Spring Security自定义过滤器（更改密码）

Spring Security自定义过滤器（更改密码）

在Spring Security 3.0中，你可以实现一个

custom AuthenticationSuccessHandler

。

在此处理程序中，你可以将具有临时密码的用户重定向到密码更改页面，而不是最初请求的页面。更改密码后，你可以使用

SavedRequestAwareAuthenticationSuccessHandler

，将用户重定向到最初请求的页面，这是默认的处理程序实现。

public class MyHandler implements AuthenticationSuccessHandler {    private AuthenticationSuccessHandler target = new SavedRequestAwareAuthenticationSuccessHandler();    public void onAuthenticationSuccess(HttpServletRequest request,        HttpServletResponse response, Authentication auth) {        if (hasTemporaryPassword(auth)) { response.sendRedirect("/changePassword");        } else { target.onAuthenticationSuccess(request, response, auth);        }    }    public void proceed(HttpServletRequest request,         HttpServletResponse response, Authentication auth) {        target.onAuthenticationSuccess(request, response, auth);    }}@Controller("/changePassword")public class ChangePasswordController {    @Autowired    private MyHandler handler;    @RequestMapping(method = POST)    public void changePassword(HttpServletRequest request,         HttpServletResponse response,        @RequestParam(name = "newPassword") String newPassword) {        // handle password change        ...        // proceed to the secured page        handler.proceed(request, response, auth); }