服务工作,它们使用单个角色进行测试。我认为这是SecurityConfiguration类的问题。注意*我尝试使用不同的命令制作几个配置类,但这些配置类也没有用。
任何帮助将不胜感激!!谢谢!
答案 0 :(得分:0)
经过一番挖掘后,设法解决了问题,因为Sankar声明了自定义成功处理程序类。
name[0][0]但最后,决定取消逻辑并切换到单一登录表单,从而导致登录页面从用户可以选择去哪里。
public class CustomSuccessHandler
implements AuthenticationSuccessHandler {
....
protected String determineTargetUrl(Authentication authentication) {
boolean isEmp= false;
boolean isAdmin = false;
Collection<? extends GrantedAuthority> authorities
= authentication.getAuthorities();
for (GrantedAuthority grantedAuthority : authorities) {
if (grantedAuthority.getAuthority().equals("EMPLOYEE")) {
isUser = true;
break;
} else if (grantedAuthority.getAuthority().equals("ADMIN")) {
isAdmin = true;
break;
}
}
if (isEmp) {
return "/employee/home";
} else if (isAdmin) {
return "/admin/home";
} else {
throw new IllegalStateException();
}
}
....
}
基于用户的角色指向/ employee / home或/ admin / home的链接是否已禁用。