struts2中Spring Security 自定义登陆页面的实现

Spring Security默认提供了一个登陆页面，但是这个页面实在太简陋了，实际开发时必须实现自定义的登录页面。

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

	<http auto-config="true">
		<intercept-url pattern="/images/**" filters="none" />
		<intercept-url pattern="/styles/**" filters="none" />
		<intercept-url pattern="/scripts/**" filters="none" />
		<intercept-url pattern="/coos/**" filters="none" />
		<intercept-url pattern="/common/**" filters="none" />
		<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
		<intercept-url pattern="/ssq/**" access="ROLE_ADMIN,ROLE_EDITOR" />
		<intercept-url pattern="/browser/**" access="ROLE_ADMIN,ROLE_EDITOR,ROLE_USER" />
		<intercept-url pattern="/**" access="ROLE_ADMIN,ROLE_EDITOR,ROLE_USER" />

		<intercept-url pattern="/login.action" filters="none" />
		<form-login login-page="/login.action" authentication-failure-url="/login.action?error=true" default-target-url="/" />
		<logout />
		<remember-me user-service-ref="userDetailsService" />
	</http>


	<authentication-provider user-service-ref="userDetailsService">
		<password-encoder hash="plaintext" />
	</authentication-provider>

	<beans:bean id="userDetailsService"
		class="com.coos.ssq.service.impl.UserDetailsServiceLocalImpl">
		<beans:property name="userManager" ref="userManager" />
	</beans:bean>

	<beans:bean id="passwordEncoder"
		class="org.springframework.security.providers.encoding.Md5PasswordEncoder">
	</beans:bean>

</beans:beans>

<form-login login-page="/login.action" authentication-failure-url="/login.action?error=true" default-target-url="/" />
login-page表示用户登陆时显示我们自定义的login.action对应的页面。
authentication-failure-url表示用户登陆失败时，跳转到哪个action。
当用户输入的登录名和密码不正确时，系统将再次跳转到/login.action，并添加一个error=true参数作为登陆失败的标示。
default-target-url表示登陆成功时，跳转的url。

struts2的配置

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
    "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
    "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
	<package name="default" extends="struts-default">
		<global-results>
			<result name="error" type="freemarker">/common/action_error.ftl</result>
		</global-results>
		
		<action name="login" class="com.coos.ssq.action.LoginAction">
			<result name="input" type="freemarker">/common/login.ftl</result>
			<result name="success"  type="redirect">/</result>
		</action>

	</package>

</struts>

loginAction的代码：

package com.coos.ssq.action;

import java.util.Map;
import com.opensymphony.xwork2.ActionContext;

public class LoginAction extends BaseAction
{
	private static final long serialVersionUID = 2316404862441984223L;
	private String error;
	private String lastname;
	private String message;
	
	public String execute() throws Exception
	{
		Map<String, ?> session = ActionContext.getContext().getSession();
		this.lastname = (String) session.get("SPRING_SECURITY_LAST_USERNAME");
		try
		{
			Exception e = (Exception)session.get("SPRING_SECURITY_LAST_EXCEPTION");
			this.message = e.getMessage();
		}
		catch (Exception e){}
		
		if(this.message == null && this.lastname != null)
		{
			return SUCCESS;
		}
		else
		{
			if(this.message !=null)
			{
				session.put("SPRING_SECURITY_LAST_EXCEPTION", null);
			}
			return INPUT;
		}
		
	}
	
	/**
	 * @return the message
	 */
	public String getMessage()
	{
		return message;
	}

	/**
	 * @param message the message to set
	 */
	public void setMessage(String message)
	{
		this.message = message;
	}

	/**
	 * @return the error
	 */
	public String getError()
	{
		return error;
	}

	/**
	 * @param error the error to set
	 */
	public void setError(String error)
	{
		this.error = error;
	}

	/**
	 * @return the lastname
	 */
	public String getLastname()
	{
		return lastname;
	}

	/**
	 * @param lastname the lastname to set
	 */
	public void setLastname(String lastname)
	{
		this.lastname = lastname;
	}

	
}

页面采用freemarker整合的login.ftl

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>login page</title>
	<style type="text/css">
        .error
        {
		    width: 260px;height:40px;padding-top:10px;border: 2px solid red;
		    background-color: yellow;text-align: center;
		}
		.login{width: 260px;margin-bottom:10px;border: 1px solid #ccc;border-right: 2px solid #ccc;}
		.login td{border-bottom: 1px solid #ccc;height:30px;}
		.input{width:120px;}
		.title{font-size:14px;}
        .hide{display:none;}
    </style>
</head>
<body>
<center>
	<div class="error <#if !error?exists>hide</#if>">
	  用户名或密码错误！
	  <br />
	  ${message?default("")}
	  
	  
	</div>
	<br />

<form action="${base}/j_spring_security_check" method="post">
	<table class="login" border="0" cellpadding="0" cellspacing="0">
	  <tr>
	    <td colspan="2" align="center"><span class="title">用户登录</span></td>
	  </tr>
	  <tr>
	    <td nowrap="nowrap" align="right">用户名：</td>
	    <td align="left"><input class="input" type="text" name="j_username" value="${lastname?default("")}"/></td>
	  </tr>
	  <tr>
	    <td align="right">密码：</td>
	    <td align="left"><input class="input" type="password" name="j_password" /></td>
	  </tr>
	  <tr>
	    <td>&nbsp;</td>
	    <td nowrap="nowrap" align="left"><input type="checkbox" name="_spring_security_remember_me" />两周之内自动登陆</td>
	  </tr>
	  <tr>
	    <td colspan="2" align="center">
	    	<input type="submit" value="登陆"/>
		    <input type="reset" value="重置"/>
	    </td>
	  </tr>
	</table>
</form>
</center>

</body>
</html>

页面用了sitemesh统一装饰的，所以这里的代码中没有头和尾部分的，具体效果自己调了。