Python 处理 Excel
2012-08-21 16:51
399 查看
一、搞定acegi时要注意的几个地方:
1、用户注册和删除用户时清除缓存中对应该用户的相关信息。
2、登录时附加验证码等信息的扩展以及注意密码加密方式。
3、角色表中新增的角色名必须要与配置文件中设置的匹配,否则无效。
4、设置成Method类型的资源,必须在有至少一个角色给予赋值后,其它未赋予改资源的角色才会受访问权的限制,否则,也就是当没有赋值给任何一个角色时,该资源相当于是无效的,即该资源不受访问权的限制。
5、角色表中需要有个名字为"ROLE_ANONYMOUS"的角色("ROLE"是配置文件中配置的匹配字符串),一般将首页的资源赋予给这个角色。
二、着重点
1、先看配置文件applicationContext-acegi-security.xml,附件中
2、对applicationContext-acegi-security.xml配置文件中的几点进行说明
处理登录请求的过滤器 authenticationProcessingFilter
默认的配置如下:
xml 代码
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="authenticationFailureUrl"
value="/login.jsp?login_error=1" />
<property name="defaultTargetUrl" value="/admin/index.jsp" />
<property name="filterProcessesUrl"
value="/j_acegi_security_check" />
<property name="rememberMeServices" ref="rememberMeServices" />
bean>
我改成了如下的配置:
xml 代码
<bean id="authenticationProcessingFilter"
class="org.springside.security.filter.util.AuthenticationProcessingFilter">
<property name="continueChainBeforeSuccessfulAuthentication" value="true">property>
<property name="authenticationManager"
ref="authenticationManager" />
<property name="authenticationFailureUrl"
value="/accessDenied.jsp" />
<property name="defaultTargetUrl" value="/index.jsp" />
<property name="filterProcessesUrl"
value="/userm.do" />
<property name="rememberMeServices" ref="rememberMeServices" />
bean>
其实就是重写了acegi自带的AuthenticationProcessingFilter
因为我在用户登录的时候还附加了验证码
并且换了登录的action路径(改成了"/userm.do?method=login"),以及用户登陆的用户名和密码的名称(默认的是j_username和j_password,我改成了username和password),这些东西都在我重写的AuthenticationProcessingFilter中得到控制。附件中有完整的AuthenticationProcessingFilter代码。
java 代码
package org.springside.security.filter.util;
import java.io.IOException;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.AcegiMessageSource;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.ui.AuthenticationDetailsSource;
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
import org.acegisecurity.ui.WebAuthenticationDetails;
import org.acegisecurity.ui.rememberme.NullRememberMeServices;
import org.acegisecurity.ui.rememberme.RememberMeServices;
import org.acegisecurity.ui.savedrequest.SavedRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.Globals;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.util.Assert;
import com.yahaitt.exception.AuthenticationCodeException;
public class AuthenticationProcessingFilter implements Filter,
InitializingBean, ApplicationEventPublisherAware {
public static final String ACEGI_SAVED_REQUEST_KEY = "ACEGI_SAVED_REQUEST_KEY";
public static final String ACEGI_SECURITY_LAST_EXCEPTION_KEY = "ACEGI_SECURITY_LAST_EXCEPTION";
public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "username";
public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "password";
public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
protected final Log logger = LogFactory.getLog(this.getClass());
private ApplicationEventPublisher eventPublisher;
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
private AuthenticationManager authenticationManager;
private String authenticationFailureUrl;
private String defaultTargetUrl;
private String filterProcessesUrl = getDefaultFilterProcessesUrl();
private boolean alwaysUseDefaultTargetUrl = false;
private RememberMeServices rememberMeServices = new NullRememberMeServices();
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
private Properties exceptionMappings = new Properties();
private boolean continueChainBeforeSuccessfulAuthentication = false;
public boolean isContinueChainBeforeSuccessfulAuthentication() {
return continueChainBeforeSuccessfulAuthentication;
}
public void setContinueChainBeforeSuccessfulAuthentication(
boolean continueChainBeforeSuccessfulAuthentication) {
this.continueChainBeforeSuccessfulAuthentication = continueChainBeforeSuccessfulAuthentication;
}
public String getDefaultFilterProcessesUrl() {
return "/j_acegi_security_check";
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String username = obtainUsername(httpRequest);
String password = obtainPassword(httpRequest);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
if (requiresAuthentication(httpRequest, httpResponse)) {
Authentication authResult;
try {
// 加入验证码
onPreAuthentication(httpRequest, httpResponse);
authResult = attemptAuthentication(httpRequest);
// UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
// username, password);
// setDetails(httpRequest, authRequest);
// httpRequest.getSession().setAttribute(
// ACEGI_SECURITY_LAST_USERNAME_KEY, username);
// authResult = this.getAuthenticationManager().authenticate(
// authRequest);
// Authentication success
// successfulAuthentication(httpRequest, httpResponse, authResult);
//如果authResult = this.getAuthenticationManager().authenticate(authRequest);函数执行后无异常,则说明认证通过了,此时可以直接进行下轮的过滤器
//即跳转到进入这个filter的url(user_login.jsp页面中form的action指向等,此时执行下面的filterChain.doFilter(httpRequest, httpResponse);后就能够跳转到UserMAction的login函数中执行)
// filterChain.doFilter(httpRequest, httpResponse);
if (continueChainBeforeSuccessfulAuthentication) {
filterChain.doFilter(httpRequest, httpResponse);
}
// // 可以在此加入验证成功后的功能代码
successfulAuthentication(httpRequest, httpResponse, authResult);
// String targetUrl = alwaysUseDefaultTargetUrl ? null
// : obtainFullRequestUrl(httpRequest);
//// if (targetUrl == null) {
//// targetUrl = getDefaultTargetUrl();
//// }
//// if (!targetUrl.startsWith("http://")
//// && !targetUrl.startsWith("https://")) {
//// targetUrl = httpRequest.getContextPath() + targetUrl;
//// }
//
// targetUrl = request.getParameter("pagefrom");
//
// httpResponse.sendRedirect(httpResponse
// .encodeRedirectURL(targetUrl));
return;
} catch (AuthenticationException failed) {
// Authentication failed
unsuccessfulAuthentication(httpRequest, httpResponse, failed);
// String failureUrl = exceptionMappings.getProperty(failed
// .getClass().getName(), authenticationFailureUrl);
// if (!failureUrl.startsWith("http://")
// && !failureUrl.startsWith("https://")) {
// failureUrl = httpRequest.getContextPath() + failureUrl;
// }
String pagefrom = request.getParameter("pagefrom");
request.setAttribute("pagefrom", pagefrom);
String pageURL = "/WEB-INF/pages/user_login.jsp";
RequestDispatcher rd = request.getRequestDispatcher(pageURL);
rd.forward(request, response);
// httpResponse.sendRedirect(httpResponse
// .encodeRedirectURL(failureUrl));
return;
}
}
filterChain.doFilter(request, response);
}
public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException,
IOException {
String username = obtainUsername(request);
String password = obtainPassword(request);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
username, password);
setDetails(request, authRequest);
request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY,
username);
return this.getAuthenticationManager().authenticate(authRequest);
}
protected void setDetails(HttpServletRequest request,
UsernamePasswordAuthenticationToken authRequest) {
authRequest.setDetails(new WebAuthenticationDetails(request));
}
protected boolean requiresAuthentication(HttpServletRequest request,
HttpServletResponse response) {
String uri = request.getRequestURI();
int pathParamIndex = uri.indexOf(';');
if (pathParamIndex > 0) {
uri = uri.substring(0, pathParamIndex);
}
String method = request.getParameter("method");
boolean islogin = "login".equals(method)?true:false;
return (uri.endsWith(request.getContextPath() + filterProcessesUrl) && islogin);
}
public void init(FilterConfig arg0) throws ServletException {
}
public void afterPropertiesSet() throws Exception {
}
public void setApplicationEventPublisher(ApplicationEventPublisher context) {
this.eventPublisher = context;
}
public void setAuthenticationDetailsSource(
AuthenticationDetailsSource authenticationDetailsSource) {
Assert.notNull(authenticationDetailsSource,
"AuthenticationDetailsSource required");
this.authenticationDetailsSource = authenticationDetailsSource;
}
public boolean isAlwaysUseDefaultTargetUrl() {
return alwaysUseDefaultTargetUrl;
}
public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) {
this.alwaysUseDefaultTargetUrl = alwaysUseDefaultTargetUrl;
}
public String getAuthenticationFailureUrl() {
return authenticationFailureUrl;
}
public void setAuthenticationFailureUrl(String authenticationFailureUrl) {
this.authenticationFailureUrl = authenticationFailureUrl;
}
public String getDefaultTargetUrl() {
return defaultTargetUrl;
}
public void setDefaultTargetUrl(String defaultTargetUrl) {
this.defaultTargetUrl = defaultTargetUrl;
}
public String getFilterProcessesUrl() {
return filterProcessesUrl;
}
public void setFilterProcessesUrl(String filterProcessesUrl) {
this.filterProcessesUrl = filterProcessesUrl;
}
protected String obtainPassword(HttpServletRequest request) {
String password = request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
// if (password != null) {
// return MD5.toMD5(request
// .getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY));
// }
return password;
}
protected String obtainUsername(HttpServletRequest request) {
return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
}
// 加入验证码
protected void onPreAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException {
String randNum = request.getParameter("randNum");
String rand = (String) request.getSession().getAttribute("RandNo");
if (rand == null || !rand.equals(randNum)) {
throw new AuthenticationCodeException("请输入正确的验证码!");
}
}
// 可以在此加入验证成功后的功能代码
protected void onSuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, Authentication authResult)
throws IOException {
}
protected void onUnsuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, AuthenticationException failed)
throws IOException {
ActionMessages errors = new ActionMessages();
String username = request.getParameter("username");
String password = request.getParameter("password");
if(failed instanceof AuthenticationCodeException)
{
//验证码为空或出错
errors.add("userwrong",new ActionMessage("user.randno.wrong"));
}else if(null==username || "".equals(username))
{
//用户名为空
errors.add("userwrong",new ActionMessage("user.username"));
}else if(null==password || "".equals(password))
{
//密码为空
errors.add("userwrong",new ActionMessage("user.password"));
}else
{
//用户名或密码出错
errors.add("userwrong",new ActionMessage("user.wrong"));
}
1、用户注册和删除用户时清除缓存中对应该用户的相关信息。
2、登录时附加验证码等信息的扩展以及注意密码加密方式。
3、角色表中新增的角色名必须要与配置文件中设置的匹配,否则无效。
4、设置成Method类型的资源,必须在有至少一个角色给予赋值后,其它未赋予改资源的角色才会受访问权的限制,否则,也就是当没有赋值给任何一个角色时,该资源相当于是无效的,即该资源不受访问权的限制。
5、角色表中需要有个名字为"ROLE_ANONYMOUS"的角色("ROLE"是配置文件中配置的匹配字符串),一般将首页的资源赋予给这个角色。
二、着重点
1、先看配置文件applicationContext-acegi-security.xml,附件中
2、对applicationContext-acegi-security.xml配置文件中的几点进行说明
处理登录请求的过滤器 authenticationProcessingFilter
默认的配置如下:
xml 代码
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="authenticationFailureUrl"
value="/login.jsp?login_error=1" />
<property name="defaultTargetUrl" value="/admin/index.jsp" />
<property name="filterProcessesUrl"
value="/j_acegi_security_check" />
<property name="rememberMeServices" ref="rememberMeServices" />
bean>
我改成了如下的配置:
xml 代码
<bean id="authenticationProcessingFilter"
class="org.springside.security.filter.util.AuthenticationProcessingFilter">
<property name="continueChainBeforeSuccessfulAuthentication" value="true">property>
<property name="authenticationManager"
ref="authenticationManager" />
<property name="authenticationFailureUrl"
value="/accessDenied.jsp" />
<property name="defaultTargetUrl" value="/index.jsp" />
<property name="filterProcessesUrl"
value="/userm.do" />
<property name="rememberMeServices" ref="rememberMeServices" />
bean>
其实就是重写了acegi自带的AuthenticationProcessingFilter
因为我在用户登录的时候还附加了验证码
并且换了登录的action路径(改成了"/userm.do?method=login"),以及用户登陆的用户名和密码的名称(默认的是j_username和j_password,我改成了username和password),这些东西都在我重写的AuthenticationProcessingFilter中得到控制。附件中有完整的AuthenticationProcessingFilter代码。
java 代码
package org.springside.security.filter.util;
import java.io.IOException;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.AcegiMessageSource;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.ui.AuthenticationDetailsSource;
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
import org.acegisecurity.ui.WebAuthenticationDetails;
import org.acegisecurity.ui.rememberme.NullRememberMeServices;
import org.acegisecurity.ui.rememberme.RememberMeServices;
import org.acegisecurity.ui.savedrequest.SavedRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.Globals;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.util.Assert;
import com.yahaitt.exception.AuthenticationCodeException;
public class AuthenticationProcessingFilter implements Filter,
InitializingBean, ApplicationEventPublisherAware {
public static final String ACEGI_SAVED_REQUEST_KEY = "ACEGI_SAVED_REQUEST_KEY";
public static final String ACEGI_SECURITY_LAST_EXCEPTION_KEY = "ACEGI_SECURITY_LAST_EXCEPTION";
public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "username";
public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "password";
public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
protected final Log logger = LogFactory.getLog(this.getClass());
private ApplicationEventPublisher eventPublisher;
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
private AuthenticationManager authenticationManager;
private String authenticationFailureUrl;
private String defaultTargetUrl;
private String filterProcessesUrl = getDefaultFilterProcessesUrl();
private boolean alwaysUseDefaultTargetUrl = false;
private RememberMeServices rememberMeServices = new NullRememberMeServices();
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
private Properties exceptionMappings = new Properties();
private boolean continueChainBeforeSuccessfulAuthentication = false;
public boolean isContinueChainBeforeSuccessfulAuthentication() {
return continueChainBeforeSuccessfulAuthentication;
}
public void setContinueChainBeforeSuccessfulAuthentication(
boolean continueChainBeforeSuccessfulAuthentication) {
this.continueChainBeforeSuccessfulAuthentication = continueChainBeforeSuccessfulAuthentication;
}
public String getDefaultFilterProcessesUrl() {
return "/j_acegi_security_check";
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!(response instanceof HttpServletResponse)) {
throw new ServletException("Can only process HttpServletResponse");
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String username = obtainUsername(httpRequest);
String password = obtainPassword(httpRequest);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
if (requiresAuthentication(httpRequest, httpResponse)) {
Authentication authResult;
try {
// 加入验证码
onPreAuthentication(httpRequest, httpResponse);
authResult = attemptAuthentication(httpRequest);
// UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
// username, password);
// setDetails(httpRequest, authRequest);
// httpRequest.getSession().setAttribute(
// ACEGI_SECURITY_LAST_USERNAME_KEY, username);
// authResult = this.getAuthenticationManager().authenticate(
// authRequest);
// Authentication success
// successfulAuthentication(httpRequest, httpResponse, authResult);
//如果authResult = this.getAuthenticationManager().authenticate(authRequest);函数执行后无异常,则说明认证通过了,此时可以直接进行下轮的过滤器
//即跳转到进入这个filter的url(user_login.jsp页面中form的action指向等,此时执行下面的filterChain.doFilter(httpRequest, httpResponse);后就能够跳转到UserMAction的login函数中执行)
// filterChain.doFilter(httpRequest, httpResponse);
if (continueChainBeforeSuccessfulAuthentication) {
filterChain.doFilter(httpRequest, httpResponse);
}
// // 可以在此加入验证成功后的功能代码
successfulAuthentication(httpRequest, httpResponse, authResult);
// String targetUrl = alwaysUseDefaultTargetUrl ? null
// : obtainFullRequestUrl(httpRequest);
//// if (targetUrl == null) {
//// targetUrl = getDefaultTargetUrl();
//// }
//// if (!targetUrl.startsWith("http://")
//// && !targetUrl.startsWith("https://")) {
//// targetUrl = httpRequest.getContextPath() + targetUrl;
//// }
//
// targetUrl = request.getParameter("pagefrom");
//
// httpResponse.sendRedirect(httpResponse
// .encodeRedirectURL(targetUrl));
return;
} catch (AuthenticationException failed) {
// Authentication failed
unsuccessfulAuthentication(httpRequest, httpResponse, failed);
// String failureUrl = exceptionMappings.getProperty(failed
// .getClass().getName(), authenticationFailureUrl);
// if (!failureUrl.startsWith("http://")
// && !failureUrl.startsWith("https://")) {
// failureUrl = httpRequest.getContextPath() + failureUrl;
// }
String pagefrom = request.getParameter("pagefrom");
request.setAttribute("pagefrom", pagefrom);
String pageURL = "/WEB-INF/pages/user_login.jsp";
RequestDispatcher rd = request.getRequestDispatcher(pageURL);
rd.forward(request, response);
// httpResponse.sendRedirect(httpResponse
// .encodeRedirectURL(failureUrl));
return;
}
}
filterChain.doFilter(request, response);
}
public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException,
IOException {
String username = obtainUsername(request);
String password = obtainPassword(request);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
username, password);
setDetails(request, authRequest);
request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY,
username);
return this.getAuthenticationManager().authenticate(authRequest);
}
protected void setDetails(HttpServletRequest request,
UsernamePasswordAuthenticationToken authRequest) {
authRequest.setDetails(new WebAuthenticationDetails(request));
}
protected boolean requiresAuthentication(HttpServletRequest request,
HttpServletResponse response) {
String uri = request.getRequestURI();
int pathParamIndex = uri.indexOf(';');
if (pathParamIndex > 0) {
uri = uri.substring(0, pathParamIndex);
}
String method = request.getParameter("method");
boolean islogin = "login".equals(method)?true:false;
return (uri.endsWith(request.getContextPath() + filterProcessesUrl) && islogin);
}
public void init(FilterConfig arg0) throws ServletException {
}
public void afterPropertiesSet() throws Exception {
}
public void setApplicationEventPublisher(ApplicationEventPublisher context) {
this.eventPublisher = context;
}
public void setAuthenticationDetailsSource(
AuthenticationDetailsSource authenticationDetailsSource) {
Assert.notNull(authenticationDetailsSource,
"AuthenticationDetailsSource required");
this.authenticationDetailsSource = authenticationDetailsSource;
}
public boolean isAlwaysUseDefaultTargetUrl() {
return alwaysUseDefaultTargetUrl;
}
public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) {
this.alwaysUseDefaultTargetUrl = alwaysUseDefaultTargetUrl;
}
public String getAuthenticationFailureUrl() {
return authenticationFailureUrl;
}
public void setAuthenticationFailureUrl(String authenticationFailureUrl) {
this.authenticationFailureUrl = authenticationFailureUrl;
}
public String getDefaultTargetUrl() {
return defaultTargetUrl;
}
public void setDefaultTargetUrl(String defaultTargetUrl) {
this.defaultTargetUrl = defaultTargetUrl;
}
public String getFilterProcessesUrl() {
return filterProcessesUrl;
}
public void setFilterProcessesUrl(String filterProcessesUrl) {
this.filterProcessesUrl = filterProcessesUrl;
}
protected String obtainPassword(HttpServletRequest request) {
String password = request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
// if (password != null) {
// return MD5.toMD5(request
// .getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY));
// }
return password;
}
protected String obtainUsername(HttpServletRequest request) {
return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
}
// 加入验证码
protected void onPreAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException {
String randNum = request.getParameter("randNum");
String rand = (String) request.getSession().getAttribute("RandNo");
if (rand == null || !rand.equals(randNum)) {
throw new AuthenticationCodeException("请输入正确的验证码!");
}
}
// 可以在此加入验证成功后的功能代码
protected void onSuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, Authentication authResult)
throws IOException {
}
protected void onUnsuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, AuthenticationException failed)
throws IOException {
ActionMessages errors = new ActionMessages();
String username = request.getParameter("username");
String password = request.getParameter("password");
if(failed instanceof AuthenticationCodeException)
{
//验证码为空或出错
errors.add("userwrong",new ActionMessage("user.randno.wrong"));
}else if(null==username || "".equals(username))
{
//用户名为空
errors.add("userwrong",new ActionMessage("user.username"));
}else if(null==password || "".equals(password))
{
//密码为空
errors.add("userwrong",new ActionMessage("user.password"));
}else
{
//用户名或密码出错
errors.add("userwrong",new ActionMessage("user.wrong"));
}
相关文章推荐
- Python处理Excel(二):个性化Excel表格
- python安装xlrd和xlwt两个插件来处理excel问题
- 用python处理Excel文档(1)——用xlrd模块读取xls/xlsx文档
- Python处理Excel 写入,读取和追加
- DataNitro: 用Python高效处理Excel数据
- python之处理excel并作图
- python模块xlrd安装-处理excel文件必须
- Python 学习笔记 -处理excel
- Python处理excel数据
- Python处理Excel文档(xlrd, xlwt, xlutils)
- Python处理excel基本操作
- 使用Python代码处理Excel
- python3的异常处理、操作excel和数据库
- 使用python处理中文csv文件,并让excel正确显示中文(避免乱码)
- python 视频处理,提取视频相关帧,读取Excel
- Python对表格的数据进行处理然后在Excel中制作柱形图
- Python处理Excel文件实例代码
- Python处理unicode编码的txt文件(Python中文处理)——解决to_excel()和to_csv()导出文件内容为空的问题
- python pandas 处理 excel
- mac环境下,Python读取excel数据,并对行列做输出处理