在Spring Security中我们可以定义自己的Handler帮我们完成一些功能,,例如登陆成功之后将用户信息放入到Session中、改变执行流的方向等,在这里列举两个Handler:AuthenticationSuccessHandler(登陆成功处理器)、AccessDeniedHandler(拒绝访问处理器),接下来分别自定义这两个处理器。
public class LoginSuccessHandler implements AuthenticationSuccessHandler {public void onAuthenticationSuccess(HttpServletRequest req,HttpServletResponse resp, Authentication auth) throws IOException,ServletException {HttpSession session=req.getSession();
//MyUserDetails是自定义实现UserDetails的类MyUserDetials user=(MyUserDetials) auth.getPrincipal();session.setAttribute("user",user.getU());resp.sendRedirect("home");}}
public class MyAccessDeniedHandler implements AccessDeniedHandler {public void handle(HttpServletRequest req, HttpServletResponse resp,AccessDeniedException arg2) throws IOException, ServletException {String uri=req.getRequestURI();
//满足要求改变工作流if(uri.equals("/shop/publish.jsp")){resp.sendRedirect("applicant.jsp");}}}
当然别忘了还需要在配置文件中配置:
<http>
<access-denied-handler ref="myAccessDeniedHandler"/>
<form-login login-page="/login.jsp"authentication-failure-url="/403.jsp"login-processing-url="/j_login"default-target-url="/home"always-use-default-target="true" authentication-success-handler-ref="loginSuccessHanlder"/>
</http>
<beans:bean id="loginSuccessHanlder" class="com.duangshopping.handler.LoginSuccessHandler" >
<beans:bean id="myAccessDeniedHandler" class="com.duangshopping.handler.MyAccessDeniedHandler"/> </beans:bean>
版权声明:本文为博主原创文章,未经博主允许不得转载。
拥有一颗比九万五千公里还辽阔的心,
