首页 诗词 字典 板报 句子 名言 友答 励志 学校 网站地图
当前位置: 首页 > 教程频道 > 开发语言 > 编程 >

安全管理1

2012-10-15 
安全管理一今天要讲的内容:简单列子自定义登录界面数据库管理权限(系统默认)IS_AUTHENTICATED_ANONYMOUSLY

安全管理一

今天要讲的内容:

简单列子自定义登录界面数据库管理权限(系统默认)IS_AUTHENTICATED_ANONYMOUSLY与IS_AUTHENTICATED_FULLYlogin.jsp增加登录失败提示信息

一:简单列子

?? 第一步jar包准备

?????????
安全管理1
?

? 第二步在web.xml中配置过滤器

<filter>        <filter-name>springSecurityFilterChain</filter-name>        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping>      <filter-name>springSecurityFilterChain</filter-name>      <url-pattern>/*</url-pattern></filter-mapping>

??第三步.配置applicationContext-security.xml

?? 

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"    xmlns:ss="http://www.springframework.org/schema/security"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"                         default-autowire="byType"><ss:http auto-config="true">    <ss:intercept-url pattern="/**" access="ROLE_ADMIN,ROLE_USER"/></ss:http><ss:authentication-provider><ss:user-service><ss:user password="admin" name="admin" authorities="ROLE_ADMIN"/><ss:user password="user" name="user" authorities="ROLE_USER"/></ss:user-service></ss:authentication-provider></beans>

??

?

二:自定义登录界面

? 第一步新建login.jsp

??? 注意以下几点:action路径,用户名与密码,下面用红色标出来了

    ?? <form id="loginForm" name="loginForm" action="${path}/j_spring_security_check" method="post">?? <input type='text' name='j_username'/>??<input type='password' name='j_password'? size="16"/>

?第二步修改applicationContext-security.xml

?? 

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"    xmlns:ss="http://www.springframework.org/schema/security"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"                         default-autowire="byType"><ss:http auto-config="true">      <ss:intercept-url pattern="/login.action" filters="none"/>      <ss:intercept-url pattern="/**" access="ROLE_ADMIN,ROLE_USER"/>      <ss:form-loginlogin-page="/login.action"authentication-failure-url="/login.action?error=true"default-target-url="/"  <!-- default-target-url登录成功页  /代表系统默认路径 -->  always-use-default-target="true"              /></ss:http><ss:authentication-provider><ss:user-service><ss:user password="admin" name="admin" authorities="ROLE_ADMIN"/><ss:user password="user" name="user" authorities="ROLE_USER"/></ss:user-service></ss:authentication-provider>

?

?

三:用spring security提供的默认数据库实现简单的权限控制

?

?

1.根据数据据脚本创建数据表

create table users(    username varchar2(50) not null,    password varchar2(50) not null,    enabled char(1) not null);create table authorities (    username varchar2(50) not null,    authority varchar2(50) not null);insert into users(username,password,enabled) values('admin','admin','1');insert into users(username,password,enabled) values('user','user','1');insert into authorities(username,authority) values('admin','ROLE_ADMIN');insert into authorities(username,authority) values('admin','ROLE_USER');insert into authorities(username,authority) values('user','ROLE_USER');

?

2.修改applicationContext-security.xml

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"    xmlns:ss="http://www.springframework.org/schema/security"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"                         default-autowire="byType"><ss:http auto-config="true">            <ss:intercept-url pattern="/login.action" filters="none"/>      <ss:intercept-url pattern="/**" access="ROLE_ADMIN,ROLE_USER"/>      <ss:form-loginlogin-page="/login.action"authentication-failure-url="/login.action?error=true"default-target-url="/"  <!-- default-target-url登录成功页  /代表系统默认路径 -->  always-use-default-target="true"              /></ss:http><!--<ss:authentication-provider><ss:user-service><ss:user password="admin" name="admin" authorities="ROLE_ADMIN"/><ss:user password="user" name="user" authorities="ROLE_USER"/></ss:user-service></ss:authentication-provider>--><ss:authentication-provider><ss:jdbc-user-service data-source-ref="dataSource"/></ss:authentication-provider><!--用spring security自带的表结构 USERS AUTHORITIES       dataSource是自己配置的数据源--></beans>

?

?

四:?IS_AUTHENTICATED_ANONYMOUSLY与IS_AUTHENTICATED_FULLY

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"    xmlns:ss="http://www.springframework.org/schema/security"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"                         default-autowire="byType"><ss:http auto-config="true">      <ss:intercept-url pattern="/common/**" filters="none"/>      <ss:intercept-url pattern="/css/**" filters="none"/>      <ss:intercept-url pattern="/images/**" filters="none"/>      <ss:intercept-url pattern="/js/**" filters="none"/>       <!--  取消对css,js等资源的拦截-->      <!--<ss:intercept-url pattern="/login.action" filters="none"/>-->      <ss:intercept-url pattern="/login.action" access="IS_AUTHENTICATED_ANONYMOUSLY"/>           <!--login.action 不进行拦截  IS_AUTHENTICATED_ANONYMOUSLY匿名登录权限 -->      <ss:intercept-url pattern="/company/company.action" access="ROLE_ADMIN"/>      <ss:intercept-url pattern="/dept/dept.action" access="ROLE_USER"/>      <!--<ss:intercept-url pattern="/**" access="ROLE_ADMIN,ROLE_USER"/>-->    <  ss:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>     IS_AUTHENTICATED_FULLY 只要登录了,都可以访问      <ss:form-loginlogin-page="/login.action"authentication-failure-url="/login.action?error=true"default-target-url="/"  <!-- default-target-url登录成功页  /代表系统默认路径 -->  always-use-default-target="true"              /></ss:http><!--<ss:authentication-provider><ss:user-service><ss:user password="admin" name="admin" authorities="ROLE_ADMIN"/><ss:user password="user" name="user" authorities="ROLE_USER"/></ss:user-service></ss:authentication-provider>--><ss:authentication-provider><ss:jdbc-user-service data-source-ref="dataSource"/></ss:authentication-provider><!--用spring security自带的表结构 USERS AUTHORITIES       dataSource是自己配置的数据源--></beans>

?

??

?五:login.jsp增加登录失败提示信息

<%if (session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY) != null) {%><span style="color:red"> 登录失败,请重试.</span><%}%>

??

读书人精选
热点排行