spring security2學習筆記二(自訂資料結構及登陸頁面)

來源:互聯網
上載者:User

 

一、定義資料結構(mysql):

      ①角色表:

      CREATE TABLE `role` (
      `id` int(11) NOT NULL auto_increment,
      `name` varchar(50) NOT NULL,
      PRIMARY KEY  (`id`)
       ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

      ②使用者表:

      CREATE TABLE `user` (
      `id` int(11) NOT NULL auto_increment,
      `username` varchar(50) NOT NULL default '',
      `password` varchar(50) NOT NULL,
      `status` int(11) NOT NULL,
      PRIMARY KEY  (`id`)
       ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

       註:status為1才有效

       ③使用者角色串連表:

       CREATE TABLE `user_role` (
       `user_id` int(20) default NULL,
       `role_id` int(20) default NULL,
       KEY `FK_user` (`user_id`),
       KEY `FK_role` (`role_id`),
       CONSTRAINT `FK_role` FOREIGN KEY (`role_id`) REFERENCES `role` (`id`),
       CONSTRAINT `FK_user` FOREIGN KEY (`user_id`) REFERENCES `user` (`id`)
        ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
二、添加hibernate、spring架構後,applicationContext.xml:

     
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:tx="http://www.springframework.org/schema/tx"
 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
 <bean id="dataSource"
  class="org.apache.commons.dbcp.BasicDataSource">
  <property name="driverClassName"
   value="com.mysql.jdbc.Driver">
  </property>
  <property name="url" value="jdbc:mysql://localhost:3306/ss"></property>
  <property name="username" value="root"></property>
  <property name="password" value="root"></property>
 </bean>
 <bean id="sessionFactory"
  class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
  <property name="dataSource">
   <ref bean="dataSource"></ref>
  </property>
  <property name="hibernateProperties">
   <props>
    <prop key="hibernate.dialect">
     org.hibernate.dialect.MySQLDialect
    </prop>
   </props>
  </property>
  <property name="mappingResources">
   <list>
    <value>ss/model/Role.hbm.xml</value>
    <value>ss/model/UserRole.hbm.xml</value>
    <value>ss/model/User.hbm.xml</value></list>
  </property></bean>
 </beans>

三、spring security設定檔:(applicationContext-Security.xml)

     <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
 <http auto-config='true'>
  <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
  <intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />
  <intercept-url pattern="/**" access="ROLE_USER" />

   <!——此處配置自訂登陸頁面——>
<form-login login-page="/login.jsp"
                authentication-failure-url="/login.jsp?error=true"
                default-target-url="/index.jsp" />
 </http>

 <authentication-provider>
  <jdbc-user-service data-source-ref="dataSource"
  users-by-username-query="select username,password,status as enabled
                                         from user
                                        where username=?"
            authorities-by-username-query="select u.username,r.name as authority
                                             from user u
                                             join user_role ur
                                               on u.id=ur.user_id
                                             join role r
                                               on r.id=ur.role_id
                                            where u.username=?"/>
 </authentication-provider>

 
</beans:beans>

其中,

login-page表示使用者登陸時顯示我們自訂的login.jsp。

 

 四、自訂的登陸頁面:

login.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%
 String path = request.getContextPath();
 String basePath = request.getScheme() + "://"
   + request.getServerName() + ":" + request.getServerPort()
   + path + "/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
 <head>
  <base href="<%=basePath%>">

  <title>My JSP 'login.jsp' starting page</title>

  <meta http-equiv="pragma" content="no-cache">
  <meta http-equiv="cache-control" content="no-cache">
  <meta http-equiv="expires" content="0">
  <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
  <meta http-equiv="description" content="This is my page">
  <!--
 <link rel="stylesheet" type="text/css" href="styles.css">
 -->

 </head>

 <body>
  <div class="error ${param.error == true ? '' : 'hide'}">
   登陸失敗
   <br>
   ${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message}
  </div>
  <form
   action="${pageContext.request.contextPath}/j_spring_security_check"
   style="width: 260px; text-align: center;">
   <fieldset>
    <legend>
     登陸
    </legend>
    使用者:
    <input type="text" name="j_username" style="width: 150px;"
     value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}" />
    <br />
    密碼:
    <input type="password" name="j_password" style="width: 150px;" />
    <br />
    <input type="checkbox" name="_spring_security_remember_me" />
    兩周之內不必登陸
    <br />
    <input type="submit" value="登陸" />
    <input type="reset" value="重設" />
   </fieldset>
  </form>

 </body>
</html>

 

users-by-username-query為根據使用者名稱尋找使用者,系統通過傳入的使用者名稱查詢目前使用者的登入名稱,密碼和是否被禁用這一狀態。

authorities-by-username-query為根據使用者名稱尋找許可權,系統通過傳入的使用者名稱查詢目前使用者已被授予的所有許可權。

authentication-failure-url表示使用者登陸失敗時,跳轉到哪個頁面。當使用者輸入的登入名稱和密碼不正確時,系統將再次跳轉到/login.jsp,並添加一個error=true參數作為登陸失敗的標示。

 

default-target-url表示登陸成功時,跳轉到哪個頁面。

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.