SpringSecurity学习四----------基于不同角色跳转到不同URL

© 版权声明：本文为博主原创文章，转载请注明出处

1.项目结构

2.pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    
    <modelVersion>4.0.0</modelVersion>
    
    <groupId>org.springsecurity</groupId>
    <artifactId>SpringSecurity</artifactId>
    <packaging>war</packaging>
    <version>0.0.1-SNAPSHOT</version>
    <name>SpringSecurity Maven Webapp</name>
    <url>http://maven.apache.org</url>
    
    <!-- 统一版本 -->
    <properties>
        <jdk.version>1.7</jdk.version>
        <spring.version>4.3.5.RELEASE</spring.version>
        <spring.security.version>4.2.1.RELEASE</spring.security.version>
    </properties>
    
    <dependencies>
        <!-- junit依赖 -->
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>4.12</version>
            <scope>test</scope>
        </dependency>
        <!-- spring依赖 -->
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <!-- spring security依赖 -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <!-- SpringSecurity标签库依赖 -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <!-- jsp、servlet依赖 -->
        <dependency>
            <groupId>jstl</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>
        <dependency>
            <groupId>taglibs</groupId>
            <artifactId>standard</artifactId>
            <version>1.1.2</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.1.0</version>
        </dependency>
    </dependencies>
    <build>
      <finalName>SpringSecurity</finalName>
    </build>
</project>

3.mvc-dispatcher-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <!-- 开启包扫描 -->
    <context:component-scan base-package="org.springsecurity.*"/>
    
    <!-- 不拦截静态资源 -->
    <mvc:annotation-driven/>
    <mvc:resources location="/static/" mapping="/static/**"/>
    
    <!-- 定义视图解析器 -->
    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix">
            <value>/WEB-INF/pages/</value>
        </property>
        <property name="suffix">
            <value>.jsp</value>
        </property>
    </bean>
        
</beans>

4.web.xml

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
      version="3.0" metadata-complete="true">
      
      <!-- Spring MVC -->
      <servlet>
          <servlet-name>mvc-dispatcher</servlet-name>
          <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
          <init-param>
              <param-name>contextConfigLocation</param-name>
              <param-value>classpath:mvc-dispatcher-servlet.xml</param-value>
          </init-param>
      </servlet>
      <servlet-mapping>
          <servlet-name>mvc-dispatcher</servlet-name>
          <url-pattern>/</url-pattern>
      </servlet-mapping>
      
      <listener>
          <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      </listener>
      
      <!-- 加载spring-security配置文件 -->
      <context-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>classpath:spring-security.xml</param-value>
      </context-param>
      
      <!-- spring security -->
      <filter>
          <filter-name>springSecurityFilterChain</filter-name>
          <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>
      <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
          <url-pattern>/*</url-pattern>
      </filter-mapping>
      
</web-app>

5.CustomSuccessHandler.java

package org.springsecurity.configuration;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

@Component
public class CustomSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    
    /**
     * 重定向登录成功后的URL
     */
    @Override
    protected void handle(HttpServletRequest request, HttpServletResponse response, 
            Authentication authentication) throws IOException, ServletException {
        
        String targetUrl = determineTargetUrl(authentication);
        if(response.isCommitted()) {
            System.out.println("重定向失败！");
            return ;
        }
        redirectStrategy.sendRedirect(request, response, targetUrl);
        
    }
    
    /**
     * 根据用户角色给定URL
     * 
     * @param authentication
     *                             用户权限信息
     * @return
     */
    private String determineTargetUrl(Authentication authentication) {
        
        String url = "";
        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
        List<String> roles = new ArrayList<String>();
        for(GrantedAuthority a: authorities) {
            roles.add(a.getAuthority());
        }
        if(isDba(roles)) {
            url = "/dba";
        } else if(isAdmin(roles)) {
            url = "/admin";
        } else if(isUser(roles)) {
            url = "/home";
        } else {
            url = "accessDenied";
        }
        return url;
        
    }
    
    /**
     * 判断是否具有USER角色
     * 
     * @param roles
     *                 角色列表
     * @return
     */
    private boolean isUser(List<String> roles) {
        
        if(roles.contains("ROLE_USER")) {
            return true;
        }
        return false;
        
    }
    
    /**
     * 判断是否具有ADMIN角色
     * 
     * @param roles
     *                 角色列表
     * @return
     */
    private boolean isAdmin(List<String> roles) {
        
        if(roles.contains("ROLE_ADMIN")) {
            return true;
        }
        return false;
        
    }
    
    /**
     * 判断是否具有DBA权限
     * 
     * @param roles
     *                 角色列表
     * @return
     */
    private boolean isDba(List<String> roles) {
        
        if(roles.contains("ROLE_DBA")) {
            return true;
        }
        return false;
        
    }

    public RedirectStrategy getRedirectStrategy() {
        return redirectStrategy;
    }

    public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
        this.redirectStrategy = redirectStrategy;
    }
    
}

6.HelloController.java

package org.springsecurity.controller;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
public class HelloController {

    @RequestMapping(value = {"/", "/home**"}, method = RequestMethod.GET)
    public String homePage(ModelMap model) {
        
        model.addAttribute("user", getPrincipal());
        return "welcome";
        
    }
    
    @RequestMapping(value = "/admin", method = RequestMethod.GET)
    public String adminPage(ModelMap model) {
        
        model.addAttribute("user", getPrincipal());
        return "admin";
        
    }
    
    @RequestMapping(value = "/dba", method = RequestMethod.GET)
    public String dbaPage(ModelMap model) {
        
        model.addAttribute("user", getPrincipal());
        return "dba";
        
    }
    
    @RequestMapping(value = "/Access_Denied", method = RequestMethod.GET)
    public String accessDeniedPage(ModelMap model) {
        
        model.addAttribute("user", getPrincipal());
        return "accessDenied";
        
    }
    
    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String loginPage() {
        
        return "login";
        
    }
    
    @RequestMapping(value = "/logout", method = RequestMethod.GET) 
    public String logoutPage(HttpServletRequest request, HttpServletResponse response) {
        
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        if(auth != null) {
            new SecurityContextLogoutHandler().logout(request, response, auth);
        }
        return "redirect:/login?logout";
        
    }
    
    private String getPrincipal() {
        
        String username = null;
        Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        if(principal instanceof UserDetails) {
            username = ((UserDetails) principal).getUsername();
        } else {
            username = principal.toString();
        }
        return username;
        
    }
    
}

7.login.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录界面</title>
<link href="<c:url value='/static/css/bootstrap.css'/>" rel="stylesheet" />
<link href="<c:url value='/static/css/app.css'/>" rel="stylesheet" />
<link href="//cdn.bootcss.com/font-awesome/4.7.0/css/font-awesome.css" rel="stylesheet" />
</head>
<body>
    <div id="mainWrapper">
        <div class="login-container">
            <div class="login-card">
                <div class="login-form">
                    <c:url value="/login" var="loginUrl"/>
                    <form action="${loginUrl }" method="post" class="form-horizontal">
                        <c:if test="${param.error != null }">
                            <div class="alert alert-danger">
                                <p>用户名或密码错误</p>
                            </div>
                        </c:if>
                        <c:if test="${param.logout != null }">
                            <div class="alert alert-success">
                                <p>注销成功</p>
                            </div>
                        </c:if>
                        <div class="input-group input-sm" style="padding-bottom: 10px;">
                            <label class="input-group-addon" for="username">
                                <i class="fa fa-user"></i>
                            </label>
                            <input type="text" class="form-control" id="username" name="username"
                                placeholder="请输入用户名" required>
                        </div>
                        <div class="input-group input-sm" style="padding-bottom: 10px;">
                            <label class="input-group-addon" for="username">
                                <i class="fa fa-lock"></i>
                            </label>
                            <input type="password" class="form-control" id="password" name="password"
                                placeholder="请输入密码" required>
                        </div>
                        <input type="hidden" name="${_csrf.parameterName }" value="${_csrf.token }"/>
                        <div class="form-actions">
                            <input type="submit" value="登录" 
                                class="btn btn-block btn-primary btn-default">
                        </div>
                    </form>
                </div>
            </div>
        </div>
    </div>
</body>
</html>

8.app.css

html {
    backgroud-color: #2F2F2F;
}

body, #mainWrapper {
    height: 100%;
}

body, #mainWrapper, .form-control {
    font-size: 14px!important;
}

#mainWrapper {
    height: 100%;
    padding-left: 10px;
    padding-right: 10px;
    padding-bottom: 10px;
}

#authHeaderWrapper {
    clear: both;
    width: 100%;
    height: 3%;
    padding-top: 5px;
    padding-bottom: 5px;
}

.login-container {
    margin-top: 100px;
    background-color: floralwhite;
    width: 40%;
    left: 30%;
    position: absolute;
}

.login-card {
    width: 80%;
    margin: auto;
}

.login-form {
    padding: 10%;
}

9.bootstrap.css(bootstrap官网下载即可)

10.admin.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Admin page</title>
</head>
<body>
    Dear <strong>${user }</strong>, Welcome to Admin Page.
    <a href="<c:url value='/logout'/>">Logout</a>
</body>
</html>

11.dba.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Dba page</title>
</head>
<body>
    Dear <strong>${user }</strong>, Welcome to DBA Page.
    <a href="<c:url value='/logout'/>">Logout</a>
</body>
</html>

12.welcome.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Welcome page</title>
</head>
<body>
    Dear <strong>${user }</strong>, Welcome to Welcome Page.
    <a href="<c:url value='/logout'/>">Logout</a>
</body>
</html>

13.accessDenied.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>AccessDenied page</title>
</head>
<body>
    Dear <strong>${user }</strong>, You are not authorized to access this page.
    <a href="<c:url value='/logout'/>">Logout</a>
</body>
</html>

14.效果预览

　　14.1 登录界面

　　

　　14.2 登录失败

　　

　　14.3 admin登录

　　

　　14.4 dba登录

　　

　　14.4 user登录

　　

 　　14.4 user登录后，通过url访问admin

 　　

　　14.5 注销

　　

　　参考：http://www.yiibai.com/spring-security/spring-security-4-role-based-login-example.html