我想为此应用程序实现 spring 安全性,以便用户只需更改 url 即可访问管理页面。我还没有找到适合此应用程序结构方式的好示例。
这是我的用户控制器页面
import com.phonebook.command.LoginCommand;
import com.phonebook.command.UserCommand;
import com.phonebook.domain.User;
import com.phonebook.exception.UserBlockedException;
import com.phonebook.service.UserService;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DuplicateKeyException;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class UserController {
@Autowired
private UserService userService;
@RequestMapping(value = {"/", "/index"})
public String index(Model m) {
m.addAttribute("command", new LoginCommand());
return "index"; //jsp - /WEB-INF/view/index.jsp
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String handleLogin(@ModelAttribute("command") LoginCommand cmd, Model m, HttpSession session) {
try {
User loggedInUser = userService.login(cmd.getLoginName(), cmd.getPassword());
if (loggedInUser == null) {
m.addAttribute("err", "Login Failed! Enter valid credentials.");
return "index";
} else {
if (loggedInUser.getRole().equals(UserService.ROLE_ADMIN)) {
addUserInSession(loggedInUser, session);
return "redirect:admin/dashboard";
} else if (loggedInUser.getRole().equals(UserService.ROLE_USER)) {
addUserInSession(loggedInUser, session);
return "redirect:user/dashboard";
} else {
m.addAttribute("err", "Invalid User ROLE");
return "index";
}
}
} catch (UserBlockedException ex) {
m.addAttribute("err", ex.getMessage());
return "index";
}
}
@RequestMapping(value = "/logout")
public String logout(HttpSession session) {
session.invalidate();
return "redirect:index?act=lo";
}
@RequestMapping(value = "/user/dashboard")
public String userDashboard() {
return "dashboard_user";
}
@RequestMapping(value = "/admin/dashboard")
public String adminDashboard() {
return "dashboard_admin";
}
@RequestMapping(value = "/admin/users")
public String getUserList(Model m) {
m.addAttribute("userList", userService.getUserList());
return "users";
}
@RequestMapping(value = "/reg_form")
public String registrationForm(Model m) {
UserCommand cmd = new UserCommand();
m.addAttribute("command", cmd);
return "reg_form";
}
@RequestMapping(value = "/register")
public String registerUser(@ModelAttribute("command") UserCommand cmd, Model m) {
try {
User user = cmd.getUser();
user.setRole(UserService.ROLE_USER);
user.setLoginStatus(UserService.LOGIN_STATUS_ACTIVE);
userService.register(user);
return "redirect:index?act=reg";
} catch (DuplicateKeyException e) {
e.printStackTrace();
m.addAttribute("err", "Username is already registered. Please select another username.");
return "reg_form";
}
}
private void addUserInSession(User u, HttpSession session) {
session.setAttribute("user", u);
session.setAttribute("userId", u.getUserId());
session.setAttribute("role", u.getRole());
}
@RequestMapping(value = "/admin/change_status")
@ResponseBody
public String changeLoginStatus(@RequestParam Integer userId, @RequestParam Integer loginStatus) {
try {
userService.changeLoginStatus(userId, loginStatus);
return "SUCCESS: Status Changed";
} catch (Exception e) {
e.printStackTrace();
return "ERROR: Unable to Change Status";
}
}
@RequestMapping(value = "/check_avail")
@ResponseBody
public String checkAvailability(@RequestParam String username) {
if (userService.isUsernameExist(username)) {
return "This username is already taken. Choose another name";
} else {
return "Yes! You can take this";
}
}
}
您可以在GitHub上找到整个应用程序到此链接。 https://github.com/VikramThakur8/SpringContactApp
我认为,你应该为整个应用程序实现 Spring 安全性。好的开始是Baeldungs教程系列。阅读有关配置、身份验证和授权@Secured注释的信息。 通过配置,您可以指定谁可以访问特定的 URL 模式。