解决方案 »
- /etc/inittab设置启动tomcat导致web应用字符集为ANSI_X3.4-1968,为什么、怎么改为utf-8
- eclipse配置构建路径顺序问题
- Tomcat 本地部署项目 访问本地网站比较慢!但是在同事的机器上非常正常
- 求教高手 struts2 问题
- 一个Struts的bean:write标签的问题
- 急!为什么我的webservice返回的数组结果总是只有一个元素!
- tomcat 4.0 在那下载呀
- 关于TOMCAT配置问题
- 谁能给我一个可以编译和执行的 RMI/IIOP的实例 谢谢!!!
- 国内有没有采用j2ee架构开发的网站?
- hibernate反向工程时遇到的奇葩问题......
- myeclipse不能调试JSP 和JS
import javax.servlet.http.HttpServletResponse;import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
/**
* 重载SECURITY3的UsernamePasswordAuthenticationFilter的attemptAuthentication,
* obtainUsername,obtainPassword方法(完善逻辑) 增加验证码校验模块 添加验证码属性 添加验证码功能开关属性
*
* @author shadow
* @email [email protected]
* @create 2012.04.28
*/
public class UsernamePasswordAuthenticationExtendFilter extends UsernamePasswordAuthenticationFilter {
private SessionAuthenticationStrategy sessionAuthenticationStrategy = null;
public SessionAuthenticationStrategy getSessionAuthenticationStrategy() {
return sessionAuthenticationStrategy;
}
public void setSessionAuthenticationStrategy(
SessionAuthenticationStrategy sessionAuthenticationStrategy) {
this.sessionAuthenticationStrategy = sessionAuthenticationStrategy;
} // 验证码字段
private String validateCodeParameter = "validateCode";
// 是否开启验证码功能
private boolean openValidateCode = false; @Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
request.getSession().removeAttribute("msg");
// 只接受POST方式传递的数据
if (!"POST".equals(request.getMethod())){
throw new AuthenticationServiceException("不支持非POST方式的请求!");
} // 开启验证码功能的情况
if (isOpenValidateCode()){
checkValidateCode(request);
} // 获取Username和Password
String username = obtainUsername(request);
String password = obtainPassword(request); // UsernamePasswordAuthenticationToken实现Authentication校验
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
username, password); // 允许子类设置详细属性
setDetails(request, authRequest); // 运行UserDetailsService的loadUserByUsername 再次封装Authentication
return this.getAuthenticationManager().authenticate(authRequest);
} // 匹对验证码的正确性
public void checkValidateCode(HttpServletRequest request) {
String jcaptchaCode = obtainValidateCodeParameter(request);
if (null == jcaptchaCode || "".equals(jcaptchaCode)){
throw new AuthenticationServiceException("请输入验证码");
}
if(null == request.getSession().getAttribute("rand")){
throw new AuthenticationServiceException("验证码失效");
}
//对比普通验证码
if(!request.getSession().getAttribute("rand").equals(jcaptchaCode)){
throw new AuthenticationServiceException("验证码错误!");
}
return;
} public String obtainValidateCodeParameter(HttpServletRequest request) {
Object obj = request.getParameter(getValidateCodeParameter());
return null == obj ? "" : obj.toString().trim();
} @Override
protected String obtainUsername(HttpServletRequest request) {
Object obj = request.getParameter(getUsernameParameter());
return null == obj ? "" : obj.toString().trim();
} @Override
protected String obtainPassword(HttpServletRequest request) {
Object obj = request.getParameter(getPasswordParameter());
return null == obj ? "" : obj.toString().trim();
} public String getValidateCodeParameter() {
return validateCodeParameter;
} public void setValidateCodeParameter(String validateCodeParameter) {
this.validateCodeParameter = validateCodeParameter;
} public boolean isOpenValidateCode() {
return openValidateCode;
} public void setOpenValidateCode(boolean openValidateCode) {
this.openValidateCode = openValidateCode;
}
}
UserDetailsService页面代码package filter;import java.util.ArrayList;
import java.util.Collection;import model.UserDetail;import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;/**
* 登录类
*
* @author Administrator
* @comment 在这个类中,你就可以从数据库中读入用户的密码、角色信息、是否锁定、 账号是否过期等. new User()方法参数说明, String
* username(用户名), String password(密码), boolean enabled(账户是否可用), boolean
* accountNonExpired(账户是否未过期), boolean accountNonLocked(账户是否未锁定),
* Collection<GrantedAuthority> authorities(账户所受权限).
*/
public class MyUserDetailService implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
Collection<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
GrantedAuthorityImpl auth2 = new GrantedAuthorityImpl("ROLE_USER");// 进行授权
auths.add(auth2);// 添加所授的权限
UserDetail user = new UserDetail("123", "123", true, true, true, true, auths);
return user;
}
}UserDetail类方法package model;import java.util.Collection;import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;@SuppressWarnings("serial")
public class UserDetail implements UserDetails {
private Collection<GrantedAuthority> authorities;
private String password;
private String username;
private boolean isAccountNonExpired;
private boolean isAccountNonLocked;
private boolean isCredentialsNonExpired;
private boolean isEnabled; /** default constructor */
public UserDetail() {
} public UserDetail(String username, String password,
boolean isAccountNonExpired, boolean isAccountNonLocked,
boolean isCredentialsNonExpired, boolean isEnabled, Collection<GrantedAuthority> authorities) {
this.username = username;
this.password = password;
this.isAccountNonExpired = isAccountNonExpired;
this.isAccountNonLocked = isAccountNonLocked;
this.isCredentialsNonExpired = isCredentialsNonExpired;
this.isEnabled = isEnabled;
this.authorities = authorities;
} // Constructors public Collection<GrantedAuthority> getAuthorities() {
return authorities;
} public void setAuthorities(Collection<GrantedAuthority> authorities) {
this.authorities = authorities;
} public String getPassword() {
return password;
} public void setPassword(String password) {
this.password = password;
} public String getUsername() {
return username;
} public void setUsername(String username) {
this.username = username;
} public boolean isAccountNonExpired() {
return isAccountNonExpired;
} public void setAccountNonExpired(boolean isAccountNonExpired) {
this.isAccountNonExpired = isAccountNonExpired;
} public boolean isAccountNonLocked() {
return isAccountNonLocked;
} public void setAccountNonLocked(boolean isAccountNonLocked) {
this.isAccountNonLocked = isAccountNonLocked;
} public boolean isCredentialsNonExpired() {
return isCredentialsNonExpired;
} public void setCredentialsNonExpired(boolean isCredentialsNonExpired) {
this.isCredentialsNonExpired = isCredentialsNonExpired;
} public boolean isEnabled() {
return isEnabled;
} public void setEnabled(boolean isEnabled) {
this.isEnabled = isEnabled;
}
@Override
public boolean equals(Object obj) {
System.out.println("进入equals方法");
if (obj instanceof UserDetail) {
UserDetail another = (UserDetail)obj;
return this.getUsername().equals(another.getUsername());
}
return super.equals(obj);
} @Override
public int hashCode() {
System.out.println("进入hashCode方法");
return this.getUsername().hashCode();
}
}