我在Spring Boot应用程序中使用过Spring Security,并且有两种类型的用户:一种是ADMIN,一种是简单用户。我从获取数据DataSource,然后执行SQL查询。
DataSource
我的问题是 重定向 :对于每个用户,我都有一个不同的主页。我正在尝试使用AthenticationSuccessHandler,但是它不起作用。
AthenticationSuccessHandler
请帮忙。
我的Spring安全类配置:
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler; import javax.sql.DataSource; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired Securityhandler successHandler; // Pour l'authentification des Utilisateur de Table Utilisateur @Autowired public void GlobalConfig(AuthenticationManagerBuilder auth,DataSource dataSource) throws Exception { auth.jdbcAuthentication() .dataSource(dataSource) .usersByUsernameQuery("SELECT \"Pseudo\" AS principal , \"Password\" AS credentials , true FROM \"UTILISATEUR\" WHERE \"Pseudo\" = ? ") .authoritiesByUsernameQuery("SELECT u.\"Pseudo\" AS principal , r.role as role FROM \"UTILISATEUR\" u ,\"Role\" r where u.id_role=r.id_role AND \"Pseudo\" = ? ") .rolePrefix("_ROLE"); } // ne pas appliqué la securité sur les ressources @Override public void configure(WebSecurity web) throws Exception { web.ignoring() .antMatchers("/bootstrap/**","/css/**"); } @Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .anyRequest() .authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .successHandler(successHandler); } }
这是我的 AuthenticationSuccessHandler :
import java.io.IOException; import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.core.Authentication; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; public class Securityhandler implements AuthenticationSuccessHandler { public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException { Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities()); if (roles.contains("ROLE_Admin")) { response.sendRedirect("/admin/home.html"); } } }
这是控制台中的错误:
org.springframework.beans.factory.BeanCreationException:创建名称为“ org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration”的bean时出错:自动连接依赖项注入失败;
import java.io.IOException; import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.core.Authentication; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.stereotype.Component; @Component public class Securityhandler implements AuthenticationSuccessHandler { public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException { Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities()); if (roles.contains("ROLE_ADMIN")) { response.sendRedirect("admin/home.html"); } } }
您已经错过了@Component成功处理程序类中的注释。
@Component
