一、项目结构如下:
二、新建两个controller,一个是LoginLogoutController和MainController:
LoginLogoutController:
package com.bestpay.controller;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
/**
* @author lichunan
* @version 1.0
* @title LoginLogoutController.java
* @description 登录登出控制器
* @date 2014-11-11
* @time 17:46
*/
@Controller
@RequestMapping("auth")
public class LoginLogoutController {
/**
* 指向登录页面
*
* @param error
* @param modelMap
* @return
*/
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String getLoginPage(@RequestParam(value = "error", required = false) boolean error, ModelMap modelMap) {
if (error == true) {
modelMap.put("error", "用户名或密码错误!");
}else{
modelMap.put("error", "");
}
return "login";
}
/**
* 指向认证失败页面
* @return
*/
@RequestMapping(value = "/denied", method = RequestMethod.GET)
public String getDeniedPage() {
return "denied";
}
}
MainController:
package com.bestpay.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
/**
* @title MainController.java
* @description 主控制器
* @author lichunan
* @date 2014-11-11
* @time 20:15
* @version 1.0
*/
@Controller
@RequestMapping("/main")
public class MainController {
/**
* 跳转到common.jsp页面
* @return
*/
@RequestMapping(value = "/common", method = RequestMethod.GET)
public String getCommonPage(){
return "common";
}
@RequestMapping(value= "/admin", method = RequestMethod.GET)
public String getAdminPage(){
return "login";
}
}
三、新建一个自己的登录页面login.jsp:
用户名的输入框和密码的输入框在没有配置的情况下,name的值要分别是j_username和j_password。
四、新增一个认证管理器实现类CustomUserDetailsService.java:
package com.bestpay.service;
import com.bestpay.dao.UserDao;
import com.bestpay.domain.DbUser;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
/**
* @author lichunan
* @version 1.0
* @title CustomUserDetailsService.java
* @description 认证管理器实现类
* @date 2014-11-11
* @time 19:53
*/
public class CustomUserDetailsService implements UserDetailsService {
private UserDao userDao = new UserDao();
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, DataAccessException {
UserDetails user = null;
DbUser dbUser = userDao.getDataBase(userName);
if(dbUser != null){
user = new User(dbUser.getUserName(), dbUser.getPassWord().toLowerCase(), true, true, true, true, getAuthorities(dbUser.getAccess()));
}
return user;
}
/**
* 获得访问角色权限
* @param access
* @return
*/
public Collection<GrantedAuthority> getAuthorities(Integer access) {
List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(2);
// 所有的用户默认拥有ROLE_USER权限
authList.add(new GrantedAuthorityImpl("ROLE_USER"));
//如果参数access为1,则拥有ROLE_ADMIN权限
if (access.compareTo(1) == 0) {
authList.add(new GrantedAuthorityImpl("ROLE_ADMIN"));
}
return authList;
}
}
五、修改spring-security.xml的配置,配置内容如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<http auto-config="true" use-expressions="true">
<!-- 自定义权限不足处理程序 -->
<access-denied-handler ref="defaultAccessDeniedHandler"/>
<!-- 不要过滤css、js、图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录 -->
<intercept-url pattern="/css/**" filters="none"/>
<intercept-url pattern="/js/**" filters="none"/>
<intercept-url pattern="/images/**" filters="none"/>
<!-- 允许任何请求 -->
<intercept-url pattern="/auth/login" access="permitAll"/>
<!--
default-target-url:指定了从登录页面登录后进行跳转的页面
always-use-default-target:true表示从登录成功后强制跳转
authentication-failure-url:表示验证失败后进入的页面
login-processing-url:设置验证登录验证地址,如果不设置,默认是j_spring_security_check
username-parameter,password-parameter:设置登录用户名和密码的请求name,默认:j_username,j_password
-->
<!-- 登录控制 -->
<form-login
login-page="/auth/login"
always-use-default-target="true"
authentication-failure-url="/auth/login?error=true"
default-target-url="/main/common"/>
<!-- 登出控制 -->
<!--
invalidate-session:是否销毁Session
logout-url:logout地址
logout-success-url:logout成功后要跳转的地址
-->
<logout
invalidate-session="true"
logout-success-url="/auth/denied"
logout-url="/auth/denied"/>
</http>
<!-- 认证控制器的provider -->
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder ref="passWordEncoder"/>
</authentication-provider>
</authentication-manager>
<!-- 对密码进行MD5编码 -->
<beans:bean id="passWordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
<!-- 验证控制器实现类 -->
<beans:bean id="customUserDetailsService" class="com.bestpay.service.CustomUserDetailsService"/>
<!-- 自定义权限不足处理程序 -->
<beans:bean id="defaultAccessDeniedHandler" class="com.bestpay.handler.DefaultAccessDeniedHandler">
<beans:property name="errorPage" value="/pages/403.jsp"/>
</beans:bean>
</beans:beans>
六、web.xml配置文件中新增了一些内容,配置如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<display-name>gateway-web</display-name>
<!-- 指定系统首页 -->
<welcome-file-list>
<welcome-file>index03.jsp</welcome-file>
</welcome-file-list>
<!-- 启动Web容器时,自动装配ApplicationContext的配置信息 -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- ApplicationContext的配置信息路径 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext.xml
</param-value>
</context-param>
<!-- spring security 过滤器链 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- spring mvc 前端控制器 -->
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- spring mvc 前端控制器的映射路径配置 -->
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- 解决导致页面引用的JS CSS发生找不到的错误,对于css、js、gif、jpg等资源文件不采用spring mvc过滤器 -->
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.js</url-pattern>
<url-pattern>*.jpg</url-pattern>
<url-pattern>*.css</url-pattern>
<url-pattern>*.gif</url-pattern>
</servlet-mapping>
<!-- 403错误:权限错误 -->
<error-page>
<error-code>403</error-code>
<location>/pages/403.jsp</location>
</error-page>
<!-- 404错误:客户端请求的网页不存在 -->
<error-page>
<error-code>404</error-code>
<location>/pages/404.jsp</location>
</error-page>
<!-- 500错误:服务器内部错误,或是程序有问题 -->
<error-page>
<error-code>500</error-code>
<location>/pages/500.jsp</location>
</error-page>
</web-app>