Spring Security 3多用户登录实现之六 用户验证后处理

 

   验证用户后主要有这样两种走向，一种是验证失败，一种是验证成功，验证失败后应该如何处理呢，验证成功又该如何处理呢？

 

   验证失败的处理需要实现AuthenticationFailureHandler接口，我的前台用户认证失败的处理是这样的

 

 

package com.template.security.authentication.handler;

import com.template.security.shared.DirectUrlResolver;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午11:20
 */
public class MultipleAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    private List<DirectUrlResolver> resolvers = new ArrayList<DirectUrlResolver>();

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
        for (DirectUrlResolver resolver : resolvers) {
            if (resolver.support(request)) {
                String directUrl = resolver.directUrl();
                setDefaultFailureUrl(directUrl);
            }
        }

        super.onAuthenticationFailure(request, response, exception);
    }

    public void setResolvers(List<DirectUrlResolver> resolvers) {
        this.resolvers = resolvers;
    }
}

 

    验证成功的处理需要实现AuthenticationSuccessHandler接口，我的后台验证成功处理是这样的

 

 

package com.template.security.authentication.handler;

import com.template.security.shared.DirectUrlResolver;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-9
 * Time: 下午11:20
 */
public class MultipleAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
    private List<DirectUrlResolver> resolvers = new ArrayList<DirectUrlResolver>();

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        for (DirectUrlResolver resolver : resolvers) {
            if (resolver.support(request)) {
                String directUrl = resolver.directUrl();
                setDefaultTargetUrl(directUrl);
            }
        }

        super.onAuthenticationSuccess(request, response, authentication);
    }

    public void setResolvers(List<DirectUrlResolver> resolvers) {
        this.resolvers = resolvers;
    }
}

 

    不论是前台验证成功还是后台验证成功，前台验证失败还是后台验证失败我都有不同的处理，前台验证成功导向前台验证成功界面，后台验证成功导向后台验证成功界面， 前台验证失败导向前台登录界面， 后台验证失败导向后台登录界面，所以这里我使用了前面我书写的一个通用接口，也就是DirectUrlResolver。来看看验证处理成功或失败的配置信息。

 

 

   <beans:bean id="multipleAuthenticationSuccessHandler"
                class="com.template.security.authentication.handler.MultipleAuthenticationSuccessHandler">
        <beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
        <beans:property name="resolvers">
            <beans:list>
                <beans:ref bean="backendAuthenticationSuccessUrlResolver"/>
                <beans:ref bean="forendAuthenticationSuccessUrlResolver"/>
            </beans:list>
        </beans:property>
    </beans:bean>

    <beans:bean id="backendAuthenticationSuccessUrlResolver"
                class="com.template.security.shared.RequestParameterDirectUrlResolver">
        <beans:property name="parameterName" value="token"/>
        <beans:property name="pattern" value="backend"/>
        <beans:property name="directUrl" value="/backend/login/success"/>
    </beans:bean>

    <beans:bean id="forendAuthenticationSuccessUrlResolver"
                class="com.template.security.shared.RequestParameterDirectUrlResolver">
        <beans:property name="parameterName" value="token"/>
        <beans:property name="pattern" value="forend"/>
        <beans:property name="directUrl" value="/forend/login/success"/>
    </beans:bean>

    <beans:bean id="multipleAuthenticationFailureHandler"
                class="com.template.security.authentication.handler.MultipleAuthenticationFailureHandler">
        <beans:property name="resolvers">
            <beans:list>
                <beans:ref bean="backendAuthenticationFailureUrlResolver"/>
                <beans:ref bean="forendAuthenticationFailureUrlResolver"/>
            </beans:list>
        </beans:property>
    </beans:bean>

    <beans:bean id="backendAuthenticationFailureUrlResolver"
                class="com.template.security.shared.RequestParameterDirectUrlResolver">
        <beans:property name="parameterName" value="token"/>
        <beans:property name="pattern" value="backend"/>
        <beans:property name="directUrl" value="/backend/login?error=1"/>
    </beans:bean>

    <beans:bean id="forendAuthenticationFailureUrlResolver"
                class="com.template.security.shared.RequestParameterDirectUrlResolver">
        <beans:property name="parameterName" value="token"/>
        <beans:property name="pattern" value="forend"/>
        <beans:property name="directUrl" value="/forend/login?error=1"/>
    </beans:bean>

 

    这里还需要将相应的验证Handler注入到前讲的认证处理Filter中。