欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

struts2中Spring Security 自定义登陆页面的实现

程序员文章站 2022-07-14 20:17:49
...

Spring Security默认提供了一个登陆页面,但是这个页面实在太简陋了,实际开发时必须实现自定义的登录页面。

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

	<http auto-config="true">
		<intercept-url pattern="/images/**" filters="none" />
		<intercept-url pattern="/styles/**" filters="none" />
		<intercept-url pattern="/scripts/**" filters="none" />
		<intercept-url pattern="/coos/**" filters="none" />
		<intercept-url pattern="/common/**" filters="none" />
		<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
		<intercept-url pattern="/ssq/**" access="ROLE_ADMIN,ROLE_EDITOR" />
		<intercept-url pattern="/browser/**" access="ROLE_ADMIN,ROLE_EDITOR,ROLE_USER" />
		<intercept-url pattern="/**" access="ROLE_ADMIN,ROLE_EDITOR,ROLE_USER" />

		<intercept-url pattern="/login.action" filters="none" />
		<form-login login-page="/login.action" authentication-failure-url="/login.action?error=true" default-target-url="/" />
		<logout />
		<remember-me user-service-ref="userDetailsService" />
	</http>


	<authentication-provider user-service-ref="userDetailsService">
		<password-encoder hash="plaintext" />
	</authentication-provider>

	<beans:bean id="userDetailsService"
		class="com.coos.ssq.service.impl.UserDetailsServiceLocalImpl">
		<beans:property name="userManager" ref="userManager" />
	</beans:bean>

	<beans:bean id="passwordEncoder"
		class="org.springframework.security.providers.encoding.Md5PasswordEncoder">
	</beans:bean>

</beans:beans>

 

<intercept-url pattern="/login.action" filters="none" />
让没登陆的用户也可以访问login.action。
这是因为配置文件中的“/**”配置,要求用户访问任意一个系统资源时,
必须拥有ROLE_ADMIN,ROLE_EDITOR,ROLE_USER角色中的一种,/login.action也不例外。
当然可以吧login.action放到入common等不需要过滤的url路径(命名空间)下

 

<form-login login-page="/login.action" authentication-failure-url="/login.action?error=true" default-target-url="/" />
login-page表示用户登陆时显示我们自定义的login.action对应的页面。
authentication-failure-url表示用户登陆失败时,跳转到哪个action。
当用户输入的登录名和密码不正确时,系统将再次跳转到/login.action,并添加一个error=true参数作为登陆失败的标示。
default-target-url表示登陆成功时,跳转的url。

 

struts2的配置

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
    "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
    "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
	<package name="default" extends="struts-default">
		<global-results>
			<result name="error" type="freemarker">/common/action_error.ftl</result>
		</global-results>
		
		<action name="login" class="com.coos.ssq.action.LoginAction">
			<result name="input" type="freemarker">/common/login.ftl</result>
			<result name="success"  type="redirect">/</result>
		</action>

	</package>

</struts>

 

loginAction的代码:

package com.coos.ssq.action;

import java.util.Map;
import com.opensymphony.xwork2.ActionContext;

public class LoginAction extends BaseAction
{
	private static final long serialVersionUID = 2316404862441984223L;
	private String error;
	private String lastname;
	private String message;
	
	public String execute() throws Exception
	{
		Map<String, ?> session = ActionContext.getContext().getSession();
		this.lastname = (String) session.get("SPRING_SECURITY_LAST_USERNAME");
		try
		{
			Exception e = (Exception)session.get("SPRING_SECURITY_LAST_EXCEPTION");
			this.message = e.getMessage();
		}
		catch (Exception e){}
		
		if(this.message == null && this.lastname != null)
		{
			return SUCCESS;
		}
		else
		{
			if(this.message !=null)
			{
				session.put("SPRING_SECURITY_LAST_EXCEPTION", null);
			}
			return INPUT;
		}
		
	}
	
	/**
	 * @return the message
	 */
	public String getMessage()
	{
		return message;
	}

	/**
	 * @param message the message to set
	 */
	public void setMessage(String message)
	{
		this.message = message;
	}

	/**
	 * @return the error
	 */
	public String getError()
	{
		return error;
	}

	/**
	 * @param error the error to set
	 */
	public void setError(String error)
	{
		this.error = error;
	}

	/**
	 * @return the lastname
	 */
	public String getLastname()
	{
		return lastname;
	}

	/**
	 * @param lastname the lastname to set
	 */
	public void setLastname(String lastname)
	{
		this.lastname = lastname;
	}

	
}

 

 

页面采用freemarker整合的login.ftl

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>login page</title>
	<style type="text/css">
        .error
        {
		    width: 260px;height:40px;padding-top:10px;border: 2px solid red;
		    background-color: yellow;text-align: center;
		}
		.login{width: 260px;margin-bottom:10px;border: 1px solid #ccc;border-right: 2px solid #ccc;}
		.login td{border-bottom: 1px solid #ccc;height:30px;}
		.input{width:120px;}
		.title{font-size:14px;}
        .hide{display:none;}
    </style>
</head>
<body>
<center>
	<div class="error <#if !error?exists>hide</#if>">
	  用户名或密码错误!
	  <br />
	  ${message?default("")}
	  
	  
	</div>
	<br />

<form action="${base}/j_spring_security_check" method="post">
	<table class="login" border="0" cellpadding="0" cellspacing="0">
	  <tr>
	    <td colspan="2" align="center"><span class="title">用户登录</span></td>
	  </tr>
	  <tr>
	    <td nowrap="nowrap" align="right">用户名:</td>
	    <td align="left"><input class="input" type="text" name="j_username" value="${lastname?default("")}"/></td>
	  </tr>
	  <tr>
	    <td align="right">密码:</td>
	    <td align="left"><input class="input" type="password" name="j_password" /></td>
	  </tr>
	  <tr>
	    <td>&nbsp;</td>
	    <td nowrap="nowrap" align="left"><input type="checkbox" name="_spring_security_remember_me" />两周之内自动登陆</td>
	  </tr>
	  <tr>
	    <td colspan="2" align="center">
	    	<input type="submit" value="登陆"/>
		    <input type="reset" value="重置"/>
	    </td>
	  </tr>
	</table>
</form>
</center>

</body>
</html>

  

页面用了sitemesh统一装饰的,所以这里的代码中没有头和尾部分的,具体效果自己调了。