Stripes1.5.6+Spring3.05+Spring Security3.0.5 环境搭建(一)

该部分的环境搭建基于Spring Security URL的拦截方式
stripes-1.5.6
spring-framework-3.0.5.RELEASE
spring-security-3.0.5.RELEASE
登陆页面:index.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib prefix="stripes" uri="http://stripes.sourceforge.net/stripes.tld"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
  <head><title>index</title></head>
  <body>
    <h1>index.jsp</h1>
    <p>${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message}</p>
    <form action="/example/j_spring_security_check" method="post">
        <table>
            <tr>
                <td>Username:</td>
                <td><input type="text" name="j_username" /></td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type="password"  name="j_password" /></td>
            </tr>
            <tr>
                <td colspan="2">             
                   <input name="submit" type="submit"/>
                </td>
            </tr>
             
        </table>
    </form>
  </body>
</html>

登陆成功后跳转的页面:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>homepage</title>
  </head>
  <body>
首页<br>
  </body>
</html>

web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" 
	xmlns="http://java.sun.com/xml/ns/javaee" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
	http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
	
	
	<!-- Spring Configuration begin-->
	  	<listener>
	    	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
		</listener>
	  	<context-param>
		    <param-name>contextConfigLocation</param-name>
		    <param-value>classpath:config/applicationContext-*.xml</param-value>
		</context-param> 
  	<!-- Spring Configuration end-->
  	<!-- encoding begin-->         
	     <filter>   
	         <filter-name>characterEncodingFilter</filter-name>      
	         <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>    
	             <init-param>      
	                  <param-name>encoding</param-name>      
	                  <param-value>UTF-8</param-value>   
	             </init-param>   
	             <init-param>
		              <param-name>forceEncoding</param-name>
		              <param-value>true</param-value>
		         </init-param>     
	    </filter>      
	    <filter-mapping>      
	        <filter-name>characterEncodingFilter</filter-name>      
	        <url-pattern>/*</url-pattern>      
	    </filter-mapping> 
	    <filter-mapping>      
	        <filter-name>characterEncodingFilter</filter-name>      
	        <url-pattern>*.jsp</url-pattern>      
	    </filter-mapping>    
	    <filter-mapping>      
	        <filter-name>characterEncodingFilter</filter-name>      
	        <url-pattern>*.action</url-pattern>      
	    </filter-mapping> 
	    <filter-mapping>      
	        <filter-name>characterEncodingFilter</filter-name>      
	        <url-pattern>*.do</url-pattern>      
	    </filter-mapping>   
	    <session-config>      
	        <session-timeout>60</session-timeout>      
	    </session-config>    
  	<!-- encoding end-->   
  	<!-- Spring security Filter end-->  
		<filter>  
		    <filter-name>springSecurityFilterChain</filter-name>  
		    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
		</filter>  
		<filter-mapping>  
		    <filter-name>springSecurityFilterChain</filter-name>  
		    <url-pattern>/*</url-pattern>  
		</filter-mapping>  
	<!-- Spring security Filter end-->  
	
	<!-- stripes begin -->
	    <filter>
			<display-name>Stripes Filter</display-name>
			<filter-name>StripesFilter</filter-name>
			<filter-class>net.sourceforge.stripes.controller.StripesFilter</filter-class>
			<init-param>
				<param-name>ActionResolver.Packages</param-name>
				<param-value>com.examples.action</param-value>
			</init-param>
				<!-- Spring integrate Stripes begin-->
				  	<init-param>
				    	<param-name>Interceptor.Classes</param-name>
				    	<param-value> net.sourceforge.stripes.integration.spring.SpringInterceptor </param-value>
					</init-param>
				<!-- Spring integrate Stripes end-->
	 	</filter>
	    <filter-mapping>
			<filter-name>StripesFilter</filter-name>
			<url-pattern>*.jsp</url-pattern>
			<dispatcher>REQUEST</dispatcher>
		</filter-mapping>
	    <filter-mapping>
			<filter-name>StripesFilter</filter-name>
			<servlet-name>StripesDispatcher</servlet-name>
			<dispatcher>REQUEST</dispatcher>
		</filter-mapping>
	    <servlet>
			<servlet-name>StripesDispatcher</servlet-name>
			<servlet-class>net.sourceforge.stripes.controller.DispatcherServlet</servlet-class>
			<load-on-startup>1</load-on-startup>
		</servlet>
		
		<servlet-mapping>
			<servlet-name>StripesDispatcher</servlet-name>
			<url-pattern>*.action</url-pattern>
		</servlet-mapping>
    <!-- stripes end --> 	
	  <welcome-file-list>
	    <welcome-file>index.jsp</welcome-file>
	  </welcome-file-list>
</web-app>


messages_zh_CN.properties
AbstractUserDetailsAuthenticationProvider.badCredentials=您无权访问目标资源,请输入正确的密码!

commons-logging.properties
org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger

log4j.properties
log4j.rootLogger = debug, CONSOLE 
log4j.addivity.org.apache = true 
log4j.appender.CONSOLE = org.apache.log4j.ConsoleAppender    
log4j.appender.Threshold = DEBUG    
log4j.appender.CONSOLE.Target = System.out    
log4j.appender.CONSOLE.layout = org.apache.log4j.PatternLayout    
log4j.appender.CONSOLE.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %5p %c.%t() line:%L  - %m %n

config/applicationContext-common.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	   xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.0.xsd">
   	 
</beans>

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	   xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.0.xsd">
   
	<security:http auto-config="true"  >
		 		<security:intercept-url pattern="/index.jsp*" filters="none"/>
		<!--  <security:logout invalidate-session="true" logout-url="/example/j_security_logout" logout-success-url="/index.jsp"/>-->
		 		<security:form-login  login-page="/index.jsp"  default-target-url="/Login.action" />
		 		<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" /> 
 		<security:session-management  session-authentication-strategy-ref="concurrentsessionControl" /> 
 		
		<security:intercept-url pattern="/**" access="ROLE_USER"/>
	</security:http>
	
	<security:authentication-manager>
		<security:authentication-provider>
			<security:user-service>
				<security:user name="user" password="user" authorities="ROLE_USER"/>
			</security:user-service>
		</security:authentication-provider>
	</security:authentication-manager>
	 	<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
		 <property name="basename" value="classpath:messages_zh_CN"></property>
	</bean>
	 	<bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"> 
        <property name="sessionRegistry" ref="sessionRegistry" /> 
        <property name="expiredUrl" value="/Loginfailure.jsp" /> 
    </bean> 
	<bean id="concurrentsessionControl" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> 
        <constructor-arg name="sessionRegistry" ref="sessionRegistry" /> 
        <property name="maximumSessions" value="1" /> 
    </bean> 
      <bean id="sessionRegistry"  class="org.springframework.security.core.session.SessionRegistryImpl" /> 
 	  	 
</beans>

User.java
public class User {
	private String username;
	private String password;
	
	public String getUsername() {
		return username;
	}

	public void setUsername(String username) {
		this.username = username;
	}

	public String getPassword() {
		return password;
	}

	public void setPassword(String password) {
		this.password = password;
	}
}

LoginActionBean
public class LoginActionBean extends User implements ActionBean {
	private ActionBeanContext context;
	private static Log logger = LogFactory.getLog(LoginActionBean.class);

	public ActionBeanContext getContext() {
		return this.context;
	}

	public void setContext(ActionBeanContext context) {
		this.context=context;
	}
	//取得user
	private void initUser(){
		logger.debug("LoginActionBean initUser logic is starting........");
		Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();

		if(principal instanceof UserDetails){
			logger.debug("principal is an User Object ...");
			this.setUsername(((UserDetails)principal).getUsername());
			this.setPassword(((UserDetails)principal).getPassword());
		}else{
			logger.debug("principal instanceof User is false..................");
		}
		logger.debug("LoginActionBean initUser logic is end........");
	}
	
	@DefaultHandler
	public Resolution login(){
		logger.debug("LoginActionBean login logic is starting........");
		initUser();
		logger.debug("Login username is : "+this.getUsername()+"  |  user password is : "+ this.getPassword());
		logger.debug("LoginActionBean login forward to homepage........");
		return new ForwardResolution("/homepage.jsp");
		 
	}
}

LogoutActionBean
public class LogoutActionBean extends User implements ActionBean {
	private ActionBeanContext context;
	private static Log logger = LogFactory.getLog(LogoutActionBean.class);

	public ActionBeanContext getContext() {
		return this.context;
	}

	public void setContext(ActionBeanContext context) {
		this.context=context;
	}
	@DefaultHandler
	public Resolution logout(){
		logger.debug("LogoutActionBean login logic is starting........");
		logger.debug("Login username is : "+this.getUsername()+"  |  user password is : "+ this.getPassword());
		logger.debug("LogoutActionBean login forward to index.jsp........");
		context.getRequest().getSession().invalidate();
		SecurityContextHolder.clearContext();
		return new ForwardResolution("/index.jsp");
		 
	}
}

你可能感兴趣的:(java,spring,log4j,jsp,Security)