spring security remember-me

原创 2016年08月29日 12:12:50

1.controller

package net.yym.web.controller.home;

import com.google.common.base.Optional;
import net.yym.core.entity.Doctor;
import net.yym.web.controller.BaseController;
import net.yym.web.security.LoginUserInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

import javax.servlet.http.HttpServletRequest;

/**
 * 登陆跳转控制器
 *
 * @author yym
 */
@Controller
public class HomeController extends BaseController {

    private static Logger logger = LoggerFactory.getLogger(HomeController.class);

    @Autowired
    private LoginUserInfo loginUserInfo;

    @RequestMapping("/")
    public String index() {
        return "redirect:home";
    }

    @RequestMapping("/login")
    public String login(@RequestParam(required = false)String error,HttpServletRequest request) {
        if (error != null){
            request.setAttribute("error","用户名或密码错误");
        }
        return "home/login";
    }

    @RequestMapping("/home")
    public String home(HttpServletRequest request) {
        Optional<Doctor> optional = loginUserInfo.getDoctor();
        if (optional.isPresent()){
            request.getSession().setAttribute("doctorName", optional.get().getName());
        }
        return "redirect:patient/list";
    }
}

2.spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
             http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd"
             default-lazy-init="true">


    <!-- http安全配置 -->
    <!-- 设置禁止spring-security拦截的路径 -->
    <http pattern="/login*" security="none"/>
    <http pattern="/" security="none"/>
    <http pattern="/WEB-INF/views/home/*.jsp" security="none"/>
    <http pattern="/WEB-INF/views/shared/*.jsp" security="none"/>

    <http auto-config="true" use-expressions="true">
        <form-login login-page="/login"
                    default-target-url="/home"
                    always-use-default-target="true"
                    login-processing-url="/j_spring_security_check"
                    authentication-failure-url="/login?error=true"/>
        <csrf disabled="true"/>
        <logout logout-success-url="/login" logout-url="/logout"/>
        <remember-me key="chd" services-ref="rememberMeServices"/>
        <intercept-url pattern="/**" access="hasAnyRole('ROLE_USER')"/>
    </http>


    <!-- 认证配置, 使用userDetailsService提供的用户信息 -->
    <authentication-manager alias="authenticationManager" erase-credentials="false">
        <authentication-provider ref="authenticationProvider"/>
    </authentication-manager>

    <beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <beans:property name="userDetailsService" ref="memberDetailService"/>
        <beans:property name="hideUserNotFoundExceptions" value="false"/>
        <beans:property name="passwordEncoder" ref="passwordEncoder"/>
    </beans:bean>

    <!-- 实现 remember-me 功能 -->
    <beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
        <beans:constructor-arg value="chd" index="0"/>
        <beans:constructor-arg ref="memberDetailService" index="1"/>
    </beans:bean>

    <!-- 项目实现的用户查询服务 -->
    <beans:bean id="memberDetailService" class="net.yixinjia.web.security.AuthenticationService"/>

    <!-- 用户的密码加密或解密 -->
    <beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>

</beans:beans>

3.login.jsp

<form id="login_form" action="j_spring_security_check" method="post">
    <div class="form-group m-bottom-md">
        <input type="text" class="form-control" name="username" placeholder="请输入用户名">
    </div>
    <div class="form-group">
        <input type="password" class="form-control" name="password" placeholder="请输入密码">
    </div>

    <div class="form-group">
        <div class="custom-checkbox">
            <input type="checkbox" id="remember_me" name="remember-me">
            <label for="remember_me"></label>
        </div>
        记住密码
    </div>
    <div style="color: red">
        <c:if test="${not empty error}">
            用户名或密码错误
        </c:if>
    </div>
    <div class="m-top-md p-top-sm">
        <a href="javascript:document:login_form.submit();" class="btn btn-success block">登录</a>
    </div>
</form>

相关文章推荐

Spring Security(12)——Remember-Me功能

Remember-Me功能   目录   1.1     概述 1.2     基于简单加密token的方法 1.3     基于持久化token的方法 1.4     Remember...

Spring Security(12)——Remember-Me功能

1.1     概述 1.2     基于简单加密token的方法 1.3     基于持久化token的方法 1.4     Remember-Me相关接口和实现类 1.4.1    Tok...

springsecurity中的配置文件设置remember-me 的原因及其安全性

首先看remember-me的写法: security:remember-me key="elim" user-service-ref="userDetailsService"/> 在...

解决Spring Security 开启remember-me(持久化),session并发控制后重启服务器remember-me持久化凭证消失问题

学习Spring security过程中实现了remember-me的持久化实现(其实很简单的呀)

springsecurity中的配置文件设置remember-me 的原因及其安全性

首先看remember-me的写法: security:remember-me key="elim" user-service-ref="userDetailsService"/> 在扩展...

Spring Seucrity 之 Remember Me

Spring Security 提供了Remember-me机制用来实现记录用户的登录状态。方便用户下次自动登录。Spring Security 对此操作提供了必要的钩子,remember-me有两个...

spring security起步五:Remember Me功能实现

spring security remember me spring security 自动登录

Spring Security Remember Me Example

In this tutorial, we will show you how to implement “Remember Me” login feature in Spring Security, ...

spring security 安全框架remember me,demo学习

Spring Security 的前身是 Acegi Security ,是 Spring 项目组中用来提供安全认证服务的框架。 在安全框架这边使用最多的就是spring security。 论坛资...

《Spring Security3》第三章第三部分翻译上(Remember me功能实现)

Remember me 对于经常访问站点的用户有一个便利的功能就是remember me。这个功能允许一个再次访问的用户能够被记住,它通过在用户的浏览器上存储一个加密的cookie来实现的。如果Sp...
  • ggmmsoo
  • ggmmsoo
  • 2014年12月18日 10:25
  • 200
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:spring security remember-me
举报原因:
原因补充:

(最多只允许输入30个字)