Spring Security处理器

        在Spring Security中我们可以定义自己的Handler帮我们完成一些功能，例如登陆成功之后将用户信息放入到Session中、改变执行流的方向等，在这里列举两个Handler：AuthenticationSuccessHandler（登陆成功处理器）、AccessDeniedHandler（拒绝访问处理器），接下来分别自定义这两个处理器。

     

        public class LoginSuccessHandler implements AuthenticationSuccessHandler {

public void onAuthenticationSuccess(HttpServletRequest req,
HttpServletResponse resp, Authentication auth) throws IOException,
ServletException {


HttpSession session=req.getSession();

             //MyUserDetails是自定义实现UserDetails的类

MyUserDetials user=(MyUserDetials) auth.getPrincipal();

session.setAttribute("user",user.getU());

resp.sendRedirect("home");

}
}

public class MyAccessDeniedHandler implements AccessDeniedHandler {


public void handle(HttpServletRequest req, HttpServletResponse resp,
AccessDeniedException arg2) throws IOException, ServletException {


String uri=req.getRequestURI();

               //满足要求改变工作流

if(uri.equals("/shop/publish.jsp"))
{
resp.sendRedirect("applicant.jsp");
}
}
}

当然别忘了还需要在配置文件中配置：

   <http>

   <access-denied-handler ref="myAccessDeniedHandler"/>

<form-login login-page="/login.jsp"
authentication-failure-url="/403.jsp" 
login-processing-url="/j_login"
default-target-url="/home" 
always-use-default-target="true" authentication-success-handler-ref="loginSuccessHanlder"
/>

</http>

  <beans:bean id="loginSuccessHanlder" class="com.duangshopping.handler.LoginSuccessHandler" >

<beans:bean id="myAccessDeniedHandler" class="com.duangshopping.handler.MyAccessDeniedHandler"/>
    </beans:bean>