碼上歡樂
相關內容    簡體    繁體

SpringSecurity學習二----------實現自定義登錄界面

本文轉載自   查看原文   2017-04-06 09:44   1597 

© 版權聲明:本文為博主原創文章,轉載請注明出處

1.項目結構

2.pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	
	<modelVersion>4.0.0</modelVersion>
	
	<groupId>org.springsecurity</groupId>
	<artifactId>SpringSecurity</artifactId>
	<packaging>war</packaging>
	<version>0.0.1-SNAPSHOT</version>
	<name>SpringSecurity Maven Webapp</name>
	<url>http://maven.apache.org</url>
	
	<!-- 統一版本 -->
	<properties>
		<jdk.version>1.7</jdk.version>
		<spring.version>4.3.5.RELEASE</spring.version>
		<spring.security.version>4.2.1.RELEASE</spring.security.version>
	</properties>
	
	<dependencies>
		<!-- junit依賴 -->
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<version>4.12</version>
			<scope>test</scope>
		</dependency>
		<!-- spring依賴 -->
		<dependency>
		    <groupId>org.springframework</groupId>
		    <artifactId>spring-core</artifactId>
		    <version>${spring.version}</version>
		</dependency>
		<dependency>
		    <groupId>org.springframework</groupId>
		    <artifactId>spring-web</artifactId>
		    <version>${spring.version}</version>
		</dependency>
		<dependency>
		    <groupId>org.springframework</groupId>
		    <artifactId>spring-webmvc</artifactId>
		    <version>${spring.version}</version>
		</dependency>
		<!-- spring security依賴 -->
		<dependency>
		    <groupId>org.springframework.security</groupId>
		    <artifactId>spring-security-web</artifactId>
		    <version>${spring.security.version}</version>
		</dependency>
		<dependency>
		    <groupId>org.springframework.security</groupId>
		    <artifactId>spring-security-config</artifactId>
		    <version>${spring.security.version}</version>
		</dependency>
		<!-- jsp、servlet依賴 -->
		<dependency>
		    <groupId>jstl</groupId>
		    <artifactId>jstl</artifactId>
		    <version>1.2</version>
		</dependency>
		<dependency>
		    <groupId>taglibs</groupId>
		    <artifactId>standard</artifactId>
		    <version>1.1.2</version>
		</dependency>
		<dependency>
		    <groupId>javax.servlet</groupId>
		    <artifactId>javax.servlet-api</artifactId>
		    <version>3.1.0</version>
		</dependency>
	</dependencies>
	<build>
	  <finalName>SpringSecurity</finalName>
	</build>
</project>

3.mvc-dispatcher-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd">

	<!-- 開啟包掃描 -->
	<context:component-scan base-package="org.springsecurity.*"/>
	
	<!-- 定義視圖解析器 -->
	<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="prefix">
			<value>/WEB-INF/pages/</value>
		</property>
		<property name="suffix">
			<value>.jsp</value>
		</property>
	</bean>
        
</beans>

4.spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security.xsd">
        
    <security:http auto-config="true">
    	<!-- 指定需要攔截的URL,並設置訪問所需的角色 -->
    	<security:intercept-url pattern="/admin**" access="hasRole('ROLE_USER')"/>
    	<!-- login-page:用來顯示自定義登錄表單的頁面(修訂①)
    		default-target-url:指定身份驗證通過后默認展示的頁面(修訂②)
    		authentication-failure-url:如果驗證失敗,則轉向URL
    		username-parameter:表示登錄時用戶使用的是哪個參數,即用戶名輸入框的name
    		password-parameter:表示登錄時密碼使用的是哪個參數,即密碼輸入框的name
    		 -->
    	<security:form-login login-page="/login" default-target-url="/welcome" 
    		authentication-failure-url="/login?error" username-parameter="username"
    		password-parameter="password"/>
    	<!-- 開啟csrf,在登錄或注銷頁面都必須包含_csrf.token -->
    	<security:csrf/>
    </security:http>
    
    <security:authentication-manager>
    	<security:authentication-provider>
			<security:user-service>
				<!-- 設置用戶的密碼和角色 -->
				<security:user name="admin" password="123456" authorities="ROLE_USER" />
			</security:user-service>    	
    	</security:authentication-provider>
    </security:authentication-manager>
    
</beans>

5.web.xml

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
  	version="3.0" metadata-complete="true">
  	
  	<!-- Spring MVC -->
  	<servlet>
  		<servlet-name>mvc-dispatcher</servlet-name>
  		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
  		<init-param>
  			<param-name>contextConfigLocation</param-name>
  			<param-value>classpath:mvc-dispatcher-servlet.xml</param-value>
  		</init-param>
  	</servlet>
  	<servlet-mapping>
  		<servlet-name>mvc-dispatcher</servlet-name>
  		<url-pattern>/</url-pattern>
  	</servlet-mapping>
  	
  	<listener>
  		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  	</listener>
  	
  	<!-- 加載spring-security配置文件 -->
  	<context-param>
  		<param-name>contextConfigLocation</param-name>
  		<param-value>classpath:spring-security.xml</param-value>
  	</context-param>
  	
  	<!-- spring security -->
  	<filter>
  		<filter-name>springSecurityFilterChain</filter-name>
  		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  	</filter>
  	<filter-mapping>
  		<filter-name>springSecurityFilterChain</filter-name>
  		<url-pattern>/*</url-pattern>
  	</filter-mapping>
  	
</web-app>

6.HelloController.java

package org.springsecurity.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

@Controller
public class HelloController {

	@RequestMapping(value = {"/", "/welcome**"}, method = RequestMethod.GET)
	public ModelAndView welcomePage() {
		
		ModelAndView model = new ModelAndView();
		model.addObject("title", "Spring Security Hello World");
		model.addObject("message", "This is welcome page!");
		model.setViewName("hello");
		return model;
		
	}
	
	@RequestMapping(value = "/admin**", method = RequestMethod.GET)
	public ModelAndView adminPage() {
		
		ModelAndView model = new ModelAndView();
		model.addObject("title", "Spring Security Hello World");
		model.addObject("message", "This is protected page!");
		model.setViewName("admin");
		return model;
		
	}
	
	@RequestMapping(value = "/login", method = RequestMethod.GET)
	public ModelAndView login(
			@RequestParam(value = "error", required = false) String error,
			@RequestParam(value = "logout", required = false) String logout) {
		
		ModelAndView model = new ModelAndView();
		if(error != null){
			model.addObject("error", "違法的用戶名或密碼!");
		}
		if(logout != null){
			model.addObject("msg", "您已成功注銷!");
		}
		model.setViewName("login");
		return model;
		
	}
	
}

7.hello.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
	<h1>標題:${title }</h1>
	<h2>消息:${message }</h2>
</body>
</html>

8.admin.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
	<h1>標題:${title }</h1>
	<h2>消息:${message }</h2>
	
	<!-- 隱藏域,用於提交注銷請求 -->
	<c:url value="/logout" var="logoutUrl"/>
	<!-- 假設注銷請求是*,若*=logout(即等於默認的注銷攔截URL),則實際請求是/login?logout
		若*!=logout,則實際請求是/*。具體原因未知。。 -->
	<form action="${logoutUrl }" method="POST" id="logoutForm">
		<!-- 開啟csrf后必須包含_csrf.token,否則報錯:
			403 Could not verify the provided CSRF token because your session was not found -->
		<input type="hidden" name="${_csrf.parameterName }" value="${_csrf.token }">
	</form>
	
	<c:if test="${pageContext.request.userPrincipal.name != null }">
		<h2>歡迎:${pageContext.request.userPrincipal.name } 
		| <a href="javascript:formSubmit()">Logout</a></h2>
	</c:if>
</body>
<script type="text/javascript">

	function formSubmit(){//提交注銷請求表單
		
		document.getElementById("logoutForm").submit();
		
	}

</script>
</html>

9.login.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body onload="focus()">
	<h1>Spring Security 自定義登錄界面</h1>
	<div id="login-box">
		<c:if test="${not empty error }">
			<div class="error"><font color="red">${error }</font><br/><br/></div>
		</c:if>
		<c:if test="${not empty msg }">
			<div class="msg"><font color="red">${msg }</font><br/><br/></div>
		</c:if>
		<!-- SpringSecurity3.x默認的登錄攔截URL是/j_spring_security_check;
			4.x默認的登錄攔截URL是/login -->
		<form name="loginForm" action="<c:url value='/login'/>" method="POST">
			<table>
				<tr>
					<td>用戶名:</td>
					<!-- name必須與spring-security.xml中配置的username-parameter一致,否則登錄認證會失敗 -->
					<td><input type="text" name="username"/></td>
				</tr>
				<tr>
					<td>密碼:</td>
					<!-- name必須與spring-security.xml中配置的password-parameter一致,否則登錄認證會失敗 -->
					<td><input type="password" name="password"></td>
				</tr>
				<tr style="text-align: center;" >
					<td colspan="2">
						<input type="reset" value="重置"/>
						<input type="submit" value="登錄"/>
					</td>
				</tr>
			</table>
			<!-- 開啟csrf后必須包含_csrf.token,否則報錯:
				403 Could not verify the provided CSRF token because your session was not found -->
			<input type="hidden" name="${_csrf.parameterName }" value="${_csrf.token }"/>
		</form>
	</div>
</body>
<script type="text/javascript">
	
	function focus(){//設置加載時鼠標焦點
		
		document.loginForm.username.focus();
		
	}

</script>
</html>

10.效果預覽

  10.1 無需訪問權限

  

  10.2 需要訪問權限(自定義登錄界面)

  

  10.3 登錄失敗

  

  10.4 登錄成功

  

  10.5 注銷

  

 

  修訂 login-page:並非是用來顯示自定義登錄表單的頁面,而是被攔截后執行的請求。

      default-target-url:並非是身份驗證通過后默認展示的頁面,而是身份驗證通過后執行的請求。

   參考:http://www.yiibai.com/spring-security/spring-security-form-login-example.html


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 SpringSecurity 自定義表單登錄 SpringSecurity5 (2) ——自定義登錄頁面 Springsecurity搭建自定義登錄頁面 SpringSecurity自定義用戶登錄 SpringSecurity自定義驗證登錄 springsecurity整合springboot實現自定義登錄頁面及訪問路徑權限配置 ADFS登錄界面自定義 TestStand 登錄界面如何自定義 SpringSecurity學習之自定義過濾器 SpringSecurity自定義UsernamePasswordAuthenticationFilter
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM