Grails Spring Security Shiro,如何使用 2 个不同的身份验证成功 url 创建 2 个登录表单?
Grails Spring Security Shiro, how to create 2 login forms with 2 different authentication success urls?
我正在开展一个利用 Spring Security Shiro 的项目。我想将应用程序配置为具有 2 个不同的登录表单和 2 个不同的身份验证成功 url。执行此操作的最佳方法是什么?我查看了文档,但没有看到任何解决方案。
预先感谢您的帮助。
扩展两个单独的 WebSecurityConfigurerAdapter 并在那里创建两个不同的配置(两个登录页面和两个身份验证成功 url)的最简单和最好的方法:
@Configuration
@Order(94)
public class WebSecurityConf1 extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/first-resources**").formLogin().successForwardUrl();
}
}
和
@Configuration
@Order(95)
public class WebSecurityConf2 extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/second-resources**").formLogin().successForwardUrl();
}
}
请注意,WebSecurityConf1 将在满足 .antMatcher("/first-resources**") 时应用,同样适用于 WebSecurityConf2。另外,WebSecurityConf1和WebSecurityConf2之间的配置是独立的。
简单的方法是用自定义的 AuthenticationSuccessHandler 覆盖。
首先创建你的成功处理程序,我检查用户是否是管理员用户。
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
import org.springframework.security.core.Authentication
import javax.servlet.ServletException
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
import javax.servlet.http.HttpSession
class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
def requestCache
boolean administrator = false
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
println administrator
if(administrator){
return "/admin"
} else {
return super.determineTargetUrl(request, response)
}
}
@Override
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response,
final Authentication authentication) throws ServletException, IOException {
try {
checkSetAdministratorUser(authentication)
handle(request, response, authentication)
super.clearAuthenticationAttributes(request)
}catch(Exception e){
e.printStackTrace()
} finally {
// always remove the saved request
requestCache.removeRequest(request, response)
}
}
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String targetUrl = determineTargetUrl(request, response)
if (response.isCommitted()) {
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl)
return
}
redirectStrategy.sendRedirect(request, response, targetUrl)
}
def checkSetAdministratorUser(authentication){
authentication.authorities.each(){ authority ->
if(authority.authority == "ROLE_ADMIN")administrator = true
}
}
}
然后我必须在 resources.groovy
的 beans 部分定义成功处理程序
beans = {
authenticationSuccessHandler(CustomAuthenticationSuccessHandler) {
requestCache = ref('requestCache')
redirectStrategy = ref('redirectStrategy')
}
}
然后我就可以走了。它适用于我的场景。
我正在开展一个利用 Spring Security Shiro 的项目。我想将应用程序配置为具有 2 个不同的登录表单和 2 个不同的身份验证成功 url。执行此操作的最佳方法是什么?我查看了文档,但没有看到任何解决方案。
预先感谢您的帮助。
扩展两个单独的 WebSecurityConfigurerAdapter 并在那里创建两个不同的配置(两个登录页面和两个身份验证成功 url)的最简单和最好的方法:
@Configuration
@Order(94)
public class WebSecurityConf1 extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/first-resources**").formLogin().successForwardUrl();
}
}
和
@Configuration
@Order(95)
public class WebSecurityConf2 extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/second-resources**").formLogin().successForwardUrl();
}
}
请注意,WebSecurityConf1 将在满足 .antMatcher("/first-resources**") 时应用,同样适用于 WebSecurityConf2。另外,WebSecurityConf1和WebSecurityConf2之间的配置是独立的。
简单的方法是用自定义的 AuthenticationSuccessHandler 覆盖。
首先创建你的成功处理程序,我检查用户是否是管理员用户。
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
import org.springframework.security.core.Authentication
import javax.servlet.ServletException
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
import javax.servlet.http.HttpSession
class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
def requestCache
boolean administrator = false
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
println administrator
if(administrator){
return "/admin"
} else {
return super.determineTargetUrl(request, response)
}
}
@Override
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response,
final Authentication authentication) throws ServletException, IOException {
try {
checkSetAdministratorUser(authentication)
handle(request, response, authentication)
super.clearAuthenticationAttributes(request)
}catch(Exception e){
e.printStackTrace()
} finally {
// always remove the saved request
requestCache.removeRequest(request, response)
}
}
protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String targetUrl = determineTargetUrl(request, response)
if (response.isCommitted()) {
logger.debug("Response has already been committed. Unable to redirect to " + targetUrl)
return
}
redirectStrategy.sendRedirect(request, response, targetUrl)
}
def checkSetAdministratorUser(authentication){
authentication.authorities.each(){ authority ->
if(authority.authority == "ROLE_ADMIN")administrator = true
}
}
}
然后我必须在 resources.groovy
的 beans 部分定义成功处理程序beans = {
authenticationSuccessHandler(CustomAuthenticationSuccessHandler) {
requestCache = ref('requestCache')
redirectStrategy = ref('redirectStrategy')
}
}
然后我就可以走了。它适用于我的场景。