<http entry-point-ref="authenticationProcessingFilterEntryPoint">
<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
<intercept-url pattern="/user/**" access="ROLE_USER,ROLE_ADMIN" />
</http>
<authentication-provider user-service-ref="securityManager" />
<beans:bean id="authenticationProcessingFilter" class="com.XXX.security.CustomAuthenticationProcessingFilter">
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="defaultTargetUrl" value="/user/userList.action" />
</beans:bean>
<authentication-manager alias="authenticationManager"/>
<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<beans:property name="loginFormUrl" value="/login.do" />
<beans:property name="forceHttps" value="false" />
</beans:bean>
public Authentication attemptAuthentication(
HttpServletRequest httpServletRequest)
throws AuthenticationException {
String check_code = httpServletRequest.getParameter("j_checkcode");
String sys_code = (String) httpServletRequest.getSession().getAttribute(checkCodeName);
if (sys_code == null) {
throw new AuthCodeValidationException("验证码不正确");
} else if (!sys_code.equals(check_code)) {
String username = obtainUsername(httpServletRequest);
httpServletRequest.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, username);
throw new AuthCodeValidationException("验证码输入不正确");
}
return super.attemptAuthentication(httpServletRequest);
}
扫一扫
7112
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
