<pre name="code" class="html"><http auto-config="true" use-expressions="true">
<form-login
login-page="/login"
authentication-success-handler-ref="customAuthenticationSuccessHandler"
authentication-failure-handler-ref="authenticationFailureHandler"
username-parameter="username"
password-parameter="password" />
<logout invalidate-session="true" logout-success-url="/login?logOutMsg=1" logout-url="/j_spring_security_logout" delete-cookies="JSESSIONID" />
<session-management invalid-session-url="/login?logOutMsg=1">
<concurrency-control max-sessions="1" expired-url="/login?sessionInvalid=1" />
</session-management>
</http>
<beans:bean id="authenticationFailureHandler" class="com.tang.UsernameStoringUrlAuthenticationFailureHandler" >
<beans:property name="defaultFailureUrl" value="/login?loginError=1"/>
</beans:bean>
<beans:bean id="customAuthenticationSuccessHandler" class="com.tang.service.CustomAuthenticationSuccessHandler"></beans:bean>
<pre name="code" class="java">public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
private static final Logger logger = LoggerFactory.getLogger(CustomAuthenticationSuccessHandler.class);
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse reponse,
Authentication authentication)
throws IOException, ServletException {
//这里可以做success的处理
//do some logic here if you want something to be done whenever
//the user successfully logs in.
request.getSession(true).setAttribute("SPRING_SECURITY_FROM_LOGIN_SUCCESS", "TRUE");
//set our response to OK status
reponse.setStatus(HttpServletResponse.SC_OK);
//since we have created our custom success handler, its up to us to where
//we will redirect the user after successfully login
reponse.sendRedirect("home");
}
}
public class UsernameStoringUrlAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler
{
private static final Logger logger = LoggerFactory.getLogger(UsernameStoringUrlAuthenticationFailureHandler.class);
@Override
public void onAuthenticationFailure (HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException
{
//这里可以做fail的处理
request.getSession (true).setAttribute ("SPRING_SECURITY_LAST_USERNAME", request.getParameter ("username"));
super.onAuthenticationFailure (request, response, exception);
}
}