该部分的环境搭建基于Spring Security URL的拦截方式
stripes-1.5.6
spring-framework-3.0.5.RELEASE
spring-security-3.0.5.RELEASE
登陆页面:index.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib prefix="stripes" uri="http://stripes.sourceforge.net/stripes.tld"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head><title>index</title></head>
<body>
<h1>index.jsp</h1>
<p>${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message}</p>
<form action="/example/j_spring_security_check" method="post">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="j_username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password" /></td>
</tr>
<tr>
<td colspan="2">
<input name="submit" type="submit"/>
</td>
</tr>
</table>
</form>
</body>
</html>
登陆成功后跳转的页面:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>homepage</title>
</head>
<body>
首页<br>
</body>
</html>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- Spring Configuration begin-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:config/applicationContext-*.xml</param-value>
</context-param>
<!-- Spring Configuration end-->
<!-- encoding begin-->
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<!-- encoding end-->
<!-- Spring security Filter end-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring security Filter end-->
<!-- stripes begin -->
<filter>
<display-name>Stripes Filter</display-name>
<filter-name>StripesFilter</filter-name>
<filter-class>net.sourceforge.stripes.controller.StripesFilter</filter-class>
<init-param>
<param-name>ActionResolver.Packages</param-name>
<param-value>com.examples.action</param-value>
</init-param>
<!-- Spring integrate Stripes begin-->
<init-param>
<param-name>Interceptor.Classes</param-name>
<param-value> net.sourceforge.stripes.integration.spring.SpringInterceptor </param-value>
</init-param>
<!-- Spring integrate Stripes end-->
</filter>
<filter-mapping>
<filter-name>StripesFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>StripesFilter</filter-name>
<servlet-name>StripesDispatcher</servlet-name>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>StripesDispatcher</servlet-name>
<servlet-class>net.sourceforge.stripes.controller.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>StripesDispatcher</servlet-name>
<url-pattern>*.action</url-pattern>
</servlet-mapping>
<!-- stripes end -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
messages_zh_CN.properties
AbstractUserDetailsAuthenticationProvider.badCredentials=您无权访问目标资源,请输入正确的密码!
commons-logging.properties
org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger
log4j.properties
log4j.rootLogger = debug, CONSOLE
log4j.addivity.org.apache = true
log4j.appender.CONSOLE = org.apache.log4j.ConsoleAppender
log4j.appender.Threshold = DEBUG
log4j.appender.CONSOLE.Target = System.out
log4j.appender.CONSOLE.layout = org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %5p %c.%t() line:%L - %m %n
config/applicationContext-common.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
</beans>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<security:http auto-config="true" >
<security:intercept-url pattern="/index.jsp*" filters="none"/>
<!-- <security:logout invalidate-session="true" logout-url="/example/j_security_logout" logout-success-url="/index.jsp"/>-->
<security:form-login login-page="/index.jsp" default-target-url="/Login.action" />
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<security:session-management session-authentication-strategy-ref="concurrentsessionControl" />
<security:intercept-url pattern="/**" access="ROLE_USER"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="user" password="user" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:messages_zh_CN"></property>
</bean>
<bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/Loginfailure.jsp" />
</bean>
<bean id="concurrentsessionControl" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
</bean>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
</beans>
User.java
public class User {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
LoginActionBean
public class LoginActionBean extends User implements ActionBean {
private ActionBeanContext context;
private static Log logger = LogFactory.getLog(LoginActionBean.class);
public ActionBeanContext getContext() {
return this.context;
}
public void setContext(ActionBeanContext context) {
this.context=context;
}
//取得user
private void initUser(){
logger.debug("LoginActionBean initUser logic is starting........");
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if(principal instanceof UserDetails){
logger.debug("principal is an User Object ...");
this.setUsername(((UserDetails)principal).getUsername());
this.setPassword(((UserDetails)principal).getPassword());
}else{
logger.debug("principal instanceof User is false..................");
}
logger.debug("LoginActionBean initUser logic is end........");
}
@DefaultHandler
public Resolution login(){
logger.debug("LoginActionBean login logic is starting........");
initUser();
logger.debug("Login username is : "+this.getUsername()+" | user password is : "+ this.getPassword());
logger.debug("LoginActionBean login forward to homepage........");
return new ForwardResolution("/homepage.jsp");
}
}
LogoutActionBean
public class LogoutActionBean extends User implements ActionBean {
private ActionBeanContext context;
private static Log logger = LogFactory.getLog(LogoutActionBean.class);
public ActionBeanContext getContext() {
return this.context;
}
public void setContext(ActionBeanContext context) {
this.context=context;
}
@DefaultHandler
public Resolution logout(){
logger.debug("LogoutActionBean login logic is starting........");
logger.debug("Login username is : "+this.getUsername()+" | user password is : "+ this.getPassword());
logger.debug("LogoutActionBean login forward to index.jsp........");
context.getRequest().getSession().invalidate();
SecurityContextHolder.clearContext();
return new ForwardResolution("/index.jsp");
}
}