Spring security2 study note 2 (custom data structure and login page)

 

1. Define the data structure (MySQL ):

① Role table:

Create Table 'role '(
'Id' int (11) not null auto_increment,
'Name' varchar (50) not null,
Primary Key ('id ')
) Engine = InnoDB default charset = utf8;

② User table:

Create Table 'user '(
'Id' int (11) not null auto_increment,
'Username' varchar (50) not null default '',
'Password' varchar (50) not null,
'Status' int (11) not null,
Primary Key ('id ')
) Engine = InnoDB default charset = utf8;

Note: status is 1.

③ User Role connection table:

Create Table 'user _ role '(
'User _ id' int (20) default null,
'Role _ id' int (20) default null,
Key 'fk _ user' ('user _ id '),
Key 'fk _ role' ('Role _ id '),
Constraint 'fk _ role' foreign key ('Role _ id') References 'role' ('id '),
Constraint 'fk _ user' foreign key ('user _ id') References 'user' ('id ')
) Engine = InnoDB default charset = utf8;
2. After adding the Hibernate and spring frameworks, applicationcontext. xml:

<? XML version = "1.0" encoding = "UTF-8"?>
<Beans xmlns = "http://www.springframework.org/schema/beans"
Xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance"
Xmlns: Tx = "http://www.springframework.org/schema/tx"
Xsi: schemalocation = "http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<Bean id = "datasource"
Class = "org. Apache. commons. DBCP. basicdatasource">
<Property name = "driverclassname"
Value = "com. MySQL. JDBC. Driver">
</Property>
<Property name = "url" value = "JDBC: mysql: // localhost: 3306/SS"> </property>
<Property name = "username" value = "root"> </property>
<Property name = "password" value = "root"> </property>
</Bean>
<Bean id = "sessionfactory"
Class = "org. springframework. Orm. hibernate3.localsessionfactorybean">
<Property name = "datasource">
<Ref bean = "datasource"> </Ref>
</Property>
<Property name = "hibernateproperties">
<Props>
<Prop key = "hibernate. dialect">
Org. hibernate. dialect. mysqldialect
</Prop>
</Props>
</Property>
<Property name = "mappingresources">
<List>
<Value> SS/model/role. HBM. xml </value>
<Value> SS/model/userrole. HBM. xml </value>
<Value> SS/model/user. HBM. xml </value> </List>
</Property> </bean>
</Beans>

3. Spring Security Configuration File: (applicationContext-Security.xml)

<? XML version = "1.0" encoding = "UTF-8"?>
<Beans: Beans xmlns = "http://www.springframework.org/schema/security"
Xmlns: Beans = "http://www.springframework.org/schema/beans"
Xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance"
Xsi: schemalocation = "http://www.springframework.org/schema/beans
Http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
Http://www.springframework.org/schema/security
Http://www.springframework.org/schema/security/spring-security-2.0.4.xsd>
<Http auto-Config = 'true'>
<Intercept-URL pattern = "/login. jsp" Access = "is_authenticated_anonymously"/>
<Intercept-URL pattern = "/admin. jsp" Access = "role_admin"/>
<Intercept-URL pattern = "/**" Access = "role_user"/>

<! -- Configure the custom login page here -->
<Form-login Login-page = "/login. jsp"
Authentication-failure-url = "/login. jsp? Error = true"
Default-target-url = "/index. jsp"/>
</HTTP>

<Authentication-provider>
<JDBC-user-Service Data-source-ref = "datasource"
Users-by-username-query = "select username, password, status as enabled
From User
Where username =? "
Authorities-by-username-query = "select U. username, R. Name as authority
From user u
Join user_role ur
On U. ID = Ur. user_id
Join role R
On R. ID = Ur. role_id
Where U. Username =? "/>
</Authentication-provider>

 
</Beans: Beans>

Where,

Login-page indicates that the custom login. jsp is displayed when you log on.

 

4. custom login page:

Login. jsp:

<% @ Page Language = "Java" Import = "Java. util. *" pageencoding = "UTF-8" %>
<%
String Path = request. getcontextpath ();
String basepath = request. getscheme () + "://"
+ Request. getservername () + ":" + request. getserverport ()
+ Path + "/";
%>

<! Doctype HTML public "-// W3C // dtd html 4.01 transitional // en">
<HTML>
<Head>
<Base href = "<% = basepath %>">

<Title> my JSP 'login. jsp 'starting page </title>

<Meta http-equiv = "Pragma" content = "no-Cache">
<Meta http-equiv = "cache-control" content = "no-Cache">
<Meta http-equiv = "expires" content = "0">
<Meta http-equiv = "keywords" content = "keyword1, keyword2, keyword3">
<Meta http-equiv = "Description" content = "this is my page">
<! --
<LINK rel = "stylesheet" type = "text/CSS" href = "styles.css">
-->

</Head>

<Body>
<Div class = "error $ {Param. Error = true? '': 'Hide '}">
Login Failed
<Br>
$ {Sessionscope ['spring _ security_last_exception ']. Message}
</Div>
<Form
Action = "$ {pagecontext. Request. contextpath}/j_spring_security_check"
Style = "width: 260px; text-align: center;">
<Fieldset>
<Legend>
Login
</Legend>
User:
<Input type = "text" name = "j_username" style = "width: 150px ;"
Value = "$ {sessionscope ['spring _ security_last_username ']}"/>
<Br/>
Password:
<Input type = "password" name = "j_password" style = "width: 150px;"/>
<Br/>
<Input type = "checkbox" name = "_ spring_security_remember_me"/>
Login not required within two weeks
<Br/>
<Input type = "Submit" value = "login"/>
<Input type = "reset" value = "reset"/>
</Fieldset>
</Form>

</Body>
</Html>

 

Users-by-username-query is used to search for users based on the user name. The system queries the login name, password, and disabled status of the current user by the input user name.

Authorities-by-username-query is the permission for searching by user name. The system queries all permissions granted to the current user by passing in the user name.

Authentication-failure-URL indicates the page to jump to when a user fails to log on. If the login name and password entered by the user are incorrect, the system will jump to/login. jsp again, and add an error = true parameter as the logon Failure identifier.

 

Default-target-URL indicates the page to jump to when logon is successful.