Use spring3 for user logon and permission Authentication

Use spring3 for user logon and permission Authentication

Here I will give a brief introduction to some of the main implementations I will handle during implementation.

1. User Logon

<Form action = "loginaction. do "method =" Post "> <Div class =" Header "> <H2 class =" logo PNG "> </H2> </div> <ul> <li> <label> User Name </label> <input name = "username" type = "text" class = "text"/> </LI> <li/> <li> <label> password </label> <input name = "password" type = "password" class = "text"/> </LI> <li/> <li class = "submits"> <input class = "Submit" type = "Submit" value = "Logon"/> </LI> </ul> <Div class = "Copyright"> 2013-2014 | </div> </form>

The above is the front-end page, and the background is a simple logical implementation:

@ Requestmapping (value = "loginaction. do ", method = requestmethod. post) Public modelandview loginaction (@ requestparam (value = "username") string username, @ requestparam (value = "password") string password, httpsession session, httpservletresponse resp, @ requestparam (value = "savetime", required = false) string savetime) {session. removeattribute (logconstant. login_message); systemuserdatabean user = userdao. getsystemuserbyusername (username); modelandview view = NULL; If (user = NULL) {view = new modelandview (New redirectview ("login.html"); Session. setattribute (logconstant. login_message, "incorrect user name"); Return view;} Boolean ispasswordcorrect = encryptionutil. comparesha (password, user. getPassword (); If (ispasswordcorrect) {session. setattribute (logconstant. CURRENT_USER, username);} else {view = new modelandview (New redirectview ("login.html"); Session. setattribute (logconstant. login_message, "Incorrect password");} return view ;}

2. logon information

Here, there is a piece of JavaScript on the logon page to display incorrect passwords and other information:

<script type="text/javascript">var login_username_info = '<%=request.getSession().getAttribute("currentUser") == null ? "" : request.getSession().getAttribute("currentUser")%>';var login_message_info = '<%=request.getSession().getAttribute("login_message") == null ? "" : request.getSession().getAttribute("login_message")%>';if(login_message_info != null && login_message_info != ''){alert(login_message_info);}</script>

3. Intercept Unlogged-on user requests

Here, dual interception is implemented between the page and the background:

The page code is as follows:

<%if(session.getAttribute("currentUser")==null){%>window.parent.location='login.html';<%}%>

The background is an interceptor (servlet-config.xml ):

<! -- Interceptor --> <MVC: interceptors> <MVC: Interceptor> <MVC: Mapping Path = "/*. do "/> <Bean class =" Com .. log. report. interceptor. accessstatisticsintceptor "/> </MVC: Interceptor> </MVC: interceptors>

The interceptor implementation is

Import Org. springframework. web. servlet. handlerinterceptor; import Org. springframework. web. servlet. modelandview; public class accessstatisticsintceptor implements handlerinterceptor {@ overridepublic void aftercompletion (httpservletrequest arg0, httpservletresponse arg1, object arg2, exception arg3) throws exception {// todo auto-generated method stub} @ overridepublic void posthandle (httpservletrequest ar G0, httpservletresponse arg1, object arg2, modelandview arg3) throws exception {// todo auto-generated method stub} @ overridepublic Boolean prehandle (httpservletrequest request, httpservletresponse response, object OBJ) throws exception {string uri = request. getrequesturi (). substring (request. getrequesturi (). lastindexof ("/") + 1); If (! Authoritycontroller. isauthorized (Uri, request. getsession () {// return false if verification fails; // throw new customexception (logconstant. user_not_login);} return true ;}

The specific verification method is not described based on the user's permissions.

4. Return to the page accessed before Logon

First, add a script on the page and use jquery to access the background.

        var page = "";var loc = decodeURIComponent(window.parent.location);var start = loc.indexOf("Log/") + 8;var end = loc.indexOf(".html");page = loc.substr(start, end-start);if(page != null && page != '') {alert(page);$.ajax({type : "get",url : "setPreviousPageAction.do?previousPage=" + page + ".html",success : function(msg){}});}

Then, the background record this page:

@RequestMapping(value="setPreviousPageAction.do")public void setPreviousPageAction(@RequestParam(value="previousPage") String previousPage, HttpSession session){    session.setAttribute(LogConstant.PREVIOUS_PAGE, previousPage);}

After logging on, return to this page.
5. Save the user name and password

The login page provides a save drop-down box:

<Select class = "save_login" id = "savetime" name = "savetime"> <option selected value = "0"> not saved </option> <option value = "1"> save for one day </option> <option value = "2"> save for one year </option> <option value = "3"> save for one year </option> </SELECT>

The background will operate upon logon and save the information in the cookie:

If (savetime! = NULL) {// Save the user in cookieint savetime_value = savetime! = NULL? Integer. valueof (savetime): 0; int time = 0; If (savetime_value = 1) {// remember the day time = 60*60*24 ;} else if (savetime_value = 2) {// remember January time = 60*60*24*30;} else if (savetime_value = 2) {// remember the time of the year = 60*60*24*365;} cookie cid = new cookie (logconstant. log_username, username); CID. setmaxage (time); cookie CPWD = new cookie (logconstant. log_password, password); CPWD. setmaxage (time); resp. addcookie (CID); resp. addcookie (CPWD );}

When the front-end finds that the user has not logged on, it will take out the data in the cookie to log on:

if(session.getAttribute("currentUser")==null){Cookie[] cookies = request.getCookies();String username = null;String password = null;for(Cookie cookie : cookies) {if(cookie.getName().equals("log_username")) {username = cookie.getValue();} else if(cookie.getName().equals("log_password")) {password = cookie.getValue();}}if(username != null && password != null) {%>$.ajax({type : "post",url : "loginByCookieAction.do",data:"username=" + "<%=username%>"+ "&password=" + "<%=password%>",success : function(msg){if(msg.status == 'success')window.parent.location.reload();else if(msg.status == 'failed')gotoLoginPage();}});<%} else {%>gotoLoginPage();<%}...

The above lists the methods for solving logon problems. The code is a little long and not all of them are listed.