Redirect to different pages after Login with Spring Security

转自：http://www.baeldung.com/spring_redirect_after_login

1    The Spring Security Configuration

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans

    xmlns="http://www.springframework.org/schema/security"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xmlns:beans="http://www.springframework.org/schema/beans"

    xsi:schemaLocation="

        http://www.springframework.org/schema/security

        http://www.springframework.org/schema/security/spring-security-3.1.xsd

        http://www.springframework.org/schema/beans

        http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">

 

    <http use-expressions="true" >

        <intercept-url pattern="/login*" access="permitAll" />

        <intercept-url pattern="/**" access="isAuthenticated()" />

 

        <form-login login-page='/login.html'

            authentication-failure-url="/login.html?error=true"

            authentication-success-handler-ref="myAuthenticationSuccessHandler"/>

 

        <logout/>

    </http>

 

    <beans:bean id="myAuthenticationSuccessHandler"

        class="org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler" />

 

    <authentication-manager>

        <authentication-provider>

            <user-service>

                <user name="user1" password="user1Pass" authorities="ROLE_USER" />

                <user name="admin1" password="admin1Pass" authorities="ROLE_ADMIN" />

            </user-service>

        </authentication-provider>

    </authentication-manager>

 

</beans:beans>

2  custom authentication success handler

public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    protected Log logger = LogFactory.getLog(this.getClass());

 

    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

 

    @Override

    public void onAuthenticationSuccess(HttpServletRequest request,

      HttpServletResponse response, Authentication authentication) throws IOException {

        handle(request, response, authentication);

        clearAuthenticationAttributes(request);

    }

 

    protected void handle(HttpServletRequest request,

      HttpServletResponse response, Authentication authentication) throws IOException {

        String targetUrl = determineTargetUrl(authentication);

 

        if (response.isCommitted()) {

            logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);

            return;

        }

 

        redirectStrategy.sendRedirect(request, response, targetUrl);

    }

 

    /** Builds the target URL according to the logic defined in the main class Javadoc. */

    protected String determineTargetUrl(Authentication authentication) {

        boolean isUser = false;

        boolean isAdmin = false;

        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();

        for (GrantedAuthority grantedAuthority : authorities) {

            if (grantedAuthority.getAuthority().equals("ROLE_USER")) {

                isUser = true;

                break;

            } else if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {

                isAdmin = true;

                break;

            }

        }

 

        if (isUser) {

            return "/homepage.html";

        } else if (isAdmin) {

            return "/console.html";

        } else {

            throw new IllegalStateException();

        }

    }

 

    protected void clearAuthenticationAttributes(HttpServletRequest request) {

        HttpSession session = request.getSession(false);

        if (session == null) {

            return;

        }

        session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);

    }

 

    public void setRedirectStrategy(RedirectStrategy redirectStrategy) {

        this.redirectStrategy = redirectStrategy;

    }

    protected RedirectStrategy getRedirectStrategy() {

        return redirectStrategy;

    }

}