下面的配置是从数据库中登陆的,已经测试过,可以工作了,<http auto-config='true'>
<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />
</http> <authentication-provider>
<password-encoder hash="md5"/>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select userid,password,workstatus as enabled from myUser where userid=?"
authorities-by-username-query="select a.userid,b.groupname as authority from myUser a,usergroup b where a.groupid=b.groupid and userid=?"/>
</authentication-provider>
<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.microsoft.jdbc.sqlserver.SQLServerDriver"/>
<beans:property name="url" value="jdbc:microsoft:sqlserver://10.55.104.38:1433;databasename=mydb"/>
<beans:property name="username" value="sa"/>
<beans:property name="password" value="pass"/>
</beans:bean>现在我想自定义一个Filter,实现验证码的功能
<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />
</http> <authentication-provider>
<password-encoder hash="md5"/>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select userid,password,workstatus as enabled from myUser where userid=?"
authorities-by-username-query="select a.userid,b.groupname as authority from myUser a,usergroup b where a.groupid=b.groupid and userid=?"/>
</authentication-provider>
<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.microsoft.jdbc.sqlserver.SQLServerDriver"/>
<beans:property name="url" value="jdbc:microsoft:sqlserver://10.55.104.38:1433;databasename=mydb"/>
<beans:property name="username" value="sa"/>
<beans:property name="password" value="pass"/>
</beans:bean>现在我想自定义一个Filter,实现验证码的功能
<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />
</http> <authentication-provider>
<password-encoder hash="md5"/>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select userid,password,workstatus as enabled from MyUser where userid=?"
authorities-by-username-query="select a.userid,b.groupname as authority from Myuser a,usergroup b where a.groupid=b.groupid and userid=?"/>
</authentication-provider>
<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.microsoft.jdbc.sqlserver.SQLServerDriver"/>
<beans:property name="url" value="jdbc:microsoft:sqlserver://10.55.104.38:1433;databasename=mydb"/>
<beans:property name="username" value="sa"/>
<beans:property name="password" value="pass"/>
</beans:bean>
<beans:bean id="authenticationProcessingFilter" class="MyAuthenticationProcessingFilter">
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
<beans:property name="defaultTargetUrl" value="/index.jsp"/>
<beans:property name="authenticationManager" ref="authenticationManager"/>在这有个警告,提示找不到ref的bean
</beans:bean>
<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<beans:property name="loginFormUrl" value="/login.jsp"/>
<beans:property name="forceHttps" value="false"/>
</beans:bean>
<authentication-manager alias="authenticationManager"/>
</beans:beans>
1、定义一个类继承自AbstractAction
public class AfterSubmitAction extends AbstractAction{ protected Event doExecute(RequestContext context) throws Exception {
if(是正确的验证码){//这里可以用context.getRequestParameters(name)得到值,相当于request.getParameter(name);
context.getRequestScope().put("code", "1");
return error();
}
return success();
}}2、在cas-servlet中加入 <bean id="afterLoginAction" class="AfterLoginAction"/>3、在login-webflow.xml中找到<view-state id="loginForm" view="casLoginView">
这一行,改成:
<view-state id="loginForm" view="casLoginView">
<render-actions>
<action bean="authenticationViaFormAction" method="setupForm"/>
<action bean="authenticationViaFormAction" method="referenceData"/>
</render-actions>
<transition on="submit" to="afterSubmitAction" />
</view-state> <action-state id="afterSubmitAction">
<action bean="afterSubmitAction" />
<transition on="success" to="bindAndValidate" />
<transition on="error" to="viewLoginForm" />
</action-state>