首先,客户端登录时密码在客户端通过MD5加密,在CustomAuthenticationProcessingFilter中验证时不需要加密。
用户登录页面:
<script src="${ctx}/js/jquery.js" type="text/javascript"></script>
<script src="${ctx}/js/jquery.sha1.js" type="text/javascript"></script>
<script src="${ctx}/js/validate/jquery.validate.js" type="text/javascript"></script>
<script src="${ctx}/js/validate/messages_cn.js" type="text/javascript"></script>
<script>
function reloadCaptcha() {
$("#captcha").attr("src", "${ctx}/servlet/captchaServlet?r=" + Math.random());
}
function encode() {
$('#j_password').val($.sha1($('#j_password').val()));
return true;
}
$(document).ready(function() {
$("#j_username").focus();
});
</script>
<div><label>密码:</label><input type='password' id='j_password' name='j_password' class="required" /></div>
用户注册页面,当用户注册结束后,我们使用一个跳转把用户名、密码和验证码等都自动提交,从而实现用户自动登录。
<script src="${ctx}/js/jquery.js" type="text/javascript"></script>
<script src="${ctx}/js/jquery.form.js" type="text/javascript"></script>
<script src="${ctx}/js/jquery.sha1.js" type="text/javascript"></script>
<script src="${ctx}/js/validate/jquery.validate.js" type="text/javascript"></script>
<script src="${ctx}/js/validate/messages_cn.js" type="text/javascript"></script>
<script>
function reloadCaptcha() {
$("#captcha").attr("src", "${ctx}/servlet/captchaServlet?r=" + Math.random());
}
$(document).ready(function() {
$("#loginName").focus();
$("#registerForm").validate({
rules: {
loginName: {
required: true,
remote: "account!checkLoginName.action?oldLoginName=" + encodeURIComponent('${loginName}')
},
name: "required",
password: {
required: true,
minlength: 6
},
passwordConfirm: {
equalTo:"#password"
},
email: "email",
j_captcha: {
required: true,
remote: "account!checkCaptcha.action"
},
agreed: "required"
},
messages: {
loginName: {
remote: "用户登录名已存在"
},
name: '姓名不能为空',
email: '邮箱格式错误',
passwordConfirm: {
equalTo: "输入与上面相同的密码"
},
j_captcha: '验证码错误'
},
submitHandler: function(form) {
$('#password').val($.sha1($('#password').val()));
$(form).ajaxSubmit({
success: function(msg) {
alert("用户注册成功!");
window.location = "${ctx}/j_spring_security_check?j_username=" + $('#loginName').val() + "&j_password=" + $('#password').val() + "&j_captcha=" + $('#j_captcha').val();
},
error: function(msg) {
alert("用户注册失败!");
}
});
return false;
}
});
});
</script>
其次,在application-Context.xml中,密码采用明文方式,即在springsecurity过滤时不需要再次加密密码
<s:authentication-provider user-service-ref="userDetailsService">
<s:password-encoder hash="plaintext" />
<!-- <s:password-encoder hash="sha" base64="false"/> -->
</s:authentication-provider>