在Spring Security中我们可以定义自己的Handler帮我们完成一些功能,例如登陆成功之后将用户信息放入到Session中、改变执行流的方向等,在这里列举两个Handler:AuthenticationSuccessHandler(登陆成功处理器)、AccessDeniedHandler(拒绝访问处理器),接下来分别自定义这两个处理器。
public class LoginSuccessHandler implements AuthenticationSuccessHandler {
public void onAuthenticationSuccess(HttpServletRequest req,
HttpServletResponse resp, Authentication auth) throws IOException,
ServletException {
HttpSession session=req.getSession();
//MyUserDetails是自定义实现UserDetails的类
MyUserDetials user=(MyUserDetials) auth.getPrincipal();
session.setAttribute("user",user.getU());
resp.sendRedirect("home");
}
}
public class MyAccessDeniedHandler implements AccessDeniedHandler {
public void handle(HttpServletRequest req, HttpServletResponse resp,
AccessDeniedException arg2) throws IOException, ServletException {
String uri=req.getRequestURI();
//满足要求改变工作流
if(uri.equals("/shop/publish.jsp"))
{
resp.sendRedirect("applicant.jsp");
}
}
}
当然别忘了还需要在配置文件中配置:
<http>
<access-denied-handler ref="myAccessDeniedHandler"/>
<form-login login-page="/login.jsp"
authentication-failure-url="/403.jsp"
login-processing-url="/j_login"
default-target-url="/home"
always-use-default-target="true" authentication-success-handler-ref="loginSuccessHanlder"
/>
</http>
<beans:bean id="loginSuccessHanlder" class="com.duangshopping.handler.LoginSuccessHandler" >
<beans:bean id="myAccessDeniedHandler" class="com.duangshopping.handler.MyAccessDeniedHandler"/>
</beans:bean>
版权声明:本文为博主原创文章,未经博主允许不得转载。
原文:http://blog.csdn.net/u013516966/article/details/46717501