Spring Security默认提供了一个登陆页面,但是这个页面实在太简陋了,实际开发时必须实现自定义的登录页面。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<http auto-config="true">
<intercept-url pattern="/images/**" filters="none" />
<intercept-url pattern="/styles/**" filters="none" />
<intercept-url pattern="/scripts/**" filters="none" />
<intercept-url pattern="/coos/**" filters="none" />
<intercept-url pattern="/common/**" filters="none" />
<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
<intercept-url pattern="/ssq/**" access="ROLE_ADMIN,ROLE_EDITOR" />
<intercept-url pattern="/browser/**" access="ROLE_ADMIN,ROLE_EDITOR,ROLE_USER" />
<intercept-url pattern="/**" access="ROLE_ADMIN,ROLE_EDITOR,ROLE_USER" />
<intercept-url pattern="/login.action" filters="none" />
<form-login login-page="/login.action" authentication-failure-url="/login.action?error=true" default-target-url="/" />
<logout />
<remember-me user-service-ref="userDetailsService" />
</http>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
<beans:bean id="userDetailsService"
class="com.coos.ssq.service.impl.UserDetailsServiceLocalImpl">
<beans:property name="userManager" ref="userManager" />
</beans:bean>
<beans:bean id="passwordEncoder"
class="org.springframework.security.providers.encoding.Md5PasswordEncoder">
</beans:bean>
</beans:beans>
<form-login login-page="/login.action" authentication-failure-url="/login.action?error=true" default-target-url="/" />
login-page表示用户登陆时显示我们自定义的login.action对应的页面。
authentication-failure-url表示用户登陆失败时,跳转到哪个action。
当用户输入的登录名和密码不正确时,系统将再次跳转到/login.action,并添加一个error=true参数作为登陆失败的标示。
default-target-url表示登陆成功时,跳转的url。
struts2的配置
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<package name="default" extends="struts-default">
<global-results>
<result name="error" type="freemarker">/common/action_error.ftl</result>
</global-results>
<action name="login" class="com.coos.ssq.action.LoginAction">
<result name="input" type="freemarker">/common/login.ftl</result>
<result name="success" type="redirect">/</result>
</action>
</package>
</struts>
loginAction的代码:
package com.coos.ssq.action;
import java.util.Map;
import com.opensymphony.xwork2.ActionContext;
public class LoginAction extends BaseAction
{
private static final long serialVersionUID = 2316404862441984223L;
private String error;
private String lastname;
private String message;
public String execute() throws Exception
{
Map<String, ?> session = ActionContext.getContext().getSession();
this.lastname = (String) session.get("SPRING_SECURITY_LAST_USERNAME");
try
{
Exception e = (Exception)session.get("SPRING_SECURITY_LAST_EXCEPTION");
this.message = e.getMessage();
}
catch (Exception e){}
if(this.message == null && this.lastname != null)
{
return SUCCESS;
}
else
{
if(this.message !=null)
{
session.put("SPRING_SECURITY_LAST_EXCEPTION", null);
}
return INPUT;
}
}
/**
* @return the message
*/
public String getMessage()
{
return message;
}
/**
* @param message the message to set
*/
public void setMessage(String message)
{
this.message = message;
}
/**
* @return the error
*/
public String getError()
{
return error;
}
/**
* @param error the error to set
*/
public void setError(String error)
{
this.error = error;
}
/**
* @return the lastname
*/
public String getLastname()
{
return lastname;
}
/**
* @param lastname the lastname to set
*/
public void setLastname(String lastname)
{
this.lastname = lastname;
}
}
页面采用freemarker整合的login.ftl
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>login page</title>
<style type="text/css">
.error
{
width: 260px;height:40px;padding-top:10px;border: 2px solid red;
background-color: yellow;text-align: center;
}
.login{width: 260px;margin-bottom:10px;border: 1px solid #ccc;border-right: 2px solid #ccc;}
.login td{border-bottom: 1px solid #ccc;height:30px;}
.input{width:120px;}
.title{font-size:14px;}
.hide{display:none;}
</style>
</head>
<body>
<center>
<div class="error <#if !error?exists>hide</#if>">
用户名或密码错误!
<br />
${message?default("")}
</div>
<br />
<form action="${base}/j_spring_security_check" method="post">
<table class="login" border="0" cellpadding="0" cellspacing="0">
<tr>
<td colspan="2" align="center"><span class="title">用户登录</span></td>
</tr>
<tr>
<td nowrap="nowrap" align="right">用户名:</td>
<td align="left"><input class="input" type="text" name="j_username" value="${lastname?default("")}"/></td>
</tr>
<tr>
<td align="right">密码:</td>
<td align="left"><input class="input" type="password" name="j_password" /></td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap" align="left"><input type="checkbox" name="_spring_security_remember_me" />两周之内自动登陆</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="登陆"/>
<input type="reset" value="重置"/>
</td>
</tr>
</table>
</form>
</center>
</body>
</html>
页面用了sitemesh统一装饰的,所以这里的代码中没有头和尾部分的,具体效果自己调了。