SpringSecurity学习四----------基于不同角色跳转到不同URL

© 版权声明:本文为博主原创文章,转载请注明出处

1.项目结构

2.pom.xml

 1 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 2   xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 3     
 4     <modelVersion>4.0.0</modelVersion>
 5     
 6     <groupId>org.springsecurity</groupId>
 7     <artifactId>SpringSecurity</artifactId>
 8     <packaging>war</packaging>
 9     <version>0.0.1-SNAPSHOT</version>
10     <name>SpringSecurity Maven Webapp</name>
11     <url>http://maven.apache.org</url>
12     
13     <!-- 统一版本 -->
14     <properties>
15         <jdk.version>1.7</jdk.version>
16         <spring.version>4.3.5.RELEASE</spring.version>
17         <spring.security.version>4.2.1.RELEASE</spring.security.version>
18     </properties>
19     
20     <dependencies>
21         <!-- junit依赖 -->
22         <dependency>
23             <groupId>junit</groupId>
24             <artifactId>junit</artifactId>
25             <version>4.12</version>
26             <scope>test</scope>
27         </dependency>
28         <!-- spring依赖 -->
29         <dependency>
30             <groupId>org.springframework</groupId>
31             <artifactId>spring-core</artifactId>
32             <version>${spring.version}</version>
33         </dependency>
34         <dependency>
35             <groupId>org.springframework</groupId>
36             <artifactId>spring-web</artifactId>
37             <version>${spring.version}</version>
38         </dependency>
39         <dependency>
40             <groupId>org.springframework</groupId>
41             <artifactId>spring-webmvc</artifactId>
42             <version>${spring.version}</version>
43         </dependency>
44         <!-- spring security依赖 -->
45         <dependency>
46             <groupId>org.springframework.security</groupId>
47             <artifactId>spring-security-web</artifactId>
48             <version>${spring.security.version}</version>
49         </dependency>
50         <dependency>
51             <groupId>org.springframework.security</groupId>
52             <artifactId>spring-security-config</artifactId>
53             <version>${spring.security.version}</version>
54         </dependency>
55         <!-- SpringSecurity标签库依赖 -->
56         <dependency>
57             <groupId>org.springframework.security</groupId>
58             <artifactId>spring-security-taglibs</artifactId>
59             <version>${spring.security.version}</version>
60         </dependency>
61         <!-- jsp、servlet依赖 -->
62         <dependency>
63             <groupId>jstl</groupId>
64             <artifactId>jstl</artifactId>
65             <version>1.2</version>
66         </dependency>
67         <dependency>
68             <groupId>taglibs</groupId>
69             <artifactId>standard</artifactId>
70             <version>1.1.2</version>
71         </dependency>
72         <dependency>
73             <groupId>javax.servlet</groupId>
74             <artifactId>javax.servlet-api</artifactId>
75             <version>3.1.0</version>
76         </dependency>
77     </dependencies>
78     <build>
79       <finalName>SpringSecurity</finalName>
80     </build>
81 </project>
View Code

3.mvc-dispatcher-servlet.xml

 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <beans xmlns="http://www.springframework.org/schema/beans"
 3     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4     xmlns:context="http://www.springframework.org/schema/context"
 5     xmlns:mvc="http://www.springframework.org/schema/mvc"
 6     xsi:schemaLocation="http://www.springframework.org/schema/beans
 7         http://www.springframework.org/schema/beans/spring-beans.xsd
 8         http://www.springframework.org/schema/context
 9         http://www.springframework.org/schema/context/spring-context.xsd
10         http://www.springframework.org/schema/mvc
11         http://www.springframework.org/schema/mvc/spring-mvc.xsd">
12 
13     <!-- 开启包扫描 -->
14     <context:component-scan base-package="org.springsecurity.*"/>
15     
16     <!-- 不拦截静态资源 -->
17     <mvc:annotation-driven/>
18     <mvc:resources location="/static/" mapping="/static/**"/>
19     
20     <!-- 定义视图解析器 -->
21     <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
22         <property name="prefix">
23             <value>/WEB-INF/pages/</value>
24         </property>
25         <property name="suffix">
26             <value>.jsp</value>
27         </property>
28     </bean>
29         
30 </beans>
View Code

4.web.xml

 1 <web-app xmlns="http://java.sun.com/xml/ns/javaee"
 2     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 3       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
 4                       http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
 5       version="3.0" metadata-complete="true">
 6       
 7       <!-- Spring MVC -->
 8       <servlet>
 9           <servlet-name>mvc-dispatcher</servlet-name>
10           <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
11           <init-param>
12               <param-name>contextConfigLocation</param-name>
13               <param-value>classpath:mvc-dispatcher-servlet.xml</param-value>
14           </init-param>
15       </servlet>
16       <servlet-mapping>
17           <servlet-name>mvc-dispatcher</servlet-name>
18           <url-pattern>/</url-pattern>
19       </servlet-mapping>
20       
21       <listener>
22           <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
23       </listener>
24       
25       <!-- 加载spring-security配置文件 -->
26       <context-param>
27           <param-name>contextConfigLocation</param-name>
28           <param-value>classpath:spring-security.xml</param-value>
29       </context-param>
30       
31       <!-- spring security -->
32       <filter>
33           <filter-name>springSecurityFilterChain</filter-name>
34           <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
35       </filter>
36       <filter-mapping>
37           <filter-name>springSecurityFilterChain</filter-name>
38           <url-pattern>/*</url-pattern>
39       </filter-mapping>
40       
41 </web-app>
View Code

5.CustomSuccessHandler.java

  1 package org.springsecurity.configuration;
  2 
  3 import java.io.IOException;
  4 import java.util.ArrayList;
  5 import java.util.Collection;
  6 import java.util.List;
  7 
  8 import javax.servlet.ServletException;
  9 import javax.servlet.http.HttpServletRequest;
 10 import javax.servlet.http.HttpServletResponse;
 11 
 12 import org.springframework.security.core.Authentication;
 13 import org.springframework.security.core.GrantedAuthority;
 14 import org.springframework.security.web.DefaultRedirectStrategy;
 15 import org.springframework.security.web.RedirectStrategy;
 16 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 17 import org.springframework.stereotype.Component;
 18 
 19 @Component
 20 public class CustomSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
 21 
 22     private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
 23     
 24     /**
 25      * 重定向登录成功后的URL
 26      */
 27     @Override
 28     protected void handle(HttpServletRequest request, HttpServletResponse response, 
 29             Authentication authentication) throws IOException, ServletException {
 30         
 31         String targetUrl = determineTargetUrl(authentication);
 32         if(response.isCommitted()) {
 33             System.out.println("重定向失败!");
 34             return ;
 35         }
 36         redirectStrategy.sendRedirect(request, response, targetUrl);
 37         
 38     }
 39     
 40     /**
 41      * 根据用户角色给定URL
 42      * 
 43      * @param authentication
 44      *                             用户权限信息
 45      * @return
 46      */
 47     private String determineTargetUrl(Authentication authentication) {
 48         
 49         String url = "";
 50         Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
 51         List<String> roles = new ArrayList<String>();
 52         for(GrantedAuthority a: authorities) {
 53             roles.add(a.getAuthority());
 54         }
 55         if(isDba(roles)) {
 56             url = "/dba";
 57         } else if(isAdmin(roles)) {
 58             url = "/admin";
 59         } else if(isUser(roles)) {
 60             url = "/home";
 61         } else {
 62             url = "accessDenied";
 63         }
 64         return url;
 65         
 66     }
 67     
 68     /**
 69      * 判断是否具有USER角色
 70      * 
 71      * @param roles
 72      *                 角色列表
 73      * @return
 74      */
 75     private boolean isUser(List<String> roles) {
 76         
 77         if(roles.contains("ROLE_USER")) {
 78             return true;
 79         }
 80         return false;
 81         
 82     }
 83     
 84     /**
 85      * 判断是否具有ADMIN角色
 86      * 
 87      * @param roles
 88      *                 角色列表
 89      * @return
 90      */
 91     private boolean isAdmin(List<String> roles) {
 92         
 93         if(roles.contains("ROLE_ADMIN")) {
 94             return true;
 95         }
 96         return false;
 97         
 98     }
 99     
100     /**
101      * 判断是否具有DBA权限
102      * 
103      * @param roles
104      *                 角色列表
105      * @return
106      */
107     private boolean isDba(List<String> roles) {
108         
109         if(roles.contains("ROLE_DBA")) {
110             return true;
111         }
112         return false;
113         
114     }
115 
116     public RedirectStrategy getRedirectStrategy() {
117         return redirectStrategy;
118     }
119 
120     public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
121         this.redirectStrategy = redirectStrategy;
122     }
123     
124 }
View Code

6.HelloController.java

 1 package org.springsecurity.controller;
 2 
 3 import javax.servlet.http.HttpServletRequest;
 4 import javax.servlet.http.HttpServletResponse;
 5 
 6 import org.springframework.security.core.Authentication;
 7 import org.springframework.security.core.context.SecurityContextHolder;
 8 import org.springframework.security.core.userdetails.UserDetails;
 9 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
10 import org.springframework.stereotype.Controller;
11 import org.springframework.ui.ModelMap;
12 import org.springframework.web.bind.annotation.RequestMapping;
13 import org.springframework.web.bind.annotation.RequestMethod;
14 
15 @Controller
16 public class HelloController {
17 
18     @RequestMapping(value = {"/", "/home**"}, method = RequestMethod.GET)
19     public String homePage(ModelMap model) {
20         
21         model.addAttribute("user", getPrincipal());
22         return "welcome";
23         
24     }
25     
26     @RequestMapping(value = "/admin", method = RequestMethod.GET)
27     public String adminPage(ModelMap model) {
28         
29         model.addAttribute("user", getPrincipal());
30         return "admin";
31         
32     }
33     
34     @RequestMapping(value = "/dba", method = RequestMethod.GET)
35     public String dbaPage(ModelMap model) {
36         
37         model.addAttribute("user", getPrincipal());
38         return "dba";
39         
40     }
41     
42     @RequestMapping(value = "/Access_Denied", method = RequestMethod.GET)
43     public String accessDeniedPage(ModelMap model) {
44         
45         model.addAttribute("user", getPrincipal());
46         return "accessDenied";
47         
48     }
49     
50     @RequestMapping(value = "/login", method = RequestMethod.GET)
51     public String loginPage() {
52         
53         return "login";
54         
55     }
56     
57     @RequestMapping(value = "/logout", method = RequestMethod.GET) 
58     public String logoutPage(HttpServletRequest request, HttpServletResponse response) {
59         
60         Authentication auth = SecurityContextHolder.getContext().getAuthentication();
61         if(auth != null) {
62             new SecurityContextLogoutHandler().logout(request, response, auth);
63         }
64         return "redirect:/login?logout";
65         
66     }
67     
68     private String getPrincipal() {
69         
70         String username = null;
71         Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
72         if(principal instanceof UserDetails) {
73             username = ((UserDetails) principal).getUsername();
74         } else {
75             username = principal.toString();
76         }
77         return username;
78         
79     }
80     
81 }
View Code

7.login.jsp

 1 <%@ page language="java" contentType="text/html; charset=UTF-8"
 2     pageEncoding="UTF-8"%>
 3 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 4 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 5 <html>
 6 <head>
 7 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 8 <title>登录界面</title>
 9 <link href="<c:url value='/static/css/bootstrap.css'/>" rel="stylesheet" />
10 <link href="<c:url value='/static/css/app.css'/>" rel="stylesheet" />
11 <link href="//cdn.bootcss.com/font-awesome/4.7.0/css/font-awesome.css" rel="stylesheet" />
12 </head>
13 <body>
14     <div id="mainWrapper">
15         <div class="login-container">
16             <div class="login-card">
17                 <div class="login-form">
18                     <c:url value="/login" var="loginUrl"/>
19                     <form action="${loginUrl }" method="post" class="form-horizontal">
20                         <c:if test="${param.error != null }">
21                             <div class="alert alert-danger">
22                                 <p>用户名或密码错误</p>
23                             </div>
24                         </c:if>
25                         <c:if test="${param.logout != null }">
26                             <div class="alert alert-success">
27                                 <p>注销成功</p>
28                             </div>
29                         </c:if>
30                         <div class="input-group input-sm" style="padding-bottom: 10px;">
31                             <label class="input-group-addon" for="username">
32                                 <i class="fa fa-user"></i>
33                             </label>
34                             <input type="text" class="form-control" id="username" name="username"
35                                 placeholder="请输入用户名" required>
36                         </div>
37                         <div class="input-group input-sm" style="padding-bottom: 10px;">
38                             <label class="input-group-addon" for="username">
39                                 <i class="fa fa-lock"></i>
40                             </label>
41                             <input type="password" class="form-control" id="password" name="password"
42                                 placeholder="请输入密码" required>
43                         </div>
44                         <input type="hidden" name="${_csrf.parameterName }" value="${_csrf.token }"/>
45                         <div class="form-actions">
46                             <input type="submit" value="登录" 
47                                 class="btn btn-block btn-primary btn-default">
48                         </div>
49                     </form>
50                 </div>
51             </div>
52         </div>
53     </div>
54 </body>
55 </html>
View Code

8.app.css

 1 html {
 2     backgroud-color: #2F2F2F;
 3 }
 4 
 5 body, #mainWrapper {
 6     height: 100%;
 7 }
 8 
 9 body, #mainWrapper, .form-control {
10     font-size: 14px!important;
11 }
12 
13 #mainWrapper {
14     height: 100%;
15     padding-left: 10px;
16     padding-right: 10px;
17     padding-bottom: 10px;
18 }
19 
20 #authHeaderWrapper {
21     clear: both;
22     width: 100%;
23     height: 3%;
24     padding-top: 5px;
25     padding-bottom: 5px;
26 }
27 
28 .login-container {
29     margin-top: 100px;
30     background-color: floralwhite;
31     width: 40%;
32     left: 30%;
33     position: absolute;
34 }
35 
36 .login-card {
37     width: 80%;
38     margin: auto;
39 }
40 
41 .login-form {
42     padding: 10%;
43 }
View Code

9.bootstrap.css(bootstrap官网下载即可)

10.admin.jsp

 1 <%@ page language="java" contentType="text/html; charset=UTF-8"
 2     pageEncoding="UTF-8"%>
 3 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 4 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 5 <html>
 6 <head>
 7 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 8 <title>Admin page</title>
 9 </head>
10 <body>
11     Dear <strong>${user }</strong>, Welcome to Admin Page.
12     <a href="<c:url value='/logout'/>">Logout</a>
13 </body>
14 </html>
View Code

11.dba.jsp

 1 <%@ page language="java" contentType="text/html; charset=UTF-8"
 2     pageEncoding="UTF-8"%>
 3 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 4 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 5 <html>
 6 <head>
 7 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 8 <title>Dba page</title>
 9 </head>
10 <body>
11     Dear <strong>${user }</strong>, Welcome to DBA Page.
12     <a href="<c:url value='/logout'/>">Logout</a>
13 </body>
14 </html>
View Code

12.welcome.jsp

 1 <%@ page language="java" contentType="text/html; charset=UTF-8"
 2     pageEncoding="UTF-8"%>
 3 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 4 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 5 <html>
 6 <head>
 7 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 8 <title>Welcome page</title>
 9 </head>
10 <body>
11     Dear <strong>${user }</strong>, Welcome to Welcome Page.
12     <a href="<c:url value='/logout'/>">Logout</a>
13 </body>
14 </html>
View Code

13.accessDenied.jsp

 1 <%@ page language="java" contentType="text/html; charset=UTF-8"
 2     pageEncoding="UTF-8"%>
 3 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 4 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 5 <html>
 6 <head>
 7 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 8 <title>AccessDenied page</title>
 9 </head>
10 <body>
11     Dear <strong>${user }</strong>, You are not authorized to access this page.
12     <a href="<c:url value='/logout'/>">Logout</a>
13 </body>
14 </html>
View Code

14.效果预览

  14.1 登录界面

  

  14.2 登录失败

  

 

  14.3 admin登录

  

  14.4 dba登录

  

  14.4 user登录

  

   14.4 user登录后,通过url访问admin

   

  14.5 注销

  

  参考:http://www.yiibai.com/spring-security/spring-security-4-role-based-login-example.html

 

posted @ 2017-04-06 16:47  禁忌夜色153  阅读(420)  评论(0编辑  收藏  举报