第一步:form表單提交
<form id="formLogin" action="<%=request.getContextPath()%>/j_spring_security_check" method="post"></form>
第二步:配置文件applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- 認證功能http配置 -->
<!-- entry-point-ref 爲用戶第一次訪問受保護的url時的處理程序. -->
<http use-expressions="true" entry-point-ref="authenticationEntryPoint">
<!-- 這裏是拒絕用戶訪問的處理程序 -->
<access-denied-handler ref="accessDeniedHandler" />
<intercept-url pattern="/login.jsp*" access="permitAll"/>
<intercept-url pattern="/**/*.js" access="permitAll"/>
<intercept-url pattern="/**/*.jpg" access="permitAll"/>
<intercept-url pattern="/**/*.gif" access="permitAll"/>
<intercept-url pattern="/**/*.css" access="permitAll"/>
<intercept-url pattern="/**/**.json*" access="permitAll"/>
<!-- <intercept-url pattern="/contents/**.jsp*" access="isAuthenticated()"/> -->
<intercept-url pattern="/**/*.html*" access="permitAll"/>
<intercept-url pattern="/**/*.jsp*" access="permitAll"/>
<custom-filter position="LOGOUT_FILTER" ref="secLogoutFilter" />
<custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="checkInfoFilter" />
<custom-filter position="FORM_LOGIN_FILTER" ref="crmAuthFilter" />
<!-- 限制用戶的最大登陸數,防止一個賬號被多人使用 -->
<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<session-management session-authentication-strategy-ref="crmSAS"/>
</http>
<!-- 登出 過濾器 -->
<beans:bean id="secLogoutFilter"
class="com.xxxx.crm.sec.common.SecLogoutFilter">
<beans:constructor-arg ref="secLogoutSuccessHandler" />
<beans:constructor-arg>
<beans:list>
<beans:bean
class="com.xxxx.crm.sec.common.SecLogoutHandler"></beans:bean>
</beans:list>
</beans:constructor-arg>
</beans:bean>
<!-- 登出 handler -->
<beans:bean id="secLogoutSuccessHandler" class="com.xxxx.crm.sec.common.SecLogoutSuccessHandler">
<beans:property name="defaultLogoutUrl" value="/login"></beans:property>
<beans:property name="mLogoutUrl" value="/mlogin"></beans:property>
</beans:bean>
<!-- 登錄失敗 handler -->
<beans:bean id="secAuthenticationFailureHandler" class="com.xxxx.crm.sec.common.SecAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login"></beans:property>
<beans:property name="customerFUrl" value="/login"></beans:property>
<beans:property name="merchantFul" value="/mlogin"></beans:property>
</beans:bean>
<!-- 登錄成功 handler -->
<beans:bean id="secAuthenticationSuccessHandler " class="com.xxxx.crm.sec.common.SecAuthenticationSuccessHandler">
<beans:property name="defaultSuccessUrl" value="/commonLogin"></beans:property>
</beans:bean>
<!-- userDetailsService -->
<beans:bean id="userDetailsServiceImpl" class="com.xxxx.crm.sec.xxxxUserDetailsServiceImpl"></beans:bean>
<!-- AccessDecisionManager -->
<beans:bean id="accessDecision" class="com.xxxx.crm.sec.AccessDecisionManagerImpl"></beans:bean>
<!-- FilterInvocationSecurityMetadataSource -->
<beans:bean id="accessMeta" class="com.xxxx.crm.sec.SecurityMetadataSourceImpl"></beans:bean>
<!-- 認證功能管理器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="authenticationProvider"/>
</authentication-manager>
<!-- 認證功能實現 -->
<beans:bean id="authenticationProvider" class="com.xxxx.crm.sec.SecurityDaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsServiceImpl" />
<beans:property name="hideUserNotFoundExceptions" value="false"/>
<beans:property name="passwordEncoder" ref="md5PasswordEncoder"/>
</beans:bean>
<!-- 用戶動態設置session級別信息實現類 -->
<beans:bean id="ctxSessionManager" class="com.xxxx.crm.sec.ctxsession.CtxSessionManager" />
<!-- 用戶密碼加密或解密 -->
<beans:bean id="md5PasswordEncoder" class="com.xxxx.crm.constance.MD5PasswordEncoder" />
<beans:bean id="springMD5PasswordEncoder" class="com.xxxx.crm.constance.SpringMD5PasswordEncoder" />
<beans:bean id="checkInfoFilter" class="com.xxxx.crm.sec.SecurityInterceptor">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="accessDecisionManager" ref="accessDecision" />
<beans:property name="securityMetadataSource" ref="accessMeta" />
</beans:bean>
<!-- 定義上下文返回的消息的國際化。 -->
<beans:bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<!--<beans:property name="basename"
value="classpath:org/springframework/security/messages_zh_CN"/>
-->
<beans:property name="basename"
value="classpath:securityMessage_zh_CN"/>
</beans:bean>
<!-- ConcurrentSession過濾器 -->
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/login" />
</beans:bean>
<beans:bean id="crmSAS" class="com.xxxx.crm.sec.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<beans:bean id="loginUserParamManager" class="com.xxxx.crm.sec.common.LoginUserParamManager" factory-method="getInstance">
<!--是否啓用重複登錄控制 -->
<beans:property name="checkSessions" value="false"/>
<!--重複登錄提示消息 -->
<beans:property name="reloginMsg" value="當前用戶已在其它地方登錄。" />
</beans:bean>
<!-- CRM 權限過濾器 -->
<beans:bean id="crmAuthFilter"
class="com.xxxx.crm.sec.filter.AuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy"
ref="crmSAS" />
<beans:property name="authenticationManager" ref="authenticationManager" />
<!-- <beans:property name="rememberMeServices" ref="rememberMeServices"></beans:property>-->
<beans:property name="authenticationFailureHandler"
ref="secAuthenticationFailureHandler" />
<beans:property name="authenticationSuccessHandler"
ref="secAuthenticationSuccessHandler" />
<!-- <beans:property name="filterProcessesUrl" value="/ss_Login"></beans:property> -->
</beans:bean>
<!-- SessionRegistryImpl -->
<beans:bean id="sessionRegistry" class="com.xxxx.crm.sec.session.SecSessionRegistryImpl" />
<!-- 訪問切入點 -->
<beans:bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login" />
</beans:bean>
<!-- 認證被拒絕 -->
<beans:bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<beans:property name="errorPage" value="/login" />
</beans:bean>
</beans:beans>
第三步:成功處理類
public class xxxxUserDetailsServiceImpl implements UserDetailsService {
private UserDetails merchantDetails(String name) {
Connection conn = null;
try {
conn = ds.getConnection();
StringBuffer mString = new StringBuffer(1000);
mString.append(
"SELECT COUNT(1) AS TOTLE FROM xxxx_MERCHANT_INFO T WHERE T.USER_NAME = '")
.append(name).append("'");
Statement stsm = conn.createStatement();
ResultSet rs = stsm.executeQuery(mString.toString());
int count = 0;
if (rs.next()) {
count = rs.getInt("TOTLE");
}
if (count == 0) {
rs.close();
stsm.close();
UsernameNotFoundException unfe = new UsernameNotFoundException(
"用戶不存在或用戶名錯誤");
throw unfe;
} else if (count > 1) {
rs.close();
stsm.close();
UsernameNotFoundException unfe = new UsernameNotFoundException(
"用戶信息配置錯誤");
throw unfe;
}
mString.setLength(0);
mString.append("SELECT MERCHANT_ID, USER_NAME, PASS_WORD, MERCHANT_NO, MERCHANT_NAME, EXPIRE_DATE, MERCHANT_ADDR, LINKMAN, LINK_PHONE, MAIL_ADDR, LEGAL_PERSON, MERCHANT_FULL_NAME, REGISTERED_CAPITAL, ORGANIZATION_CODE, MERCHANT_ORG, EVALUATION, STATUS, CREATED, CREATED_BY, UPDATED, UPDATED_BY FROM xxxx_MERCHANT_INFO ");
mString.append("WHERE USER_NAME='").append(name).append("'");
rs = stsm.executeQuery(mString.toString());
xxxxUser<xxxxMerchantInfo> iAuser = null;
if (rs.next()) {
xxxxMerchantInfo info = new xxxxMerchantInfo();
info.setUserName(rs.getString("USER_NAME"));
info.setPassWord(rs.getString("PASS_WORD"));
info.setMerchantId(rs.getString("MERCHANT_ID"));
info.setMerchantNo(rs.getString("MERCHANT_NO"));
info.setMerchantOrg(rs.getString("MERCHANT_ORG"));
iAuser = new IxxxxMUser(info);
}
rs.close();
stsm.close();
return iAuser;
} catch (SQLException e) {
e.printStackTrace();
} finally {
if (null != conn) {
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
return null;
}
}
第四步:如果登錄失敗了頁面需要提示
<%
if (session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) != null) {
%>
<input type="hidden" id="errorMsg" name="errorMsg" value='${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message}' />
<%
} else {
%>
<input type="hidden" id="errorMsg" name="errorMsg" value='' />
<%
}
session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
%>
在js裏alert一下reeorMsg的值就可以了spring提供的登錄j_spring_security_check
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章