使用spring security 2.0 和extjs 3.0实现web登录

1开发环境说明

本例使用MyEclipse 6.5作为开发工具,jdk1.5作为编译工具,tomcat6.0作为web运行服务器。

2开发步骤

2.1搭建web项目

关于搭建web项目相关的文档网上有很多,在此略过。搭建成功后项目结构如下图

项目依赖的jar包如下图

2.2编辑登录页面

2.2.1 index.jsp源码

本项目中把index.jsp作为登录页面。代码如下:

<%@ taglib prefix='c' uri='http://Java.sun.com/jstl/core_rt' %>

<%@ page import="org.springframework.security.ui.AbstractProcessingFilter" %>

<%@ page import="org.springframework.security.ui.webapp.AuthenticationProcessingFilter" %>

<%@ page import="org.springframework.security.AuthenticationException" %>

<c:set var="ctx" value="${pageContext.request.contextPath}"/>

<%

String path = request.getContextPath();

String basePath = request.getScheme() + "://"

+ request.getServerName() + ":" + request.getServerPort()

+ path + "/";

String strLocale = request.getParameter("locale");

%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<title>Spring Security + ExtJS Login</title>

<!-- Ext JS files -->

<link rel="stylesheet" type="text/css" href="${ctx}/ext-3.0.0/resources/css/ext-all.css"/>

<script src="${ctx}/ext-3.0.0/adapter/ext/ext-base.js"></script>

<script src="${ctx}/ext-3.0.0/ext-all.js"></script>

<!-- login form -->

<script src="${ctx}/js/login.js"></script>

</head>

<body>

<br><br><br><br><br>

<center>

<div id="login"></div>

</center>

</body>

</html>
2.2.2 index.jsp源码说明

在Index.jsp文件中,代码“<link rel="stylesheet" type="text/css" href="${ctx}/ext-3.0.0/resources/css/ext-all.css" />”是引用extjs的样式。代码“<script src="${ctx}/ext-3.0.0/adapter/ext/ext-base.js"></script>”是加载extjs基本包。

代码“<script src="${ctx}/ext-3.0.0/ext-all.js"></script>”是加载extjs核心包。

代码“<script src="${ctx}/js/login.js"></script>”extjs登录表单。关于login.js的内容,将会在后面小节中介绍。

2.2.3 login.js源码

login.js文件中定义的就是extjs登录表单。代码如下:

Ext.onReady(function(){

Ext.QuickTips.init();

var login = new Ext.FormPanel({

labelWidth:80,

url:'j_spring_security_check',

frame:true,

title:'Please Login',

defaultType:'textfield',

width:300,

height:150,

monitorValid:true,

items:[{

fieldLabel:'Username',

name:'j_username',

allowBlank:false

},{

fieldLabel:'Password',

name:'j_password',

inputType:'password',

allowBlank:false

}],

buttons:[{

text:'Login',

formBind: true,

handler:function(){

login.getForm().submit({

method:'POST',

success:function(){

Ext.Msg.alert('Status', 'Login Successful!', function(btn, text){

if (btn == 'ok'){

window.location = 'main.action';

}

});

},

failure:function(form, action){

if(action.failureType == 'server'){

obj = Ext.util.JSON.decode(action.response.responseText);

Ext.Msg.alert('Login Failed!', obj.errors.reason);

}else{

Ext.Msg.alert('Warning!', 'Authentication server is unreachable : ' + action.response.responseText);

}

login.getForm().reset();

}

});

}

}]

});

login.render('login');

});
2.2.4 index.js源码说明

在index.js中定义了一个login表单,url:'j_spring_security_check'对应spring security的登录验证地址。表单里放了两个输入域'j_username'、'j_password',分别对应用户名和密码。表单中还有一个登录按钮'Login',点击按钮提交到后台执行登录验证。验证成功跳转到'main.action',验证失败则提示失败信息。'main.action'是在spring mvc中定义访问地址。具体见2.3节,配置spring mvc.

2.3配置spring mvc

本项目中的spring mvc用到2个文件,src目录下com.loiane.controller.MainController.java和WEB-INF目录下的spring-security-extjs-login-servlet.xml。

2.3.1 spring-security-extjs-login-servlet.xml源码

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">

<bean name="/*.action" class="com.loiane.controller.MainController">

</bean>

</beans>
2.3.2 spring-security-extjs-login-servlet.xml源码说明

spring-security-extjs-login-servlet.xml用于URL地址映射,把类似"/*.action"的请求地址映射到com.loiane.controller.MainController.java控制器类做进一步处理,文件中有一句代码:“<bean name="/*.action" class="com.loiane.controller.MainController"></bean>”。

2.3.3 com.loiane.controller.MainController.java源码

package com.loiane.controller;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.ModelAndView;

import org.springframework.web.servlet.mvc.multiaction.MultiActionController;

public class MainController extends MultiActionController  {

public ModelAndView main(HttpServletRequest request,

HttpServletResponse response) throws Exception {

return new ModelAndView("main.jsp");

}

}
2.3.4 com.loiane.controller.MainController.java源码说明

com.loiane.controller.MainController.java继承

org.springframework.web.servlet.mvc.multiaction.MultiActionController.java类,跳转到main.jsp。

2.3.5 main.jsp源码

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"

pageEncoding="ISO-8859-1"%>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

<title>Spring Security + ExtJS Login</title>

</head>

<body>

<h1>You are successfully authenticated!</h1>

</body>

</html>

2.4配置spring security

本项目中的spring security用到2个文件,src目录下com.loiane.security.MyAuthenticationProcessingFilter.java和WEB-INF目录下的applicationContext-security.xml。

2.4.1 applicationContext-security.xml源码

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

xmlns:security="http://www.springframework.org/schema/security"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd

http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">

<security:global-method-security />

<security:http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">

<security:intercept-url pattern="/index.jsp" filters="none" />

<security:intercept-url pattern="/*.action" access="ROLE_USER" />

</security:http>

<bean id="authenticationProcessingFilter" class="com.loiane.security.MyAuthenticationProcessingFilter">

<security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />

<property name="defaultTargetUrl" value="/main.html" />

<property name="authenticationManager" ref="authenticationManager" />

</bean>

<security:authentication-manager alias="authenticationManager" />

<bean id="authenticationProcessingFilterEntryPoint"

class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">

<property name="loginFormUrl" value="/index.jsp" />

<property name="forceHttps" value="false" />

</bean>

<!--

Usernames/Passwords are

admin/111111

dianne/111111

scott/111111

peter/111111

These passwords are from spring security app example

-->

<security:authentication-provider>

<security:password-encoder hash="md5"/>

<security:user-service>

<security:user name=" admin " password="96e79218965eb72c92a549dd5a330112" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />

<security:user name="dianne" password="96e79218965eb72c92a549dd5a330112" authorities="ROLE_USER,ROLE_TELLER" />

<security:user name="scott" password="96e79218965eb72c92a549dd5a330112" authorities="ROLE_USER" />

<security:user name="peter" password="96e79218965eb72c92a549dd5a330112" authorities="ROLE_USER" />

< /security:user-service>

</security:authentication-provider>

</beans>
2.4.2 applicationContext-security.xml源码说明

在applicationContext-security.xml文件中配置登录权限验证。

<security:http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">

<security:intercept-url pattern="/index.jsp" filters="none" />

<security:intercept-url pattern="/*.action" access="ROLE_USER" />

</security:http>

这段配置表示:我们要保护应用程序中的/*.action的URL,只有拥有ROLE_USER角色的用户才能访问。任何角色的用户都可以访问/index.jsp。你可以使用多个<intercept-url>元素为不同URL的集合定义不同的访问需求,它们会被归入一个有序队列中,每次取出最先匹配的一个元素使用。所以你必须把期望使用的匹配条件放到最上边。entry-point-ref="authenticationProcessingFilterEntryPoint"表示定义一个权限验证的入口authenticationProcessingFilterEntryPoint。

<bean id="authenticationProcessingFilter" class="com.loiane.security.MyAuthenticationProcessingFilter">

<security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />

<property name="defaultTargetUrl" value="/main.html" />

<property name="authenticationManager" ref="authenticationManager" />

</bean>

这段配置定义自定义权限处理过滤器com.loiane.security.MyAuthenticationProcessingFilter,defaultTargetUrl指定验证成功或失败后转向的页面,authenticationManager引用权限管理器。

<bean id="authenticationProcessingFilterEntryPoint"      class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">

<property name="loginFormUrl" value="/index.jsp" />

<property name="forceHttps" value="false" />

</bean>

这段配置定义权限验证入口,指定登录页面为/index.jsp,不使用https协议。

<security:authentication-provider>

<security:password-encoder hash="md5"/>

<security:user-service>

<security:user name="admin" password="96e79218965eb72c92a549dd5a330112" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />

<security:user name="dianne" password="96e79218965eb72c92a549dd5a330112" authorities="ROLE_USER,ROLE_TELLER" />

<security:user name="scott" password="96e79218965eb72c92a549dd5a330112" authorities="ROLE_USER" />

<security:user name="peter" password="96e79218965eb72c92a549dd5a330112" authorities="ROLE_USER" />

< /security:user-service>

</security:authentication-provider>

</beans>

这段配置定义了4个用户,密码使用md5加密,admin密码为111111拥有ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER三个角色、dianne密码为111111拥有ROLE_USER,ROLE_TELLER两个角色、scott密码为111111拥有ROLE_USER角色、peter密码为111111拥有ROLE_USER角色。

2.4.3 com.loiane.security.MyAuthenticationProcessingFilter.java源码

package com.loiane.security;

import java.io.IOException;

import java.io.Writer;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpServletResponseWrapper;

import org.springframework.security.Authentication;

import org.springframework.security.AuthenticationException;

import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;

public class MyAuthenticationProcessingFilter extends AuthenticationProcessingFilter {

protected void onSuccessfulAuthentication(HttpServletRequest request,

HttpServletResponse response, Authentication authResult)

throws IOException {

super.onSuccessfulAuthentication(request, response, authResult);

HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper(response);

Writer out = responseWrapper.getWriter();

String targetUrl = determineTargetUrl( request );

out.write("{success:true, targetUrl : \'" + targetUrl + "\'}");

out.close();

}

protected void onUnsuccessfulAuthentication( HttpServletRequest request,

HttpServletResponse response, AuthenticationException failed )

throws IOException {

HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper(response);

Writer out = responseWrapper.getWriter();

out.write("{ success: false, errors: { reason: 'Login failed. Try again.' }}");

                out.close();

}

}
2.4.4 com.loiane.security.MyAuthenticationProcessingFilter.java源码说明

com.loiane.security.MyAuthenticationProcessingFilter.java继承于

org.springframework.security.ui.webapp.AuthenticationProcessingFilter.java类,重写了

onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult)和onUnsuccessfulAuthentication( HttpServletRequest request, HttpServletResponse response, AuthenticationException failed )方法。在onSuccessfulAuthentication()方法中返回验证成功后的跳转地址,在onUnsuccessfulAuthentication()方法中返回验证失败的信息。

2.5配置web.xml

2.5.1 web.xml源码

<?xml version="1.0" encoding="UTF-8"?>

<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<display-name>spring-security-extjs-login</display-name>

<context-param>

<param-name>contextConfigLocation</param-name>

<param-value>

/WEB-INF/spring-security-extjs-login-servlet.xml

/WEB-INF/applicationContext-security.xml

</param-value>

</context-param>

<filter>

<filter-name>springSecurityFilterChain</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>springSecurityFilterChain</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<listener>    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

</listener>

<servlet>

<servlet-name>spring-security-extjs-login</servlet-name>

<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

<load-on-startup>1</load-on-startup>

</servlet>

<servlet-mapping>

<servlet-name>spring-security-extjs-login</servlet-name>

<url-pattern>*.action</url-pattern>

</servlet-mapping>

<welcome-file-list>

<welcome-file>index.jsp</welcome-file>

</welcome-file-list>

</web-app>
2.5.1 web.xml源码说明

<context-param>

<param-name>contextConfigLocation</param-name>

<param-value>

/WEB-INF/spring-security-extjs-login-servlet.xml

/WEB-INF/applicationContext-security.xml

</param-value>

</context-param>

<filter>

这段代码配置spring使用的相关配置文件。/WEB-INF/spring-security-extjs-login-servlet.xml是关于spring mvc的相关配置。/WEB-INF/applicationContext-security.xml是关于登录权限验证相关的配置。

<filter>

<filter-name>springSecurityFilterChain</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>springSecurityFilterChain</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

这段代码配置spring过滤链。处理所有URL地址。

<listener>    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

</listener>

这段代码注册spring监听器。

<servlet>

<servlet-name>spring-security-extjs-login</servlet-name>

<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

<load-on-startup>1</load-on-startup>

</servlet>

<servlet-mapping>

<servlet-name>spring-security-extjs-login</servlet-name>

<url-pattern>*.action</url-pattern>

</servlet-mapping>

这段代码注册spring mvc,处理*.action的请求。

2.6运行效果

登录页面

登录页面-验证成功提示

登录页面-验证成功后跳转到main.jsp页面

登录页面-验证失败提示

3参考文档

http://loianegroner.com/2010/02/integrating-spring-security-with-extjs-login-page/#comments

使用spring security 2.0 和extjs 3.0实现web登录的更多相关文章

  1. Spring Security(三十七):Part IV. Web Application Security

    Most Spring Security users will be using the framework in applications which make user of HTTP and t ...

  2. Spring Security 实战干货:从零手写一个验证码登录

    1. 前言 前面关于Spring Security写了两篇文章,一篇是介绍UsernamePasswordAuthenticationFilter,另一篇是介绍 AuthenticationManag ...

  3. Spring Security构建Rest服务-1000-使用SpringSocial开发第三方登录之大白话OAuth协议

    OAuth协议简介 OAuth协议要解决的问题    OAuth协议中的各种角色 OAuth协议运行流程 OAuth协议,在网上也看了一些资料,意思就是给你颁发一个临时的通行证,你拿着这个通行证可以访 ...

  4. Spring Security 5.0.x 参考手册 【翻译自官方GIT-2018.06.12】

    源码请移步至:https://github.com/aquariuspj/spring-security/tree/translator/docs/manual/src/docs/asciidoc 版 ...

  5. Spring Security实现OAuth2.0授权服务 - 基础版

    一.OAuth2.0协议 1.OAuth2.0概述 OAuth2.0是一个关于授权的开放网络协议. 该协议在第三方应用与服务提供平台之间设置了一个授权层.第三方应用需要服务资源时,并不是直接使用用户帐 ...

  6. Spring Security笔记:Hello World

    本文演示了Spring Security的最最基本用法,二个页面(或理解成二个url),一个需要登录认证后才能访问(比如:../admin/),一个可匿名访问(比如:../welcome) 注:以下内 ...

  7. spring security 3.2 配置详解(结合数据库)

    没事就来了解下spring security.网上找了很多资料.有过时的,也有不是很全面的.各种问题也算是让我碰了个遍.这样吧.我先把整个流程写下来,之后在各个易混点分析吧. 1.建立几个必要的页面. ...

  8. [spring security] spring security 4 基础Demo

    依赖包: <properties> <junit.version>4.11</junit.version> <spring.version>4.1.6. ...

  9. spring security源码分析之一springSecurityFilterChain

    1. spring和spring security的集成,配置web.xml如下: <context-param> <param-name>contextConfigLocat ...

随机推荐

  1. C#常用修饰符

    访问修饰符 访问修饰符是一些关键字,用于指定声明的成员或类型的可访问性,C#有4个访问修饰符:public.private.protected.internal,使用这些访问修饰符可以指定以下5个访问 ...

  2. Entity Framework Core 生成跟踪列-阴影属性

    摘自:https://www.cnblogs.com/tdfblog/p/entity-framework-core-generate-tracking-columns.html Ef Core 官方 ...

  3. Spring IOC 容器源码分析 - 填充属性到 bean 原始对象

    1. 简介 本篇文章,我们来一起了解一下 Spring 是如何将配置文件中的属性值填充到 bean 对象中的.我在前面几篇文章中介绍过 Spring 创建 bean 的流程,即 Spring 先通过反 ...

  4. pyqt5 Button.click 报错:argument 1 has unexpected type 'NoneType'

    如上所示,在括号中,添加‘lambda:’,就可以成功运行,不知道为啥. 参考:https://blog.csdn.net/flhsxyz/article/details/79220936?utm_s ...

  5. [HAOI2018]染色(容斥+NTT)

    补充一篇详细得不能再详细的题解,比如让我自己看懂. 可能与前面的题解有些相同,我想补充一下自己的想法. 显然,最多 \(K\) 最大为 \(N=min(\lfloor \frac nS\rfloor, ...

  6. webApp在各大Android市场上的发布

    本来打算每个月都写上一篇博客的,可是计划永远赶不上变化,不过这其中也有自己的懒惰,果然过年让整个人懈怠了不少.年后一直在赶项目以致于到今天才动手写这篇文章. 这一篇主要写点在公司的要求下发布的webA ...

  7. WebDriver高级应用实例(5)

    5.1对象库(UI Map) 目的:能够使用配置文件存储被测试页面上的元素的定位方式和定位表达式,做到定位数据和程序的分离.方便不具备编码能力的测试人员进行修改和配置. 被测网页的网址: http:/ ...

  8. jquery中的ajax请求,阻塞ui线程的解决方案(自己总结的demo)

    /*****************************************************/ function getAjaxData(url,data){ showLoading( ...

  9. 03-01 Java运算符

    (1)算术运算符 A:+,-,*,/,%,++,-- B:+的用法 a:加法 b:正号 c:字符串连接符 C:/和%的区别 数据做除法操作的时候,/取得是商,%取得是余数 D:++和--的用法 a:他 ...

  10. 课程一(Neural Networks and Deep Learning),第四周(Deep Neural Networks)——2.Programming Assignments: Building your Deep Neural Network: Step by Step

    Building your Deep Neural Network: Step by Step Welcome to your third programming exercise of the de ...