spring security 3.1認証コードのカスタム登録を実現します.
12540 ワード
spring securityカスタム登録:
1、カスタムテーブル構造
Tシャツ.US ER:(ユーザ表)
`id`bigintt(11)NOT NULL AUTO_INCREMENT、
`name`varrhar
`password`varhar
Tシャツ.ROLE:(キャラクター表)
`id`bigintt(11)NOT NULL AUTO_INCREMENT、
`role`varrhar--キャラクター名(spring security定義キャラクター名はROLE_で始まる)
Tシャツ.USER_ROLE:(ユーザーキャラクター関連表)
`id`bigintt(11)NOT NULL AUTO_INCREMENT、
`user_id`bigint(11)
`role_id`bigint(11)
2、必要なjarバッグ:
spring-security-acl-3.1.0.RC.jar
spring-security-aspects-3.1.0.RC.jar
spring-security-cas-3.1.0.RC.jar
spring-security-config-3.1.0.RC.jar
spring-security-coree-3.1.0.RC.jar
spring-security-ldp-3.1.0.RC.jar
spring-security-openid-3.1.0.RC.jar
spring-security-taglibs-3.1.0.RC 2.jar
spring-security-web-3.1.0.RC.jar
3、ログインページのlogin.jsp
4、appication-security.xml配置
5、検証コードの検証
1、カスタムテーブル構造
Tシャツ.US ER:(ユーザ表)
`id`bigintt(11)NOT NULL AUTO_INCREMENT、
`name`varrhar
`password`varhar
Tシャツ.ROLE:(キャラクター表)
`id`bigintt(11)NOT NULL AUTO_INCREMENT、
`role`varrhar--キャラクター名(spring security定義キャラクター名はROLE_で始まる)
Tシャツ.USER_ROLE:(ユーザーキャラクター関連表)
`id`bigintt(11)NOT NULL AUTO_INCREMENT、
`user_id`bigint(11)
`role_id`bigint(11)
2、必要なjarバッグ:
spring-security-acl-3.1.0.RC.jar
spring-security-aspects-3.1.0.RC.jar
spring-security-cas-3.1.0.RC.jar
spring-security-config-3.1.0.RC.jar
spring-security-coree-3.1.0.RC.jar
spring-security-ldp-3.1.0.RC.jar
spring-security-openid-3.1.0.RC.jar
spring-security-taglibs-3.1.0.RC 2.jar
spring-security-web-3.1.0.RC.jar
3、ログインページのlogin.jsp
<form id="loginForm"
action="<c:url value='/j_spring_security_check'/>" method="post">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<th> :</th>
<td><input type="text" name="j_username" id="username"
class="input"
value="<c:if test='${not empty param.login_error}' >
<c:out value='${SPRING_SECURITY_LAST_USERNAME}'/>
</c:if>" />
</td>
<td rowspan="3"><a onclick="javascript:login();"><img
src="../img/home/login_btn.gif" width="111" height="99" /> </a></td>
</tr>
<tr>
<th> :</th>
<td><input type="password" name="j_password" id="password"
class="input" /></td>
</tr>
<tr>
<th> :</th>
<td><input type="text" maxlength="4" name="code" id="code"
class="input" style="width: 80px;" onkeypress="javascript:pressKey(event);" /> <img id="validateCode"
src="validate.code" width="75" height="33" /> <a
onclick="javascript:reload();"><img
src="../img/home/refresh.gif" width="22" height="22" /> </a>
</td>
</tr>
</table>
</form>
<c:if test="${not empty param.error}">
<font color="red"> <br /> <br /> : <c:out
value="${SPRING_SECURITY_LAST_EXCEPTION.message}" /></font>
</c:if>
4、appication-security.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http>
<!-- -->
<intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/list/**"
access="ROLE_ADMIN,ROLE_MANAGER,ROLE_USER" />
<intercept-url pattern="/delete/**" access="ROLE_ADMIN" />
<!-- -->
<custom-filter before="FORM_LOGIN_FILTER" ref="validateCodeAuthenticationFilter" />
<!-- -->
<form-login login-page="/home/login"
default-target-url="/home/loginSuccess.action"( url)
authentication-failure-url="/home/login.action?error=true"( url) />
<!-- -->
<!-- <logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID"
/> <remember-me /> -->
<!-- SESSION -->
<!-- <session-management invalid-session-url="/timeout.jsp"> </session-management> -->
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<!-- SQL , users-by-username-query: authorities-by-username-query: ( , t_user_role )
group-authorities-by-username-query: -->
<jdbc-user-service data-source-ref="webDataSource"
users-by-username-query="SELECT t_user.name AS username,t_user.password as password,'true' AS enabled FROM t_user WHERE t_user.name = ?"
authorities-by-username-query="SELECT name AS username,role as authorities
FROM T_USER
LEFT OUTER JOIN t_role AS userrole ON(t_user.id = userrole.user_id)
LEFT OUTER JOIN t_role AS role ON (userrole.role_id = role.id)
WHERE t_user.name = ?" />
</authentication-provider>
</authentication-manager>
<!-- -->
<beans:bean id="validateCodeAuthenticationFilter"
class="**.**.security.ValidateCodeUsernamePasswordAuthenticationFilter">
<beans:property name="authenticationSuccessHandler"
ref="loginLogAuthenticationSuccessHandler"></beans:property>
<beans:property name="authenticationFailureHandler"
ref="simpleUrlAuthenticationFailureHandler"></beans:property>
<beans:property name="authenticationManager" ref="authenticationManager"></beans:property>
</beans:bean>
<!-- -->
<beans:bean id="loginLogAuthenticationSuccessHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/home/loginSuccess.action"></beans:property>
</beans:bean>
<!-- -->
<beans:bean id="simpleUrlAuthenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/home/login.action?error=true"></beans:property>
</beans:bean>
</beans:beans>
5、検証コードの検証
package cn.com.trade.security;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.TextEscapeUtils;
import cn.com.fxark.util.md5.MD5;
import cn.com.trade.domain.adminuser.AdminUser;
import cn.com.trade.global.GlobalParameter;
import cn.com.trade.service.ServiceManager;
/**
* 、
*
* ; 。
*
* @author Long
*
*/
public class ValidateCodeUsernamePasswordAuthenticationFilter extends
UsernamePasswordAuthenticationFilter {
private boolean postOnly = true;
private boolean allowEmptyValidateCode = false;
private String sessionvalidateCodeField = DEFAULT_SESSION_VALIDATE_CODE_FIELD;
private String validateCodeParameter = DEFAULT_VALIDATE_CODE_PARAMETER;
public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
// session
public static final String DEFAULT_SESSION_VALIDATE_CODE_FIELD = "rand";
//
public static final String DEFAULT_VALIDATE_CODE_PARAMETER = "code";
@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
if (postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException(
"Authentication method not supported: "
+ request.getMethod());
}
String username = obtainUsername(request);
String password = obtainPassword(request);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
username = username.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
username, password);
// Place the last username attempted into HttpSession for views
HttpSession session = request.getSession(false);
if (session != null || getAllowSessionCreation()) {
request.getSession().setAttribute(
SPRING_SECURITY_LAST_USERNAME_KEY,
TextEscapeUtils.escapeEntities(username));
}
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
// check validate code
if (!isAllowEmptyValidateCode())
checkValidateCode(request);
//
AdminUser adminUser = ServiceManager.getInstance()
.getAdminUserService()
.login(username, MD5.getMD5ofStr(password));
session.setAttribute(GlobalParameter.HT_ADMIN_LOGIN_USER_SESSION_NAME,
adminUser);
return this.getAuthenticationManager().authenticate(authRequest);
}
/**
*
* <li> session </li>
*
*/
protected void checkValidateCode(HttpServletRequest request) {
String sessionValidateCode = obtainSessionValidateCode(request);
String validateCodeParameter = obtainValidateCodeParameter(request);
if (StringUtils.isEmpty(validateCodeParameter)
|| !sessionValidateCode.equalsIgnoreCase(validateCodeParameter)) {
throw new AuthenticationServiceException(" !");
}
}
private String obtainValidateCodeParameter(HttpServletRequest request) {
return request.getParameter(validateCodeParameter);
}
protected String obtainSessionValidateCode(HttpServletRequest request) {
Object obj = request.getSession()
.getAttribute(sessionvalidateCodeField);
return null == obj ? "" : obj.toString();
}
public boolean isPostOnly() {
return postOnly;
}
@Override
public void setPostOnly(boolean postOnly) {
this.postOnly = postOnly;
}
public String getValidateCodeName() {
return sessionvalidateCodeField;
}
public void setValidateCodeName(String validateCodeName) {
this.sessionvalidateCodeField = validateCodeName;
}
public boolean isAllowEmptyValidateCode() {
return allowEmptyValidateCode;
}
public void setAllowEmptyValidateCode(boolean allowEmptyValidateCode) {
this.allowEmptyValidateCode = allowEmptyValidateCode;
}
}