Tin*_*iny 8 spring spring-mvc spring-security
我正在使用Spring 3.2.0和相同版本的Spring安全性.成功登录后,用户将被重定向到其中一个受保护的页面,如下所示.
public final class LoginSuccessHandler implements AuthenticationSuccessHandler
{
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException
{
Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
if (roles.contains("ROLE_ADMIN"))
{
response.sendRedirect("admin_side/Home.htm");
return;
}
}
}
我正在使用Hibernate.如何在成功登录后更新数据库中的登录日期时间(上次登录)?我在登录页面上有一个提交按钮,其POST请求似乎没有映射到其相应登录控制器中的方法.登录表单的操作实际上映射到Servlet - j_spring_security_check.
spring-security.xml如果需要,整个文件如下.
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http pattern="/Login.htm*" security="none"></http>
<http auto-config='true'>
<!--<remember-me key="myAppKey"/>-->
<session-management session-fixation-protection="newSession">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
<intercept-url pattern="/admin_side/**" access="ROLE_ADMIN" requires-channel="any"/>
<form-login login-page="/" default-target-url="/admin_side/Home.htm" authentication-failure-url="/LoginFailed.htm" authentication-success-handler-ref="loginSuccessHandler"/>
<logout logout-success-url="/Login.htm" invalidate-session="true" delete-cookies="JSESSIONID"/>
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email_id, password, enabled from user_table where lower(email_id)=lower(?)"
authorities-by-username-query="select ut.email_id, ur.authority from user_table ut, user_roles ur where ut.user_id=ur.user_id and lower(ut.email_id)=lower(?)"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="loginSuccessHandler" class="loginsuccesshandler.LoginSuccessHandler"/>
<global-method-security>
<protect-pointcut expression="execution(* dao.*.*(..))" access="ROLE_ADMIN"/>
</global-method-security>
<!--<global-method-security secured-annotations="enabled" />-->
</beans:beans>
Ral*_*lph 19
另一种方法是注册处理程序AuthenticationSuccessEvent.
@Service
public class UserService implements
ApplicationListener<AuthenticationSuccessEvent> {
@Override
public void onApplicationEvent(AuthenticationSuccessEvent event) {
String userName = ((UserDetails) event.getAuthentication().
getPrincipal()).getUsername();
User user = this.userDao.findByLogin(userName);
user.setLastLoginDate(new Date());
}
}
为什么不直接在认证成功处理程序中执行此操作?
public final class LoginSuccessHandler implements AuthenticationSuccessHandler
{
@Autowired
private UserService userService;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException
{
String userName = authentication.getPrincipal().getName();
this.userService.updateLastLoginDateForUserByName(userName);
Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
if (roles.contains("ROLE_ADMIN"))
{
response.sendRedirect("admin_side/Home.htm");
return;
}
}
}
| 归档时间: |
|
| 查看次数: |
11144 次 |
| 最近记录: |