简单说说Spring Security 使用(附加验证码登录,自定义认证)

先看官方文档: http://docs.spring.io/spring-security/site/docs/4.0.x/reference/htmlsingle/

spring security4已经加入了注解的方式,但是为了比较清晰了解,还是使用了配置的方式。

第一步:web.xml 加入拦截

<!-- 配置springSecurityFilter -->
    <filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

第二步:编写配置文件:spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans      http://www.springframework.org/schema/beans/spring-beans-3.2.xsd      http://www.springframework.org/schema/security      http://www.springframework.org/schema/security/spring-security-3.2.xsd ">
    <http pattern="/common/**" security="none" />
    <http pattern="/login.jsp" security="none" />
    <http pattern="/user/login" security="none" />
    <http pattern="/index" security="none" />
    <http use-expressions="true">   <intercept-url pattern="/**" access="isAuthenticated()" />   <form-login login-page="/login.jsp"    authentication-failure-url="/login.jsp?error=1" />    <logout invalidate-session="true" logout-url="/logout"  logout-success-url="/"  />
    </http>
    <authentication-manager alias="myAuthenticationManager">   <authentication-provider user-service-ref="cwSysUserDetailsService">       <password-encoder hash="md5"></password-encoder>   </authentication-provider> 
    </authentication-manager></beans:beans>

第三步:编写登录认证函数

package com.eshore.upsweb.service;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import com.eshore.upsweb.dao.CwSysUserDAO;
import com.eshore.upsweb.model.CwSysUser;
import com.eshore.upsweb.model.CwSysUserRole;

@Service(value="cwSysUserDetailsService")
public class CwSysUserDetailsService implements UserDetailsService{
  
  @Autowired
  CwSysUserDAO cwSysUserDAO;
  
  @Override
  public UserDetails loadUserByUsername(String username)
      throws UsernameNotFoundException {
     System.out.println("username is " + username);  
    CwSysUser user = cwSysUserDAO.findUser(username);
    List<GrantedAuthority> authorities = buildUserAuthority(user.getUserRoles());
    return buildUserForAuthentication(user, authorities);
  }
  
  /**
   * 返回验证角色
   * @param userRoles
   * @return
   */
  private List<GrantedAuthority> buildUserAuthority(Set<CwSysUserRole> userRoles){
    Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
    for(CwSysUserRole userRole:userRoles){
      setAuths.add(new SimpleGrantedAuthority(userRole.getRole().getRoleId().toString()));
    }
    List<GrantedAuthority> result = new ArrayList<GrantedAuthority>(setAuths);
    return result;
  }
  
  /**
   * 返回验证用户
   * @param user
   * @param authorities
   * @return
   */
  private User buildUserForAuthentication(CwSysUser user,List<GrantedAuthority> authorities){
    return new User(user.getUserNo(),user.getPassword(),true,true,true,true,authorities);
  }
  
  /**
   * 
   */
  

}

第五步:编写对应的登录jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
  pageEncoding="UTF-8"%>
  <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html">
<html> 
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login</title>
 <link href="./common/bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link href="./common/bootstrap/css/bootstrap-theme.min.css" rel="stylesheet">
  <link rel="stylesheet" type="text/css" href="./common/css/demo.css">
  <link rel="stylesheet" type="text/css" href="./common/css/style.css">
<link rel="stylesheet" type="text/css" href="./common/css/animate-custom.css">
<link rel="stylesheet" href="./common/bootstrap/css/bootstrap.css" type="text/css"></link>
<script type="text/javascript" src="./common/bootstrap/js/bootstrap.min.js"></script>
<script type="text/javascript" src="./common/jquery/jquery-2.1.1.min.js"></script>
<body>
    <div>
      <header> </header>
        <div id="container_demo">
          <div id="wrapper">
            <div id="login" class="animate form">
         <!--  <form name='loginForm' action="<c:url value='j_spring_security_check' />" method='POST'> -->
                <h1>电信融合支付平台</h1> 
                <form id='loginForm' method="POST">
                <p> 
                  <label for="" data-icon="u"> 用户名 </label>
                  <input id="username" name="username" required="required" type="text" placeholder="myusername or [email protected]">
                </p>
                <p> 
                  <label for="" data-icon="p"> 密码 </label>
                  <input id="password" name="password" required="required" type="password" placeholder="eg. X8df!90EO"> 
                </p>
                 <p> 
                  <label for="verification" data-icon="v"> 验证  </label>
                   <img src="index" id="verify" title="看不清,请点我"  style="cursor:hand;"/><br/>
                   <input type="verification" id="verifyCode" name="verifyCode" placeholder="验证码" required="required">
                </p>
                <!-- 
                <p> 
                  <input type="checkbox" name="loginkeeping" id="loginkeeping" value="loginkeeping"> 
                  <label for="loginkeeping">保持登录</label>
                </p>
                 -->
                <p class="login button"> 
                  <input type="submit" id="submitId" value="登录"> 
                </p>
              </form>
            </div>
           </div>
           </div>
</body>

  <script type="text/javascript">
    $(function(){
      /////////////////登录提交////////////////////////////
      $("#loginForm").submit(function() {
        var username=$("#username").val();
        var password=$("#password").val();
        var verifyCode=$("#verifyCode").val();
        var data={username:username,password:password,verifyCode:verifyCode}; 
        var url="/upsweb/user/login"; 
         $.ajax({
            type: "POST",
            url: url,
            data: data,
             // contentType: "application/json",
            dataType: "json",
            success:function (result) {
              if(result.ok){
                location.href="/upsweb";
              }else{
                $(".error").remove();
                $("#loginForm").prepend("<div><font color='red'>"+result.msg+"</font></div>");
                $("#verify").attr("src","/upsweb/index?timestamp="+new Date().getTime());  // 刷新验证码
              }
            },
            error:function(XMLHttpRequest, textStatus, errorThrown){
             //  alert(XMLHttpRequest.status);  
               // alert(XMLHttpRequest.readyState);  
              //   alert(textStatus);  
                 //alert(XMLHttpRequest.responseText);
            alert('读取超时,请检查网络连接'); 
            }
          });
         return false;
      });
      ///////////////////验证码更新/////////////
      $("#verify").click(function(){
           $(this).attr("src","/upsweb/index?timestamp="+new Date().getTime());
      });   
      
    });
    
    
    $(function ()
      { $("#dd").popover();
    });
  </script>
</html>


你可能感兴趣的:(简单说说Spring Security 使用(附加验证码登录,自定义认证))