struts2中Spring Security 自定义登陆页面的实现
程序员文章站
2022-07-14 20:17:49
...
Spring Security默认提供了一个登陆页面,但是这个页面实在太简陋了,实际开发时必须实现自定义的登录页面。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<http auto-config="true">
<intercept-url pattern="/images/**" filters="none" />
<intercept-url pattern="/styles/**" filters="none" />
<intercept-url pattern="/scripts/**" filters="none" />
<intercept-url pattern="/coos/**" filters="none" />
<intercept-url pattern="/common/**" filters="none" />
<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
<intercept-url pattern="/ssq/**" access="ROLE_ADMIN,ROLE_EDITOR" />
<intercept-url pattern="/browser/**" access="ROLE_ADMIN,ROLE_EDITOR,ROLE_USER" />
<intercept-url pattern="/**" access="ROLE_ADMIN,ROLE_EDITOR,ROLE_USER" />
<intercept-url pattern="/login.action" filters="none" />
<form-login login-page="/login.action" authentication-failure-url="/login.action?error=true" default-target-url="/" />
<logout />
<remember-me user-service-ref="userDetailsService" />
</http>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
<beans:bean id="userDetailsService"
class="com.coos.ssq.service.impl.UserDetailsServiceLocalImpl">
<beans:property name="userManager" ref="userManager" />
</beans:bean>
<beans:bean id="passwordEncoder"
class="org.springframework.security.providers.encoding.Md5PasswordEncoder">
</beans:bean>
</beans:beans>
<form-login login-page="/login.action" authentication-failure-url="/login.action?error=true" default-target-url="/" />
login-page表示用户登陆时显示我们自定义的login.action对应的页面。
authentication-failure-url表示用户登陆失败时,跳转到哪个action。
当用户输入的登录名和密码不正确时,系统将再次跳转到/login.action,并添加一个error=true参数作为登陆失败的标示。
default-target-url表示登陆成功时,跳转的url。
struts2的配置
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<package name="default" extends="struts-default">
<global-results>
<result name="error" type="freemarker">/common/action_error.ftl</result>
</global-results>
<action name="login" class="com.coos.ssq.action.LoginAction">
<result name="input" type="freemarker">/common/login.ftl</result>
<result name="success" type="redirect">/</result>
</action>
</package>
</struts>
loginAction的代码:
package com.coos.ssq.action; import java.util.Map; import com.opensymphony.xwork2.ActionContext; public class LoginAction extends BaseAction { private static final long serialVersionUID = 2316404862441984223L; private String error; private String lastname; private String message; public String execute() throws Exception { Map<String, ?> session = ActionContext.getContext().getSession(); this.lastname = (String) session.get("SPRING_SECURITY_LAST_USERNAME"); try { Exception e = (Exception)session.get("SPRING_SECURITY_LAST_EXCEPTION"); this.message = e.getMessage(); } catch (Exception e){} if(this.message == null && this.lastname != null) { return SUCCESS; } else { if(this.message !=null) { session.put("SPRING_SECURITY_LAST_EXCEPTION", null); } return INPUT; } } /** * @return the message */ public String getMessage() { return message; } /** * @param message the message to set */ public void setMessage(String message) { this.message = message; } /** * @return the error */ public String getError() { return error; } /** * @param error the error to set */ public void setError(String error) { this.error = error; } /** * @return the lastname */ public String getLastname() { return lastname; } /** * @param lastname the lastname to set */ public void setLastname(String lastname) { this.lastname = lastname; } }
页面采用freemarker整合的login.ftl
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>login page</title> <style type="text/css"> .error { width: 260px;height:40px;padding-top:10px;border: 2px solid red; background-color: yellow;text-align: center; } .login{width: 260px;margin-bottom:10px;border: 1px solid #ccc;border-right: 2px solid #ccc;} .login td{border-bottom: 1px solid #ccc;height:30px;} .input{width:120px;} .title{font-size:14px;} .hide{display:none;} </style> </head> <body> <center> <div class="error <#if !error?exists>hide</#if>"> 用户名或密码错误! <br /> ${message?default("")} </div> <br /> <form action="${base}/j_spring_security_check" method="post"> <table class="login" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="2" align="center"><span class="title">用户登录</span></td> </tr> <tr> <td nowrap="nowrap" align="right">用户名:</td> <td align="left"><input class="input" type="text" name="j_username" value="${lastname?default("")}"/></td> </tr> <tr> <td align="right">密码:</td> <td align="left"><input class="input" type="password" name="j_password" /></td> </tr> <tr> <td> </td> <td nowrap="nowrap" align="left"><input type="checkbox" name="_spring_security_remember_me" />两周之内自动登陆</td> </tr> <tr> <td colspan="2" align="center"> <input type="submit" value="登陆"/> <input type="reset" value="重置"/> </td> </tr> </table> </form> </center> </body> </html>
页面用了sitemesh统一装饰的,所以这里的代码中没有头和尾部分的,具体效果自己调了。