Spring Security Combat Series Spring Security Combat (iv)

In the first three battles, the landing page is provided by the spring security itself, which is obviously not in line with the actual development scenario, and there is no exit and logout button, so in each test, you have to close the browser to cancel the session to clear the effect. a custom page

LOGIN.JSP:

<%@ page language= "java" contenttype= "text/html; Charset=utf-8 "pageencoding=" UTF-8 "%> <%@ taglib uri=" Http://java.sun.com/jsp/jstl/core "prefix=" C "%> <% @ taglib prefix= "th" uri= "Http://www.springframework.org/tags/form"%> <! DOCTYPE html>  
 Description: 1, it is important to note that the form's action is the address to submit the login information, which is defined within the security, while customizing the form, the action of the form should be set to/j_spring_security_check. Note that it is important to use absolute paths to avoid problems that may be caused by pages that are stored on the landing page. 2, J_username, enter the login name of the parameter name, J_password, enter the password parameter name, these two normal circumstances will not be modified. 3, _spring_security_remember_me, select whether to allow automatic login parameter name. This parameter can be set directly to a checkbox, without setting value,spring security will determine whether it is selected, this is also provided within security, only need to configure, do not need to implement. The  two configuration-developed pages  configuration file is as follows: 

<?xml version= "1.0" encoding= "UTF-8"?> <beans:beans xmlns= "http://www.springframework.org/schema/security "Xmlns:beans=" Http://www.springframework.org/schema/beans "xmlns:xsi=" Http://www.w3.org/2001/XM Lschema-instance "xmlns:sec=" http://www.springframework.org/schema/security "xsi:schemalocation= "Http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-be Ans-3.0.xsd Http://www.springframework.org/schema/context Http://www.sprin
                        Gframework.org/schema/context/spring-context-3.1.xsd HTTP://WWW.SPRINGFRAMEWORK.ORG/SCHEMA/TX Http://www.springframework.org/schema/tx/spring-tx-3.0.xsd HTTP://WWW.SPRINGFR Amework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd "


    ; <!--Configure non-filtered resources (static resources and loginsRelated). is to ignore the interception of certain resources, mainly for static resources--Description: 1, Form-login This tag is the configuration landing page, wherein the property Login-page is configured landing page, Default-target-url configuration to jump to the page after the successful landing, Authentication-failure-url Configure the jump page after authentication failed. 2, in the above configuration, landing page must not be intercepted, anyone should be able to access, <intercept-url pattern= "/login.jsp" access= "is_authenticated_anonymously"/ The > configuration means that anonymous user access is allowed, that is, it is accessible without identity, and there is another way to configure it:  

If use-expressns= "true", the expression is changed to Spel. Spel allows the use of specific access control rule expression languages. Unlike simple strings such as Role_user, a configuration file can indicate that an expression language triggers method calls, references system properties, computer values, and so on. The configuration in the HTTP tag is changed to the following:
    Other configurations in the configuration file (such as Applicationcontext.xml, Applicationcontext-datasource.xml, Logback.xml, Datasource.properties) in the previous several blog has a detailed explanation, here will not repeat.
Three other documents 
index.jsp


<%@ page language= "java" contenttype= "text/html; Charset=utf-8 "pageencoding=" UTF-8 "%>
<%@ taglib uri=" Http://java.sun.com/jsp/jstl/core "prefix=" C "%>

<! DOCTYPE html>
 

 This defines two pages, index.jsp users and administrators can access, adminpage.jsp only administrators can access, while two pages have logout button, the logout button to submit the address of the above configuration file address/j_spring_security _logout. Pom.xml is the same as the front, it is not posted here.  Four Results  
 
 When you enter a user name and password for a normal user, and you check for 2 weeks without logging in, Because the adminpage.jsp page to have administrator rights to access, so the ordinary user access failed, index.jsp page can be accessed, then close the page, once again access to resources, because the check 2 weeks without landing, so it can be successfully accessed; But when you click to log out, you will be redirected to the landing page Login to access. 
 when the administrator name and password, check 2 weeks without logging, verification success, jump to index.jsp, while adminpage.jsp can also access, when a page closed and then re-access resources, because check 2 weeks without landing, so you can successfully access; This is the re-access to the resources, it will jump to the landing page, require login to access.