java - 使用Spring Security成功登录后如何在 View 中添加对象？

成功登录后，我尝试重定向到需要实例化对象的页面，如HomeController中所述：

@RequestMapping(value={"/","/home"}, method=RequestMethod.GET)
public ModelAndView home() {
    ModelAndView view = new ModelAndView("home");
    view.addObject("client", new Client());
    return view;
}

问题是我不知道如何使用Spring Security来执行此操作，因为我唯一能做的设置是在成功登录后设置页面：

.formLogin()
    .loginPage("/login")
    .defaultSuccessUrl("/home")
    .permitAll()

使用Spring Security成功登录后，如何将该对象添加到视图中？

最佳答案

假设您具有这样的WebSecurity配置。您只需要添加一个successHandler

@Configuration
@EnableWebSecurity
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private SimpleAuthenticationSuccessHandler successHandler;

    @Bean("authenticationManager")
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        // @formatter:off
        auth.inMemoryAuthentication()
            .withUser("user1").password("{noop}user1Pass").roles("USER")
            .and()
            .withUser("admin1").password("{noop}admin1Pass").roles("ADMIN");
        // @formatter:on
    }


    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/anonymous*").anonymous()
            .antMatchers("/login*").permitAll()
            .anyRequest().authenticated()

            .and()
            .formLogin()
            .loginPage("/login.html")
            .loginProcessingUrl("/login")
            .successHandler(successHandler)
            // ...
    }
}

SimpleAuthenticationSuccessHandler类

// Change onAuthenticationSuccess logic as per your requirement

@Component
public class SimpleAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    @Override
    public void onAuthenticationSuccess(HttpServletRequest arg0, HttpServletResponse arg1, Authentication authentication)
            throws IOException, ServletException {


        redirectStrategy.sendRedirect(arg0, arg1, "/home");


        /*
        Collectionextends GrantedAuthority> authorities = authentication.getAuthorities();
        authorities.forEach(authority -> {
            if(authority.getAuthority().equals("ROLE_USER")) {
                try {
                    redirectStrategy.sendRedirect(arg0, arg1, "/user");
                } catch (Exception e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }
            } else if(authority.getAuthority().equals("ROLE_ADMIN")) {
                try {
                    redirectStrategy.sendRedirect(arg0, arg1, "/admin");
                } catch (Exception e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }
            } else {
                throw new IllegalStateException();
            }
        });

        */


    }

}

这会将您的调用重定向到"/home"，控制器将进一步负责加载对象。

更多细节here

关于java - 使用Spring Security成功登录后如何在 View 中添加对象？，我们在Stack Overflow上找到一个类似的问题：https://stackoverflow.com/questions/58050715/