使用spring3 实现用户登录以及权限认证
这里我就简单介绍一下,我在实现的时候处理的一些主要的实现。
1.用户登录
<form action="loginaction.do" method="post">
<div class="header">
<h2 class="logo png"></h2>
</div>
<ul>
<li><label>用户名</label><input name="username" type="text" class="text"/></li>
<li/>
<li><label>密 码</label><input name="password" type="password" class="text" /></li>
<li/>
<li class="submits">
<input class="submit" type="submit" value="登录" />
</li>
</ul>
<div class="copyright">© 2013 - 2014 |</div>
</form>
以上是前台页面,后台的就是一个简单的逻辑实现:
@requestmapping(value="loginaction.do", method=requestmethod.post)
public modelandview loginaction(@requestparam(value="username") string username, @requestparam(value="password") string password, httpsession session, httpservletresponse resp, @requestparam(value="savetime", required=false) string savetime) {
session.removeattribute(logconstant.login_message);
systemuserdatabean user = userdao.getsystemuserbyusername(username);
modelandview view = null;
if(user == null) {
view = new modelandview(new redirectview("login.html"));
session.setattribute(logconstant.login_message, "用户名不正确");
return view;
}
boolean ispasswordcorrect = encryptionutil.comparesha(password, user.getpassword());
if(ispasswordcorrect){
session.setattribute(logconstant.current_user, username);
} else{
view = new modelandview(new redirectview("login.html"));
session.setattribute(logconstant.login_message, "密码不正确");
}
return view;
}
2.登录信息
这里,在登录页面有一段javascript,来显示密码错误等信息:
<script type="text/javascript">
var login_username_info = '<%=request.getsession().getattribute("currentuser") == null ? "" : request.getsession().getattribute("currentuser")%>';
var login_message_info = '<%=request.getsession().getattribute("login_message") == null ? "" : request.getsession().getattribute("login_message")%>';
if(login_message_info != null && login_message_info != ''){
alert(login_message_info);
}
</script>
3.拦截未登录用户的请求
这里,从页面和后台实现了双重拦截:
页面代码如下:
<%
if(session.getattribute("currentuser")==null){
%>
window.parent.location='login.html';
<%
}
%>
后台是一个拦截器(servlet-config.xml):
<!-- 拦截器 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/*.do" />
<bean class="com..log.report.interceptor.accessstatisticsintceptor" />
</mvc:interceptor>
</mvc:interceptors>
拦截器的实现是
import org.springframework.web.servlet.handlerinterceptor;
import org.springframework.web.servlet.modelandview;
public class accessstatisticsintceptor implements handlerinterceptor {
@override
public void aftercompletion(httpservletrequest arg0,
httpservletresponse arg1, object arg2, exception arg3)
throws exception {
// todo auto-generated method stub
}
@override
public void posthandle(httpservletrequest arg0, httpservletresponse arg1,
object arg2, modelandview arg3) throws exception {
// todo auto-generated method stub
}
@override
public boolean prehandle(httpservletrequest request, httpservletresponse response,
object obj) throws exception {
string uri = request.getrequesturi().substring(request.getrequesturi().lastindexof("/") +1);
if(!authoritycontroller.isauthorized(uri, request.getsession())) {
//校验失败
return false;
// throw new customexception(logconstant.user_not_login);
}
return true;
}
具体如何校验的,会根据用户的权限,就不介绍了
4.返回未登录前访问的页面
首先在页面添加一段脚本,使用jquery去访问后台
var page = "";
var loc = decodeuricomponent(window.parent.location);
var start = loc.indexof("log/") + 8;
var end = loc.indexof(".html");
page = loc.substr(start, end-start);
if(page != null && page != '') {
alert(page);
$.ajax({
type : "get",
url : "setpreviouspageaction.do?previouspage=" + page + ".html",
success : function(msg){
}
});
}
然后,后台有记录这个页面:
@requestmapping(value="setpreviouspageaction.do")
public void setpreviouspageaction(@requestparam(value="previouspage") string previouspage, httpsession session){
session.setattribute(logconstant.previous_page, previouspage);
}
在登录完成后,返回这个页面即可。
5.保存用户名密码
登录页面提供一个保存下拉框:
<select class="save_login" id="savetime" name="savetime">
<option selected value="0">不保存</option>
<option value="1">保存一天</option>
<option value="2">保存一月</option>
<option value="3">保存一年</option>
</select>
后台在登录时会操作,将信息保存在cookie中:
if(savetime != null) { //保存用户在cookie
int savetime_value = savetime != null ? integer.valueof(savetime) : 0;
int time = 0;
if(savetime_value == 1) { //记住一天
time = 60 * 60 * 24;
} else if(savetime_value == 2) { //记住一月
time = 60 * 60 * 24 * 30;
} else if(savetime_value == 2) { //记住一年
time = 60 * 60 * 24 * 365;
}
cookie cid = new cookie(logconstant.log_username, username);
cid.setmaxage(time);
cookie cpwd = new cookie(logconstant.log_password, password);
cpwd.setmaxage(time);
resp.addcookie(cid);
resp.addcookie(cpwd);
}
前台在发现用户未登录时,会取出cookie中的数据去登录:
if(session.getattribute("currentuser")==null){
cookie[] cookies = request.getcookies();
string username = null;
string password = null;
for(cookie cookie : cookies) {
if(cookie.getname().equals("log_username")) {
username = cookie.getvalue();
} else if(cookie.getname().equals("log_password")) {
password = cookie.getvalue();
}
}
if(username != null && password != null) {
%>
$.ajax({
type : "post",
url : "loginbycookieaction.do",
data:"username=" + "<%=username%>"+ "&password=" + "<%=password%>",
success : function(msg){
if(msg.status == 'success')
window.parent.location.reload();
else if(msg.status == 'failed')
gotologinpage();
}
});
<%
} else {
%>
gotologinpage();
<%
}
...
以上就列出了我在解决登录相关问题的方法,代码有点长,就没有全部列出。