spring security2学习笔记二(自定义数据结构及登陆页面)
2011-01-23 21:02
696 查看
一、定义数据结构(mysql):
①角色表:
CREATE TABLE `role` (
`id` int(11) NOT NULL auto_increment,
`name` varchar(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
②用户表:
CREATE TABLE `user` (
`id` int(11) NOT NULL auto_increment,
`username` varchar(50) NOT NULL default '',
`password` varchar(50) NOT NULL,
`status` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
注:status为1才有效
③用户角色连接表:
CREATE TABLE `user_role` (
`user_id` int(20) default NULL,
`role_id` int(20) default NULL,
KEY `FK_user` (`user_id`),
KEY `FK_role` (`role_id`),
CONSTRAINT `FK_role` FOREIGN KEY (`role_id`) REFERENCES `role` (`id`),
CONSTRAINT `FK_user` FOREIGN KEY (`user_id`) REFERENCES `user` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
二、添加hibernate、spring框架后,applicationContext.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<bean id="dataSource"
class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName"
value="com.mysql.jdbc.Driver">
</property>
<property name="url" value="jdbc:mysql://localhost:3306/ss"></property>
<property name="username" value="root"></property>
<property name="password" value="root"></property>
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
<property name="dataSource">
<ref bean="dataSource"></ref>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">
org.hibernate.dialect.MySQLDialect
</prop>
</props>
</property>
<property name="mappingResources">
<list>
<value>ss/model/Role.hbm.xml</value>
<value>ss/model/UserRole.hbm.xml</value>
<value>ss/model/User.hbm.xml</value></list>
</property></bean>
</beans>
三、spring security配置文件:(applicationContext-Security.xml)
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
<http auto-config='true'>
<intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />
<!——此处配置自定义登陆页面——>
<form-login login-page="/login.jsp"
authentication-failure-url="/login.jsp?error=true"
default-target-url="/index.jsp" />
</http>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,status as enabled
from user
where username=?"
authorities-by-username-query="select u.username,r.name as authority
from user u
join user_role ur
on u.id=ur.user_id
join role r
on r.id=ur.role_id
where u.username=?"/>
</authentication-provider>
</beans:beans>
其中,
login-page表示用户登陆时显示我们自定义的login.jsp。
四、自定义的登陆页面:
login.jsp:
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme() + "://"
+ request.getServerName() + ":" + request.getServerPort()
+ path + "/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'login.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<div class="error ${param.error == true ? '' : 'hide'}">
登陆失败
<br>
${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message}
</div>
<form
action="${pageContext.request.contextPath}/j_spring_security_check"
style="width: 260px; text-align: center;">
<fieldset>
<legend>
登陆
</legend>
用户:
<input type="text" name="j_username" style="width: 150px;"
value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}" />
<br />
密码:
<input type="password" name="j_password" style="width: 150px;" />
<br />
<input type="checkbox" name="_spring_security_remember_me" />
两周之内不必登陆
<br />
<input type="submit" value="登陆" />
<input type="reset" value="重置" />
</fieldset>
</form>
</body>
</html>
users-by-username-query为根据用户名查找用户,系统通过传入的用户名查询当前用户的登录名,密码和是否被禁用这一状态。
authorities-by-username-query为根据用户名查找权限,系统通过传入的用户名查询当前用户已被授予的所有权限。
authentication-failure-url表示用户登陆失败时,跳转到哪个页面。当用户输入的登录名和密码不正确时,系统将再次跳转到/login.jsp,并添加一个error=true参数作为登陆失败的标示。
default-target-url表示登陆成功时,跳转到哪个页面。
①角色表:
CREATE TABLE `role` (
`id` int(11) NOT NULL auto_increment,
`name` varchar(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
②用户表:
CREATE TABLE `user` (
`id` int(11) NOT NULL auto_increment,
`username` varchar(50) NOT NULL default '',
`password` varchar(50) NOT NULL,
`status` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
注:status为1才有效
③用户角色连接表:
CREATE TABLE `user_role` (
`user_id` int(20) default NULL,
`role_id` int(20) default NULL,
KEY `FK_user` (`user_id`),
KEY `FK_role` (`role_id`),
CONSTRAINT `FK_role` FOREIGN KEY (`role_id`) REFERENCES `role` (`id`),
CONSTRAINT `FK_user` FOREIGN KEY (`user_id`) REFERENCES `user` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
二、添加hibernate、spring框架后,applicationContext.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<bean id="dataSource"
class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName"
value="com.mysql.jdbc.Driver">
</property>
<property name="url" value="jdbc:mysql://localhost:3306/ss"></property>
<property name="username" value="root"></property>
<property name="password" value="root"></property>
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
<property name="dataSource">
<ref bean="dataSource"></ref>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">
org.hibernate.dialect.MySQLDialect
</prop>
</props>
</property>
<property name="mappingResources">
<list>
<value>ss/model/Role.hbm.xml</value>
<value>ss/model/UserRole.hbm.xml</value>
<value>ss/model/User.hbm.xml</value></list>
</property></bean>
</beans>
三、spring security配置文件:(applicationContext-Security.xml)
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
<http auto-config='true'>
<intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />
<!——此处配置自定义登陆页面——>
<form-login login-page="/login.jsp"
authentication-failure-url="/login.jsp?error=true"
default-target-url="/index.jsp" />
</http>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,status as enabled
from user
where username=?"
authorities-by-username-query="select u.username,r.name as authority
from user u
join user_role ur
on u.id=ur.user_id
join role r
on r.id=ur.role_id
where u.username=?"/>
</authentication-provider>
</beans:beans>
其中,
login-page表示用户登陆时显示我们自定义的login.jsp。
四、自定义的登陆页面:
login.jsp:
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme() + "://"
+ request.getServerName() + ":" + request.getServerPort()
+ path + "/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'login.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<div class="error ${param.error == true ? '' : 'hide'}">
登陆失败
<br>
${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message}
</div>
<form
action="${pageContext.request.contextPath}/j_spring_security_check"
style="width: 260px; text-align: center;">
<fieldset>
<legend>
登陆
</legend>
用户:
<input type="text" name="j_username" style="width: 150px;"
value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}" />
<br />
密码:
<input type="password" name="j_password" style="width: 150px;" />
<br />
<input type="checkbox" name="_spring_security_remember_me" />
两周之内不必登陆
<br />
<input type="submit" value="登陆" />
<input type="reset" value="重置" />
</fieldset>
</form>
</body>
</html>
users-by-username-query为根据用户名查找用户,系统通过传入的用户名查询当前用户的登录名,密码和是否被禁用这一状态。
authorities-by-username-query为根据用户名查找权限,系统通过传入的用户名查询当前用户已被授予的所有权限。
authentication-failure-url表示用户登陆失败时,跳转到哪个页面。当用户输入的登录名和密码不正确时,系统将再次跳转到/login.jsp,并添加一个error=true参数作为登陆失败的标示。
default-target-url表示登陆成功时,跳转到哪个页面。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- OBIEE自定义登陆和注销页面
- 让CAS支持客户端自定义登陆页面
- goahead 的认证和自定义登陆页面的cookie使用
- Drupal 6 自定义用户登陆、注册页面
- goahead 的认证和自定义登陆页面的cookie使用
- 自定义Sharepoint的登陆页面
- 第 4 章 自定义登陆页面
- DotNetNuke开发——自定义登陆页面
- 【转】goahead 的认证和自定义登陆页面的cookie使用
- 第 4 章 自定义登陆页面
- [翻译]自定义Sharepoint的登陆页面
- Django里自定义用户登陆及登陆后跳转到登陆前页面的实现
- 自定义Sharepoint的登陆页面
- 让CAS支持客户端自定义登陆页面——原理篇
- 自定义Sharepoint的登陆页面
- 让CAS支持客户端自定义登陆页面
- [翻译]自定义Sharepoint的登陆页面
- 改造CAS单点登录 --- 自定义登陆页面(客户端)
- Spring Security 自定义登陆页面报HTTP Status 403 - Invalid CSRF Token 'null' was found on the request paramet
- 让CAS支持客户端自定义登陆页面——服务器篇