Spring Security

使用Spring Security 3 來實現多種用戶類型的登錄方式，在我看來，大致分爲兩大步，第一步是控制多種用戶登錄類型的登錄界面的展示，第二步是控制多種用戶登錄的驗證方式，而第二大步又可分爲三個小步來展開，第一小步是驗證過濾器，第二小步是驗證憑證的製作，第三小步是驗證用戶憑證，在這裏我將就這幾步的分析與實現一步一步展開來進行描述。

 

      這裏我假定有這樣一個系統，分爲前臺用戶和後臺用戶兩種用戶類型，針對這兩種不同的用戶，相應的驗證是不一樣的，前臺用戶登錄需要提供郵箱地址和電話號碼，而後臺用戶需要提供我們在登錄方式中最爲常見的用戶名，密碼和驗證碼，兩種登錄類型的登錄界面和登錄的驗證處理流程都不相同，擁有自己的驗證處理，驗證成功的處理，驗證失敗的處理等。這裏我會用四篇文章來詳細闡述整個驗證的流程實現，每一篇文章後都會附有我的項目壓縮文件，有興趣的朋友可以下載來進行嘗試，我使用的是Maven來管理項目，項目的框架是Spring+Hibernate，使用到的開發工具是IntelliJ，這裏我要給IntelliJ打個廣告，當然是無償的，呵呵，在這之前我曾使用過NetBeans，Eclipse等開發工具，IntelliJ是我使用過的最爲優秀的開發工具，有興趣的同學可以嘗試下。

 

Spring Security 3多用戶登錄實現之二 多登錄界面展示

接前講，首先針對一個多種用戶類型的登錄需求，需要先實現多種用戶類型的登錄界面的展示，Spring Security提供了這樣一個接口來幫助我們實現多種用戶類型的登錄界面的展示，這個接口就是AuthenticationEntryPoint， 實現這樣一個接口，我們就可以隨心所欲的控制登錄界面的展示了，當我們訪問一個受權限的資源，而當前又沒有權限訪問時，Spring Security就會將處理導向這個接口的實現。針對前講我所提到的需求，在這裏我將實現前臺用戶和後臺用戶登錄界面的展示，先來看看我的源碼實現吧，在這裏爲了實現多用戶類型的登錄，很多場景我都需要根據相應的請求參數或地址來判斷我需要導向哪個URL地址，我在這裏特實現了一個共用的接口和類，接口名爲DirectUrlResolver。

 

 

 

package com.template.security.shared;

import javax.servlet.http.HttpServletRequest;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午7:11
 */
public interface DirectUrlResolver {

    boolean support(HttpServletRequest request);

    String directUrl();
}

 

 

package com.template.security.shared;

import javax.servlet.http.HttpServletRequest;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午7:12
 */
public abstract class AbstractDirectUrlResolver implements DirectUrlResolver {
    protected String pattern;
    protected String directUrl;

    @Override
    public abstract boolean support(HttpServletRequest request);

    @Override
    public String directUrl() {
        return this.directUrl;
    }

    public void setPattern(String pattern) {
        this.pattern = pattern;
    }

    public void setDirectUrl(String directUrl) {
        this.directUrl = directUrl;
    }
}

 

package com.template.security.shared;

import com.template.utils.StringUtils;

import javax.servlet.http.HttpServletRequest;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午7:13
 */
public class RequestParameterDirectUrlResolver extends AbstractDirectUrlResolver {
    private String parameterName;

    @Override
    public boolean support(HttpServletRequest request) {
        String parameterValue = request.getParameter(parameterName);
        if (StringUtils.isEmpty(parameterValue)) {
            return false;
        }
        return parameterValue.equals(this.pattern);
    }

    public void setParameterName(String parameterName) {
        this.parameterName = parameterName;
    }
}

 

 

 

package com.template.security.shared;

import javax.servlet.http.HttpServletRequest;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午7:13
 */
public class RequestUriDirectUrlResolver extends AbstractDirectUrlResolver {

    @Override
    public boolean support(HttpServletRequest request) {
        String requestURI = request.getRequestURI();
        return requestURI.contains(this.pattern);
    }
}

 

     RequestParameterDirectUrlResolver和RequestUriDirectUrlResolver都實現了DirectUrlResolver這樣一個接口，前者的實現是根據相應請求中的參數來判斷， 而後者的實現是根據相應的請求地址來判斷。

 

    現在讓我們來看看如何通過實現AuthenticationEntryPoint接口來控制什麼時候展示前臺登錄界面，什麼時候展示後臺登錄界面的吧。

 

 

package com.template.security.login;

import com.template.security.shared.DirectUrlResolver;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午7:40
 */
public class MultipleAuthenticationLoginEntry implements AuthenticationEntryPoint {
    private String defaultLoginUrl;
    private List<DirectUrlResolver> directUrlResolvers = new ArrayList<DirectUrlResolver>();


    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
        for (DirectUrlResolver directUrlResolver : directUrlResolvers) {
            if (directUrlResolver.support(request)) {
                String loginUrl = directUrlResolver.directUrl();
                response.sendRedirect(loginUrl);
                return;
            }
        }

        response.sendRedirect(defaultLoginUrl);
    }

    public void setDefaultLoginUrl(String defaultLoginUrl) {
        this.defaultLoginUrl = defaultLoginUrl;
    }

    public void setDirectUrlResolvers(List<DirectUrlResolver> directUrlResolvers) {
        this.directUrlResolvers = directUrlResolvers;
    }
}

 

     再來看看在Spring配置文件中是如何對相應的登錄入口進行配置的吧

 

 

<beans:bean id="multipleAuthenticationLoginEntry"
                class="com.template.security.login.MultipleAuthenticationLoginEntry">
        <beans:property name="defaultLoginUrl" value="/backend/login"/>
        <beans:property name="directUrlResolvers">
            <beans:list>
                <beans:ref bean="backendLoginEntry"/>
                <beans:ref bean="forendLoginEntry"/>
            </beans:list>
        </beans:property>
    </beans:bean>

    <beans:bean id="backendLoginEntry" class="com.template.security.shared.RequestUriDirectUrlResolver">
        <beans:property name="pattern" value="/backend"/>
        <beans:property name="directUrl" value="/backend/login"/>
    </beans:bean>

    <beans:bean id="forendLoginEntry" class="com.template.security.shared.RequestUriDirectUrlResolver">
        <beans:property name="pattern" value="/forend"/>
        <beans:property name="directUrl" value="/forend/login"/>
    </beans:bean>

 

   這裏我是根據請求的地址中是否包括backend或forend來判斷用戶是進行前臺登錄或後臺登錄的， 這可以從配置文件中的backendLoginEntry和forendLoginEntry中的pattern屬性看出，這個pattern的作用就是判斷用戶是進行前臺登錄或後臺登錄的依據，而directUrl則是我們想要導向的登錄界面地址。

Spring Security 3多用戶登錄實現之三 驗證過濾器

當填寫完成登錄表單提交後，首先會被對應的提交表單提起的過濾器進行攔截，這裏過濾器的作用就是攔截登錄表單提交驗證請求，並根據相應的表單信息構造對應的登錄憑證，這裏來看看過濾器是如何構造相應的用戶憑證。

 

 

package com.template.security.filter;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午10:00
 */
public class MultipleAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
    private List<AuthenticationTokenResolver> tokenResolvers = new ArrayList<AuthenticationTokenResolver>();

    /**
     * @param defaultFilterProcessesUrl the default value for <tt>filterProcessesUrl</tt>.
     */
    protected MultipleAuthenticationProcessingFilter(String defaultFilterProcessesUrl) {
        super(defaultFilterProcessesUrl);
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
        for (AuthenticationTokenResolver tokenResolver : tokenResolvers) {
            if (tokenResolver.support(request)) {
                Authentication authentication = tokenResolver.resolve(request);
                return this.getAuthenticationManager().authenticate(authentication);
            }
        }

        throw new UnsupportedOperationException("No authentication token resolver found!");
    }

    public void setTokenResolvers(List<AuthenticationTokenResolver> tokenResolvers) {
        this.tokenResolvers = tokenResolvers;
    }
}

 

 

package com.template.security.filter;

import org.springframework.security.core.Authentication;

import javax.servlet.http.HttpServletRequest;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午10:08
 */
public interface AuthenticationTokenResolver {

    boolean support(HttpServletRequest request);


    Authentication resolve(HttpServletRequest request);

}

 

 

package com.template.security.filter;

import com.template.utils.StringUtils;
import org.springframework.security.core.Authentication;

import javax.servlet.http.HttpServletRequest;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午10:27
 */
public abstract class AbstractAuthenticationTokenResolver implements AuthenticationTokenResolver {
    protected String parameterName;
    protected String parameterValue;

    protected AbstractAuthenticationTokenResolver() {
    }

    protected AbstractAuthenticationTokenResolver(String parameterName) {
        this.parameterName = parameterName;
    }

    @Override
    public boolean support(HttpServletRequest request) {
        String parameterValue = request.getParameter(parameterName);
        if (StringUtils.isEmpty(parameterValue)) {
            return false;
        }
        return parameterValue.equals(this.parameterValue);
    }

    @Override
    public abstract Authentication resolve(HttpServletRequest request);

    public void setParameterName(String parameterName) {
        this.parameterName = parameterName;
    }

    public void setParameterValue(String parameterValue) {
        this.parameterValue = parameterValue;
    }
}

 

 

package com.template.security.filter;

import com.template.security.authentication.token.BackendAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午10:29
 */
public class BackendAuthenticationTokenResolver extends AbstractAuthenticationTokenResolver {

    protected BackendAuthenticationTokenResolver() {
        super();
    }

    @Override
    public Authentication resolve(HttpServletRequest request) {
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        String captcha = request.getParameter("captcha");
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
        return new BackendAuthenticationToken(username, password, authorities, captcha);
    }
}

 

 

package com.template.security.filter;

import com.template.security.authentication.token.ForendAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午10:29
 */
public class ForendAuthenticationTokenResolver extends AbstractAuthenticationTokenResolver {

    protected ForendAuthenticationTokenResolver() {
        super();
    }

    @Override
    public Authentication resolve(HttpServletRequest request) {
        String email = request.getParameter("email");
        String phone = request.getParameter("phone");
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
        return new ForendAuthenticationToken(email, phone, authorities);
    }

}

 

    這裏實現AbstractAuthenticationProcessingFilter接口的類MultipleAuthenticationProcessingFilter，用來根據相應的登錄表單提交信息構造相應的登錄用戶憑證。爲了實現根據前臺登錄表單信息構造前臺用戶憑證，根據後臺登錄表單信息構造後臺用戶憑證，使用了策略模式來實現，實現AbstractAuthenticationTokenResolver接口的BackendAuthenticationTokenResolver和ForendAuthenticationTokenResolver分別用來構造後臺用戶憑證和前臺用戶憑證，再來看看配置文件是如何進行配置的吧。

 

 

<beans:bean id="multipleAuthenticationProcessingFilter"
                class="com.template.security.filter.MultipleAuthenticationProcessingFilter">
        <beans:constructor-arg value="/login/check"/>
        <beans:property name="tokenResolvers">
            <beans:list>
                <beans:ref bean="backendAuthenticationTokenResolver"/>
                <beans:ref bean="forendAuthenticationTokenResolver"/>
            </beans:list>
        </beans:property>
        <beans:property name="authenticationManager" ref="authenticationManager"/>
        <beans:property name="authenticationSuccessHandler" ref="multipleAuthenticationSuccessHandler"/>
        <beans:property name="authenticationFailureHandler" ref="multipleAuthenticationFailureHandler"/>
    </beans:bean>

    <beans:bean id="backendAuthenticationTokenResolver"
                class="com.template.security.filter.BackendAuthenticationTokenResolver">
        <beans:property name="parameterName" value="token"/>
        <beans:property name="parameterValue" value="backend"/>
    </beans:bean>

    <beans:bean id="forendAuthenticationTokenResolver"
                class="com.template.security.filter.ForendAuthenticationTokenResolver">
        <beans:property name="parameterName" value="token"/>
        <beans:property name="parameterValue" value="forend"/>
    </beans:bean>

 

    這裏不論是前臺登錄還是後臺登錄，都提交到相同的地址/login/check，不過爲了區分請求到底是前臺登錄認證還是後臺登錄認證，這裏使用了一個名爲token的請求參數來區分，當token的值爲backend的時候表明是後臺登錄認證，當token的值爲forend的時候表明是前臺登錄認證。

 

   <custom-filter ref="multipleAuthenticationProcessingFilter" before="FORM_LOGIN_FILTER"/>

 

   這段配置表明自定義的認證過濾器將在Spring Security默認的UsernamePasswordAuthenticationFilter前執行，研究UsernamePasswordAuthenticationFilter源碼你就會發現平時使用到的登錄認證請求地址j_spring_security_check就是被這個過濾器進行攔截並進行處理的，所以如果只是簡單的登錄認證，你只需要在登錄頁面進行一些修改就完成可以了，因爲後臺的處理已經完全交由Spring Security來幫我們處理了。

Spring Security 3多用戶登錄實現之四 用戶憑證

前講講到AuthenticationFilter會攔截我們的登錄表單提交信息並根據相應的信息構造出對應的用戶憑證，這裏的用戶憑證將會貫穿整個Spring Security安全驗證過程，如果驗證用戶憑證成功，我們可以爲相應的用戶憑證分配相應的權限，並將用戶導向登錄成功的界面。來看看這裏的多種類型用戶登錄憑證的實現吧，這裏主要實現了兩種用戶憑證，一種是前臺用戶登錄憑證，一種是後臺用戶登錄憑證。

 

 

package com.template.security.authentication.token;

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

import java.util.ArrayList;
import java.util.List;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-4
 * Time: 下午11:23
 */
public class ForendAuthenticationToken extends AbstractAuthenticationToken {
    private String email;
    private String phone;

    public ForendAuthenticationToken(String email, String phone, List<GrantedAuthority> grantedAuthorities) {
        super(grantedAuthorities);
        this.email = email;
        this.phone = phone;
    }

    public String getEmail() {
        return email;
    }

    public String getPhone() {
        return phone;
    }

    @Override
    public Object getCredentials() {
        return null;
    }

    @Override
    public Object getPrincipal() {
        return null;
    }
}

 

 

package com.template.security.authentication.token;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;

import java.util.Collection;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-4
 * Time: 下午11:24
 */
public class BackendAuthenticationToken extends UsernamePasswordAuthenticationToken {
    private String captcha;

    public BackendAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities, String captcha) {
        super(principal, credentials, authorities);
        this.captcha = captcha;
    }

    public String getCaptcha() {
        return captcha;
    }
}

 

    爲了標誌我們創建的類爲一個用戶憑證並且能夠被Spring Security識別，我們需要實現Authentication接口，因爲Spring Security爲我們提供了一個抽象的憑證，所以這裏我的前臺憑證就繼承了這樣一個抽象的憑證類，名爲AbstractAuthenticationToken， 根據前臺表單的提交信息有郵件地址和電話號碼，所以實現的ForendAuthenticationToken包含這樣兩個屬性，而Spring Security爲我們提供了常見的用戶名和密碼的登錄憑證實現，我的後臺登錄表單信息只是多了一個驗證碼，所以我直接繼承了UsernamePasswordAuthenticationToken這樣一個類。

Spring Security 3多用戶登錄實現之五 驗證用戶憑證

 

有了用戶憑證後， 如何驗證用戶的憑證是否正確呢， 這就需要藉助AuthenticationManager了， AuthenticationManager可以包含多個AuthenticationProvider， 每個AuthenticationProvider都會針對特定的AuthenticationToken， 也就是用戶憑證來驗證相應的用戶憑證是否正確。

 

   來看看我爲了實現驗證前臺用戶憑證和後臺用戶憑證而實現的AuthenticationProvider吧。

 

 

package com.template.security.authentication.provider;

import com.template.security.authentication.token.BackendAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-4
 * Time: 下午11:16
 */
public class BackendAuthenticationProvider implements AuthenticationProvider {

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        BackendAuthenticationToken authenticationToken = (BackendAuthenticationToken) authentication;
//        String captcha = authenticationToken.getCaptcha();
//        if (captcha.startsWith("ZZ")) {
//            throw new AuthenticationServiceException("The captcha is wrong!");
//        }
        String username = (String) authenticationToken.getPrincipal();
        String password = (String) authenticationToken.getCredentials();

        if (username.equalsIgnoreCase("ZHONGGANG") && password.equalsIgnoreCase("123")) {
            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
            return authenticationToken;
        }
        throw new AuthenticationServiceException("The username or password is not correct!");
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return BackendAuthenticationToken.class.isAssignableFrom(authentication);
    }
}

 

 

package com.template.security.authentication.provider;

import com.template.security.authentication.token.ForendAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-4
 * Time: 下午11:16
 */
public class ForendAuthenticationProvider implements AuthenticationProvider {

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        ForendAuthenticationToken authenticationToken = (ForendAuthenticationToken) authentication;
        String email = authenticationToken.getEmail();
        String phone = authenticationToken.getPhone();
        if (email.endsWith("@qq.com") && phone.startsWith("139")) {
            authenticationToken.setAuthenticated(true);
            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
            return authenticationToken;
        }

        throw new AuthenticationServiceException("The email or phone is not correct!");
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return ForendAuthenticationToken.class.isAssignableFrom(authentication);
    }
}

 

    不論是前臺用戶憑證驗證還是後臺用戶憑證驗證，都實現了AuthenticationProvider接口，其中的supports方法表明這個AuthenticationProvider需要對哪個類型的用戶憑證進行驗證。這裏我只是進行了一個簡單的驗證，沒有什麼實際意義，如果你的驗證需要與數據庫打交道，你可以在AuthenticationProvider中注入你的服務。來看看配置文件中的相應配置信息吧。

 

 

<authentication-manager alias="authenticationManager">
    <authentication-provider ref="forendAuthenticationProvider"/>
    <authentication-provider ref="backendAuthenticationProvider"/>
</authentication-manager>

<beans:bean id="backendAuthenticationProvider"
            class="com.template.security.authentication.provider.BackendAuthenticationProvider"/>
<beans:bean id="forendAuthenticationProvider"
            class="com.template.security.authentication.provider.ForendAuthenticationProvider"/>

Spring Security 3多用戶登錄實現之六 用戶驗證後處理

驗證用戶後主要有這樣兩種走向，一種是驗證失敗，一種是驗證成功，驗證失敗後應該如何處理呢，驗證成功又該如何處理呢？

 

   驗證失敗的處理需要實現AuthenticationFailureHandler接口，我的前臺用戶認證失敗的處理是這樣的

 

 

package com.template.security.authentication.handler;

import com.template.security.shared.DirectUrlResolver;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午11:20
 */
public class MultipleAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    private List<DirectUrlResolver> resolvers = new ArrayList<DirectUrlResolver>();

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
        for (DirectUrlResolver resolver : resolvers) {
            if (resolver.support(request)) {
                String directUrl = resolver.directUrl();
                setDefaultFailureUrl(directUrl);
            }
        }

        super.onAuthenticationFailure(request, response, exception);
    }

    public void setResolvers(List<DirectUrlResolver> resolvers) {
        this.resolvers = resolvers;
    }
}

 

    驗證成功的處理需要實現AuthenticationSuccessHandler接口，我的後臺驗證成功處理是這樣的

 

 

package com.template.security.authentication.handler;

import com.template.security.shared.DirectUrlResolver;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午11:20
 */
public class MultipleAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
    private List<DirectUrlResolver> resolvers = new ArrayList<DirectUrlResolver>();

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        for (DirectUrlResolver resolver : resolvers) {
            if (resolver.support(request)) {
                String directUrl = resolver.directUrl();
                setDefaultTargetUrl(directUrl);
            }
        }

        super.onAuthenticationSuccess(request, response, authentication);
    }

    public void setResolvers(List<DirectUrlResolver> resolvers) {
        this.resolvers = resolvers;
    }
}

 

    不論是前臺驗證成功還是後臺驗證成功，前臺驗證失敗還是後臺驗證失敗我都有不同的處理，前臺驗證成功導向前臺驗證成功界面，後臺驗證成功導向後臺驗證成功界面， 前臺驗證失敗導向前臺登錄界面， 後臺驗證失敗導向後臺登錄界面，所以這裏我使用了前面我書寫的一個通用接口，也就是DirectUrlResolver。來看看驗證處理成功或失敗的配置信息。

 

 

<beans:bean id="multipleAuthenticationSuccessHandler"
             class="com.template.security.authentication.handler.MultipleAuthenticationSuccessHandler">
     <beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
     <beans:property name="resolvers">
         <beans:list>
             <beans:ref bean="backendAuthenticationSuccessUrlResolver"/>
             <beans:ref bean="forendAuthenticationSuccessUrlResolver"/>
         </beans:list>
     </beans:property>
 </beans:bean>

 <beans:bean id="backendAuthenticationSuccessUrlResolver"
             class="com.template.security.shared.RequestParameterDirectUrlResolver">
     <beans:property name="parameterName" value="token"/>
     <beans:property name="pattern" value="backend"/>
     <beans:property name="directUrl" value="/backend/login/success"/>
 </beans:bean>

 <beans:bean id="forendAuthenticationSuccessUrlResolver"
             class="com.template.security.shared.RequestParameterDirectUrlResolver">
     <beans:property name="parameterName" value="token"/>
     <beans:property name="pattern" value="forend"/>
     <beans:property name="directUrl" value="/forend/login/success"/>
 </beans:bean>

 <beans:bean id="multipleAuthenticationFailureHandler"
             class="com.template.security.authentication.handler.MultipleAuthenticationFailureHandler">
     <beans:property name="resolvers">
         <beans:list>
             <beans:ref bean="backendAuthenticationFailureUrlResolver"/>
             <beans:ref bean="forendAuthenticationFailureUrlResolver"/>
         </beans:list>
     </beans:property>
 </beans:bean>

 <beans:bean id="backendAuthenticationFailureUrlResolver"
             class="com.template.security.shared.RequestParameterDirectUrlResolver">
     <beans:property name="parameterName" value="token"/>
     <beans:property name="pattern" value="backend"/>
     <beans:property name="directUrl" value="/backend/login?error=1"/>
 </beans:bean>

 <beans:bean id="forendAuthenticationFailureUrlResolver"
             class="com.template.security.shared.RequestParameterDirectUrlResolver">
     <beans:property name="parameterName" value="token"/>
     <beans:property name="pattern" value="forend"/>
     <beans:property name="directUrl" value="/forend/login?error=1"/>
 </beans:bean>

 

    這裏還需要將相應的驗證Handler注入到前講的認證處理Filter中。