转自:http://www.baeldung.com/spring_redirect_after_login
1 The Spring Security Configuration
<?
xml
version
=
"1.0"
encoding
=
"UTF-8"
?>
<
beans:beans
xmlns:xsi
=
"http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans
=
"http://www.springframework.org/schema/beans"
xsi:schemaLocation="
<
http
use-expressions
=
"true"
>
<
intercept-url
pattern
=
"/login*"
access
=
"permitAll"
/>
<
intercept-url
pattern
=
"/**"
access
=
"isAuthenticated()"
/>
<
form-login
login-page
=
'/login.html'
authentication-failure-url
=
"/login.html?error=true"
authentication-success-handler-ref
=
"myAuthenticationSuccessHandler"
/>
<
logout
/>
</
http
>
<
beans:bean
id
=
"myAuthenticationSuccessHandler"
class
=
"org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler"
/>
<
authentication-manager
>
<
authentication-provider
>
<
user-service
>
<
user
name
=
"user1"
password
=
"user1Pass"
authorities
=
"ROLE_USER"
/>
<
user
name
=
"admin1"
password
=
"admin1Pass"
authorities
=
"ROLE_ADMIN"
/>
</
user-service
>
</
authentication-provider
>
</
authentication-manager
>
</
beans:beans
>
2 custom authentication success handler
public
class
MySimpleUrlAuthenticationSuccessHandler
implements
AuthenticationSuccessHandler {
protected
Log logger = LogFactory.getLog(
this
.getClass());
private
RedirectStrategy redirectStrategy =
new
DefaultRedirectStrategy();
@Override
public
void
onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws
IOException {
handle(request, response, authentication);
clearAuthenticationAttributes(request);
}
protected
void
handle(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws
IOException {
String targetUrl = determineTargetUrl(authentication);
if
(response.isCommitted()) {
logger.debug(
"Response has already been committed. Unable to redirect to "
+ targetUrl);
return
;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
/** Builds the target URL according to the logic defined in the main class Javadoc. */
protected
String determineTargetUrl(Authentication authentication) {
boolean
isUser =
false
;
boolean
isAdmin =
false
;
Collection<?
extends
GrantedAuthority> authorities = authentication.getAuthorities();
for
(GrantedAuthority grantedAuthority : authorities) {
if
(grantedAuthority.getAuthority().equals(
"ROLE_USER"
)) {
isUser =
true
;
break
;
}
else
if
(grantedAuthority.getAuthority().equals(
"ROLE_ADMIN"
)) {
isAdmin =
true
;
break
;
}
}
if
(isUser) {
return
"/homepage.html"
;
}
else
if
(isAdmin) {
return
"/console.html"
;
}
else
{
throw
new
IllegalStateException();
}
}
protected
void
clearAuthenticationAttributes(HttpServletRequest request) {
HttpSession session = request.getSession(
false
);
if
(session ==
null
) {
return
;
}
session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
public
void
setRedirectStrategy(RedirectStrategy redirectStrategy) {
this
.redirectStrategy = redirectStrategy;
}
protected
RedirectStrategy getRedirectStrategy() {
return
redirectStrategy;
}
}
public
class
MySimpleUrlAuthenticationSuccessHandler
implements
AuthenticationSuccessHandler {
protected
Log logger = LogFactory.getLog(
this
.getClass());
private
RedirectStrategy redirectStrategy =
new
DefaultRedirectStrategy();
@Override
public
void
onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws
IOException {
handle(request, response, authentication);
clearAuthenticationAttributes(request);
}
protected
void
handle(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws
IOException {
String targetUrl = determineTargetUrl(authentication);
if
(response.isCommitted()) {
logger.debug(
"Response has already been committed. Unable to redirect to "
+ targetUrl);
return
;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
/** Builds the target URL according to the logic defined in the main class Javadoc. */
protected
String determineTargetUrl(Authentication authentication) {
boolean
isUser =
false
;
boolean
isAdmin =
false
;
Collection<?
extends
GrantedAuthority> authorities = authentication.getAuthorities();
for
(GrantedAuthority grantedAuthority : authorities) {
if
(grantedAuthority.getAuthority().equals(
"ROLE_USER"
)) {
isUser =
true
;
break
;
}
else
if
(grantedAuthority.getAuthority().equals(
"ROLE_ADMIN"
)) {
isAdmin =
true
;
break
;
}
}
if
(isUser) {
return
"/homepage.html"
;
}
else
if
(isAdmin) {
return
"/console.html"
;
}
else
{
throw
new
IllegalStateException();
}
}
protected
void
clearAuthenticationAttributes(HttpServletRequest request) {
HttpSession session = request.getSession(
false
);
if
(session ==
null
) {
return
;
}
session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
public
void
setRedirectStrategy(RedirectStrategy redirectStrategy) {
this
.redirectStrategy = redirectStrategy;
}
protected
RedirectStrategy getRedirectStrategy() {
return
redirectStrategy;
}
}