在默认的情况下,如果没有提供登陆的表单,Spring Security将会创建一个默认的登陆页面,请参考本页面:Spring Security 实现的一个Hello World例子。
在本次教程中,我们将会向你展示怎么创建一个自定义登陆的表单并用Spring Security做登陆验证。
需要说明的是:前面提到的Spring Security 实现的一个Hello World例子将会被再次使用,并用它支持表单验证。
本教程的开发环境为:
1.Spring 3.0.5.RELEASE
2.Spring Security 3.0.5.RELEASE
3.JSTL 1.2
1.工程目录:
本教程的最终项目结构如下所示:
2.Spring Security
在你的Spring.xml进行如下配置:
1.login-page=”/login” – 登陆页面访问 “/login”
2.default-target-url=”/welcome” –如果认证成功则跳转到“/welcome”
3.authentication-failure-url=”/loginfailed” –如果认证失败则跳转到“/loginfailed”
4.logout-success-url=”/logout” – 我注销登陆则跳转到 “/logout”
spring-security.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
xsi:schemaLocation="http://www.springframework.org/schema/beans
<
http
auto-config
=
"true"
>
<
intercept-url
pattern
=
"/welcome*"
access
=
"ROLE_USER"
/>
<
form-login
login-page
=
"/login"
default-target-url
=
"/welcome"
authentication-failure-url
=
"/loginfailed"
/>
<
logout
logout-success-url
=
"/logout"
/>
</
http
>
<
authentication-manager
>
<
authentication-provider
>
<
user-service
>
<
user
name
=
"mkyong"
password
=
"123456"
authorities
=
"ROLE_USER"
/>
</
user-service
>
</
authentication-provider
>
</
authentication-manager
>
</
beans:beans
>
|
3.Spring Security控制器
Spring Security控制器用来处理请求到来时经过处理后跳转到相应的页面去。
LoginController.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
package
com.mkyong.common.controller;
import
java.security.Principal;
import
org.springframework.stereotype.Controller;
import
org.springframework.ui.ModelMap;
import
org.springframework.web.bind.annotation.RequestMapping;
import
org.springframework.web.bind.annotation.RequestMethod;
@Controller
public
class
LoginController {
@RequestMapping
(value=
"/welcome"
, method = RequestMethod.GET)
public
String printWelcome(ModelMap model, Principal principal ) {
String name = principal.getName();
model.addAttribute(
"username"
, name);
model.addAttribute(
"message"
,
"Spring Security Custom Form example"
);
return
"hello"
;
}
@RequestMapping
(value=
"/login"
, method = RequestMethod.GET)
public
String login(ModelMap model) {
return
"login"
;
}
@RequestMapping
(value=
"/loginfailed"
, method = RequestMethod.GET)
public
String loginerror(ModelMap model) {
model.addAttribute(
"error"
,
"true"
);
return
"login"
;
}
@RequestMapping
(value=
"/logout"
, method = RequestMethod.GET)
public
String logout(ModelMap model) {
return
"login"
;
}
}
|
4.错误信息
spring默认的错误信息不是很友善,我们可以在properties里面配置错误信息。
mymessages.properties
1
|
AbstractUserDetailsAuthenticationProvider.badCredentials=Invalid username or password
|
5.JSP页面
在用户登陆页面,你需要设置如下Spring Security名称:
1.j_spring_security_check –登陆层
2.j_spring_security_logout –注销层
3.j_username – 用户名
4.j_password – 密码
为了展示认证的错误信息,用下面方式表达:
1
|
${sessionScope[
"SPRING_SECURITY_LAST_EXCEPTION"
].message}
|
login.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<
html
>
<
head
>
<
title
>Login Page</
title
>
<
style
>
.errorblock {
color: #ff0000;
background-color: #ffEEEE;
border: 3px solid #ff0000;
padding: 8px;
margin: 16px;
}
</
style
>
</
head
>
<
body
onload
=
'document.f.j_username.focus();'
>
<
h3
>Login with Username and Password (Custom Page)</
h3
>
<
c:if
test
=
"${not empty error}"
>
<
div
class
=
"errorblock"
>
Your login attempt was not successful, try again.<
br
/> Caused :
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</
div
>
</
c:if
>
<
form
name
=
'f'
action="<c:url
value
=
'j_spring_security_check'
/>"
method='POST'>
<
table
>
<
tr
>
<
td
>User:</
td
>
<
td
><
input
type
=
'text'
name
=
'j_username'
value
=
''
>
</
td
>
</
tr
>
<
tr
>
<
td
>Password:</
td
>
<
td
><
input
type
=
'password'
name
=
'j_password'
/>
</
td
>
</
tr
>
<
tr
>
<
td
colspan
=
'2'
><
input
name
=
"submit"
type
=
"submit"
value
=
"submit"
/>
</
td
>
</
tr
>
<
tr
>
<
td
colspan
=
'2'
><
input
name
=
"reset"
type
=
"reset"
/>
</
td
>
</
tr
>
</
table
>
</
form
>
</
body
>
</
html
>
|
hello.jsp
1
2
3
4
5
6
7
8
9
10
|
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<
html
>
<
body
>
<
h3
>Message : ${message}</
h3
>
<
h3
>Username : ${username}</
h3
>
<
a
href
=
"<c:url value="
/j_spring_security_logout" />" > Logout</
a
>
</
body
>
</
html
>
|
6.例子
1.当访问“http://localhost:8080/SpringMVC/welcome”链接时,Spring Secutiry将会跳转到登陆页面:
http://localhost:8080/SpringMVC/login
2.如果用户名和密码输入错误则认证失败,页面将会展示错误信息:
3.如果用户名和密码输入正确则认证成功,则会展示请求页面:
http://localhost:8080/SpringMVC/welcome
本文为原创文章,,转载请注明出处,首发于http://www.it161.com/article/javaDetail?articleid=140107232125
更多IT文章,请访问http://www.it161.com/