© 版权声明:本文为博主原创文章,转载请注明出处

1.项目结构

2.pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

	<modelVersion>4.0.0</modelVersion>

	<groupId>org.springsecurity</groupId>

	<artifactId>SpringSecurity</artifactId>

	<packaging>war</packaging>

	<version>0.0.1-SNAPSHOT</version>

	<name>SpringSecurity Maven Webapp</name>

	<url>http://maven.apache.org</url>

	<!-- 统一版本 -->

	<properties>

		<jdk.version>1.7</jdk.version>

		<spring.version>4.3.5.RELEASE</spring.version>

		<spring.security.version>4.2.1.RELEASE</spring.security.version>

	</properties>

	<dependencies>

		<!-- junit依赖 -->

		<dependency>

			<groupId>junit</groupId>

			<artifactId>junit</artifactId>

			<version>4.12</version>

			<scope>test</scope>

		</dependency>

		<!-- spring依赖 -->

		<dependency>

		    <groupId>org.springframework</groupId>

		    <artifactId>spring-core</artifactId>

		    <version>${spring.version}</version>

		</dependency>

		<dependency>

		    <groupId>org.springframework</groupId>

		    <artifactId>spring-web</artifactId>

		    <version>${spring.version}</version>

		</dependency>

		<dependency>

		    <groupId>org.springframework</groupId>

		    <artifactId>spring-webmvc</artifactId>

		    <version>${spring.version}</version>

		</dependency>

		<!-- spring security依赖 -->

		<dependency>

		    <groupId>org.springframework.security</groupId>

		    <artifactId>spring-security-web</artifactId>

		    <version>${spring.security.version}</version>

		</dependency>

		<dependency>

		    <groupId>org.springframework.security</groupId>

		    <artifactId>spring-security-config</artifactId>

		    <version>${spring.security.version}</version>

		</dependency>

		<!-- jsp、servlet依赖 -->

		<dependency>

		    <groupId>jstl</groupId>

		    <artifactId>jstl</artifactId>

		    <version>1.2</version>

		</dependency>

		<dependency>

		    <groupId>taglibs</groupId>

		    <artifactId>standard</artifactId>

		    <version>1.1.2</version>

		</dependency>

		<dependency>

		    <groupId>javax.servlet</groupId>

		    <artifactId>javax.servlet-api</artifactId>

		    <version>3.1.0</version>

		</dependency>

	</dependencies>

	<build>

	  <finalName>SpringSecurity</finalName>

	</build>

</project>

3.mvc-dispatcher-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xmlns:context="http://www.springframework.org/schema/context"

    xsi:schemaLocation="http://www.springframework.org/schema/beans

        http://www.springframework.org/schema/beans/spring-beans.xsd

        http://www.springframework.org/schema/context

        http://www.springframework.org/schema/context/spring-context.xsd">

	<!-- 开启包扫描 -->

	<context:component-scan base-package="org.springsecurity.*"/>

	<!-- 定义视图解析器 -->

	<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">

		<property name="prefix">

			<value>/WEB-INF/pages/</value>

		</property>

		<property name="suffix">

			<value>.jsp</value>

		</property>

	</bean>

</beans>

4.spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xmlns:security="http://www.springframework.org/schema/security"

    xsi:schemaLocation="http://www.springframework.org/schema/beans

        http://www.springframework.org/schema/beans/spring-beans.xsd

        http://www.springframework.org/schema/security

        http://www.springframework.org/schema/security/spring-security.xsd">

    <security:http auto-config="true">

    	<!-- 指定需要拦截的URL,并设置访问所需的角色 -->

    	<security:intercept-url pattern="/admin**" access="hasRole('ROLE_USER')"/>

    	<!-- login-page:用来显示自定义登录表单的页面(修订①)

    		default-target-url:指定身份验证通过后默认展示的页面(修订②)

    		authentication-failure-url:如果验证失败,则转向URL

    		username-parameter:表示登录时用户使用的是哪个参数,即用户名输入框的name

    		password-parameter:表示登录时密码使用的是哪个参数,即密码输入框的name

    		 -->

    	<security:form-login login-page="/login" default-target-url="/welcome"

    		authentication-failure-url="/login?error" username-parameter="username"

    		password-parameter="password"/>

    	<!-- 开启csrf,在登录或注销页面都必须包含_csrf.token -->

    	<security:csrf/>

    </security:http>

    <security:authentication-manager>

    	<security:authentication-provider>

			<security:user-service>

				<!-- 设置用户的密码和角色 -->

				<security:user name="admin" password="123456" authorities="ROLE_USER" />

			</security:user-service>

    	</security:authentication-provider>

    </security:authentication-manager>

</beans>

5.web.xml

<web-app xmlns="http://java.sun.com/xml/ns/javaee"

	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

  	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee

                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"

  	version="3.0" metadata-complete="true">

  	<!-- Spring MVC -->

  	<servlet>

  		<servlet-name>mvc-dispatcher</servlet-name>

  		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

  		<init-param>

  			<param-name>contextConfigLocation</param-name>

  			<param-value>classpath:mvc-dispatcher-servlet.xml</param-value>

  		</init-param>

  	</servlet>

  	<servlet-mapping>

  		<servlet-name>mvc-dispatcher</servlet-name>

  		<url-pattern>/</url-pattern>

  	</servlet-mapping>

  	<listener>

  		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

  	</listener>

  	<!-- 加载spring-security配置文件 -->

  	<context-param>

  		<param-name>contextConfigLocation</param-name>

  		<param-value>classpath:spring-security.xml</param-value>

  	</context-param>

  	<!-- spring security -->

  	<filter>

  		<filter-name>springSecurityFilterChain</filter-name>

  		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

  	</filter>

  	<filter-mapping>

  		<filter-name>springSecurityFilterChain</filter-name>

  		<url-pattern>/*</url-pattern>

  	</filter-mapping>

</web-app>

6.HelloController.java

package org.springsecurity.controller;

import org.springframework.stereotype.Controller;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RequestMethod;

import org.springframework.web.bind.annotation.RequestParam;

import org.springframework.web.servlet.ModelAndView;

@Controller

public class HelloController {

	@RequestMapping(value = {"/", "/welcome**"}, method = RequestMethod.GET)

	public ModelAndView welcomePage() {

		ModelAndView model = new ModelAndView();

		model.addObject("title", "Spring Security Hello World");

		model.addObject("message", "This is welcome page!");

		model.setViewName("hello");

		return model;

	}

	@RequestMapping(value = "/admin**", method = RequestMethod.GET)

	public ModelAndView adminPage() {

		ModelAndView model = new ModelAndView();

		model.addObject("title", "Spring Security Hello World");

		model.addObject("message", "This is protected page!");

		model.setViewName("admin");

		return model;

	}

	@RequestMapping(value = "/login", method = RequestMethod.GET)

	public ModelAndView login(

			@RequestParam(value = "error", required = false) String error,

			@RequestParam(value = "logout", required = false) String logout) {

		ModelAndView model = new ModelAndView();

		if(error != null){

			model.addObject("error", "违法的用户名或密码!");

		}

		if(logout != null){

			model.addObject("msg", "您已成功注销!");

		}

		model.setViewName("login");

		return model;

	}

}

7.hello.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"

    pageEncoding="UTF-8"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>Insert title here</title>

</head>

<body>

	<h1>标题:${title }</h1>

	<h2>消息:${message }</h2>

</body>

</html>

8.admin.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"

    pageEncoding="UTF-8"%>

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>Insert title here</title>

</head>

<body>

	<h1>标题:${title }</h1>

	<h2>消息:${message }</h2>

	<!-- 隐藏域,用于提交注销请求 -->

	<c:url value="/logout" var="logoutUrl"/>

	<!-- 假设注销请求是*,若*=logout(即等于默认的注销拦截URL),则实际请求是/login?logout

		若*!=logout,则实际请求是/*。具体原因未知。。 -->

	<form action="${logoutUrl }" method="POST" id="logoutForm">

		<!-- 开启csrf后必须包含_csrf.token,否则报错:

			403 Could not verify the provided CSRF token because your session was not found -->

		<input type="hidden" name="${_csrf.parameterName }" value="${_csrf.token }">

	</form>

	<c:if test="${pageContext.request.userPrincipal.name != null }">

		<h2>欢迎:${pageContext.request.userPrincipal.name }

		| <a href="javascript:formSubmit()">Logout</a></h2>

	</c:if>

</body>

<script type="text/javascript">

	function formSubmit(){//提交注销请求表单

		document.getElementById("logoutForm").submit();

	}

</script>

</html>

9.login.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"

    pageEncoding="UTF-8"%>

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>Insert title here</title>

</head>

<body onload="focus()">

	<h1>Spring Security 自定义登录界面</h1>

	<div id="login-box">

		<c:if test="${not empty error }">

			<div class="error"><font color="red">${error }</font><br/><br/></div>

		</c:if>

		<c:if test="${not empty msg }">

			<div class="msg"><font color="red">${msg }</font><br/><br/></div>

		</c:if>

		<!-- SpringSecurity3.x默认的登录拦截URL是/j_spring_security_check;

			4.x默认的登录拦截URL是/login -->

		<form name="loginForm" action="<c:url value='/login'/>" method="POST">

			<table>

				<tr>

					<td>用户名:</td>

					<!-- name必须与spring-security.xml中配置的username-parameter一致,否则登录认证会失败 -->

					<td><input type="text" name="username"/></td>

				</tr>

				<tr>

					<td>密码:</td>

					<!-- name必须与spring-security.xml中配置的password-parameter一致,否则登录认证会失败 -->

					<td><input type="password" name="password"></td>

				</tr>

				<tr style="text-align: center;" >

					<td colspan="2">

						<input type="reset" value="重置"/>

						<input type="submit" value="登录"/>

					</td>

				</tr>

			</table>

			<!-- 开启csrf后必须包含_csrf.token,否则报错:

				403 Could not verify the provided CSRF token because your session was not found -->

			<input type="hidden" name="${_csrf.parameterName }" value="${_csrf.token }"/>

		</form>

	</div>

</body>

<script type="text/javascript">

	function focus(){//设置加载时鼠标焦点

		document.loginForm.username.focus();

	}

</script>

</html>

10.效果预览

  10.1 无需访问权限

  

  10.2 需要访问权限(自定义登录界面)

  

  10.3 登录失败

  

  10.4 登录成功

  

  10.5 注销

  

  修订: ① login-page:并非是用来显示自定义登录表单的页面,而是被拦截后执行的请求。

      ② default-target-url:并非是身份验证通过后默认展示的页面,而是身份验证通过后执行的请求。

  参考:http://www.yiibai.com/spring-security/spring-security-form-login-example.html

SpringSecurity学习二----------实现自定义登录界面的更多相关文章

  1. FineReport中如何自定义登录界面

    在登录平台时,不希望使用FR默认的内置登录界面,想通过自定义登录界面实现登录操作,内置登录界面如下图: 登录界面,获取到用户名和密码的值,发送到报表系统,报表服务带着这两个参数访问认证地址进行认证. ...

  2. Wix 安装部署(二)自定义安装界面和行为

    上一篇介绍了如何联合MSBuild来自动生成打包文件和对WIX的一些初步认识,http://www.cnblogs.com/stoneniqiu/p/3355086.html . 这篇会在上篇的基础上 ...

  3. spring security使用自定义登录界面后,不能返回到之前的请求界面的问题

    昨天因为集成spring security oauth2,所以对之前spring security的配置进行了一些修改,然后就导致登录后不能正确跳转回被拦截的页面,而是返回到localhost根目录. ...

  4. Spring-Security (学习记录五)--配置登录时,密码采用md5加密,以及获取登录信息属性监听同步自己想要的登录信息

    目录 1. PasswordEncoder 采用密码加密 2. 获取当前的用户信息 1. PasswordEncoder 采用密码加密 使用前面的例子.可以看出我们数据库密码是采用明文的,我们在登录的 ...

  5. dubbo源码学习(二) : spring 自定义标签

    做dubbo的配置时很容易发现,dubbo有一套自己的标签,提供给开发者配置,其实每一个标签对应着一个 实体,在容器启动的时候,dubbo会对所有的配置进行解析然后将解析后的内容设置到实体里,最终du ...

  6. spring security 学习二

    doc:https://docs.spring.io/spring-security/site/docs/ 基于表单的认证(个性化认证流程): 一.自定义登录页面 1.在securityConfigy ...

  7. SpringSecurity学习三----------通过Security标签库简单显示视图

    © 版权声明:本文为博主原创文章,转载请注明出处 1.项目结构 2.pom.xml <project xmlns="http://maven.apache.org/POM/4.0.0& ...

  8. CAS自定义登录验证方法

    一.CAS登录认证原理 CAS认证流程如下图: CAS服务器的org.jasig.cas.authentication.AuthenticationManager负责基于提供的凭证信息进行用户认证.与 ...

  9. CAS实战の自定义登录

    由于每个版本的改动较大,所以先把版本号列出: 服务端版本:cas server 4.0.0 客户端版本:cas client 3.3.3 一.自定义登录页面 页面路径:/WebContent/WEB- ...

随机推荐

  1. ZOJ 3937 More Health Points (2016 浙江省赛 B题,可持久维护凸壳)

    题目链接  2016 ZJCPC Problem B 题意  CF 660F的树上版本. 其他做的方法都差不多,关键是把凸壳放到树上. 每次确定扔掉几个元素的时候直接$O(1)$修改(先不清楚这个位置 ...

  2. hdu6053

    hdu6053 题意 给出 \(A\) 数组,问有多少种 \(B\) 数组满足下面条件. \(1≤ B_i ≤ A_i\) For each pair \(( l , r ) \ (1≤l≤r≤n) ...

  3. 洛谷—— P1869 愚蠢的组合数

    https://www.luogu.org/problemnew/show/1869 题目描述 最近老师教了狗狗怎么算组合数,狗狗又想到了一个问题... 狗狗定义C(N,K)表示从N个元素中不重复地选 ...

  4. UVA——11988 Broken Keyboard (a.k.a. Beiju Text)

    11988 Broken Keyboard (a.k.a. Beiju Text)You’re typing a long text with a broken keyboard. Well it’s ...

  5. outlook preview setup

    ow To Show Subject Above/Below Sender In Mail List In Outlook? Normally in the compact view of a mai ...

  6. Static和Final修饰类属性变量及初始化

    1.static修饰一个属性字段,那么这个属性字段将成为类本身的资源,public修饰为共有的,可以在类的外部通过test.a来访问此属性;在类内部任何地方可以使用.如果被修饰为private私有,那 ...

  7. luogu P1332 血色先锋队

    题目描述 巫妖王的天灾军团终于卷土重来,血色十字军组织了一支先锋军前往诺森德大陆对抗天灾军团,以及一切沾有亡灵气息的生物.孤立于联盟和部落的血色先锋军很快就遭到了天灾军团的重重包围,现在他们将主力只好 ...

  8. unity3d 网页游戏客户端工程构建方案

    将一个项目分为两个编辑环境,一个是editor,一个是target. editor只是策划人员拖拖拽拽编辑场景,打包时程序自动将每个场景资源打包生成一个XXX.unity3d文件,并最后生成一个场景配 ...

  9. 在java代码中设置margin

    我们平常可以直接在xml里设置margin,如: <ImageView android:layout_margin="5dip" android:src="@dra ...

  10. JQuery插件开发格式

    原地址 一.jQuery扩展 1.$.extend(object) 类似于.Net的扩展方法,用于扩展jQuery.然后就可以用$.的方式调用. $(function(){ $.extend({ fu ...