一、定義資料結構(mysql):
①角色表:
CREATE TABLE `role` (
`id` int(11) NOT NULL auto_increment,
`name` varchar(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
②使用者表:
CREATE TABLE `user` (
`id` int(11) NOT NULL auto_increment,
`username` varchar(50) NOT NULL default '',
`password` varchar(50) NOT NULL,
`status` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
註:status為1才有效
③使用者角色串連表:
CREATE TABLE `user_role` (
`user_id` int(20) default NULL,
`role_id` int(20) default NULL,
KEY `FK_user` (`user_id`),
KEY `FK_role` (`role_id`),
CONSTRAINT `FK_role` FOREIGN KEY (`role_id`) REFERENCES `role` (`id`),
CONSTRAINT `FK_user` FOREIGN KEY (`user_id`) REFERENCES `user` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
二、添加hibernate、spring架構後,applicationContext.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<bean id="dataSource"
class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName"
value="com.mysql.jdbc.Driver">
</property>
<property name="url" value="jdbc:mysql://localhost:3306/ss"></property>
<property name="username" value="root"></property>
<property name="password" value="root"></property>
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
<property name="dataSource">
<ref bean="dataSource"></ref>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">
org.hibernate.dialect.MySQLDialect
</prop>
</props>
</property>
<property name="mappingResources">
<list>
<value>ss/model/Role.hbm.xml</value>
<value>ss/model/UserRole.hbm.xml</value>
<value>ss/model/User.hbm.xml</value></list>
</property></bean>
</beans>
三、spring security設定檔:(applicationContext-Security.xml)
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
<http auto-config='true'>
<intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />
<!——此處配置自訂登陸頁面——>
<form-login login-page="/login.jsp"
authentication-failure-url="/login.jsp?error=true"
default-target-url="/index.jsp" />
</http>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,status as enabled
from user
where username=?"
authorities-by-username-query="select u.username,r.name as authority
from user u
join user_role ur
on u.id=ur.user_id
join role r
on r.id=ur.role_id
where u.username=?"/>
</authentication-provider>
</beans:beans>
其中,
login-page表示使用者登陸時顯示我們自訂的login.jsp。
四、自訂的登陸頁面:
login.jsp:
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme() + "://"
+ request.getServerName() + ":" + request.getServerPort()
+ path + "/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'login.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<div class="error ${param.error == true ? '' : 'hide'}">
登陸失敗
<br>
${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message}
</div>
<form
action="${pageContext.request.contextPath}/j_spring_security_check"
style="width: 260px; text-align: center;">
<fieldset>
<legend>
登陸
</legend>
使用者:
<input type="text" name="j_username" style="width: 150px;"
value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}" />
<br />
密碼:
<input type="password" name="j_password" style="width: 150px;" />
<br />
<input type="checkbox" name="_spring_security_remember_me" />
兩周之內不必登陸
<br />
<input type="submit" value="登陸" />
<input type="reset" value="重設" />
</fieldset>
</form>
</body>
</html>
users-by-username-query為根據使用者名稱尋找使用者,系統通過傳入的使用者名稱查詢目前使用者的登入名稱,密碼和是否被禁用這一狀態。
authorities-by-username-query為根據使用者名稱尋找許可權,系統通過傳入的使用者名稱查詢目前使用者已被授予的所有許可權。
authentication-failure-url表示使用者登陸失敗時,跳轉到哪個頁面。當使用者輸入的登入名稱和密碼不正確時,系統將再次跳轉到/login.jsp,並添加一個error=true參數作為登陸失敗的標示。
default-target-url表示登陸成功時,跳轉到哪個頁面。