devbox
菜鸟追梦旅行
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

spring-security 多类型用户登录+登录多参数验证_loaduserbyusername 怎么接收多个参数

作者:菜鸟追梦旅行 | 2024-04-24 21:19:35

loaduserbyusername 怎么接收多个参数

如果一个系统分为前台用户和后台用户那么就不能使用spring-security的默认配置了。 需要自己来分开配置两种用户的登录方式。

首先创建spring-disuser-security.xml 与 spring-etuser-security.xml 两个配置文件,分别来配置两种用户登录的权限与验证方式

spring-disuser-security.xml的内容如下

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <beans
  3. 	xmlns="http://www.springframework.org/schema/beans"
  4. 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  5. 	xmlns:p="http://www.springframework.org/schema/p"
  6. 	xmlns:context="http://www.springframework.org/schema/context" 
  7. 	xmlns:tx="http://www.springframework.org/schema/tx"
  8. 	xmlns:aop="http://www.springframework.org/schema/aop"
  9. 	xmlns:security="http://www.springframework.org/schema/security" 
  10. 	xsi:schemaLocation="http://www.springframework.org/schema/beans 
  11. 		http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
  12. 		http://www.springframework.org/schema/aop 
  13. 		http://www.springframework.org/schema/aop/spring-aop-3.0.xsd 
  14. 		http://www.springframework.org/schema/tx 
  15. 		http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
  16. 		http://www.springframework.org/schema/context
  17. 		http://www.springframework.org/schema/context/spring-context-3.0.xsd
  18. 		http://www.springframework.org/schema/security   
  19.         http://www.springframework.org/schema/security/spring-security-3.1.xsd">
  20.         
  21.         <!-- 使用自定义Filter时需要将http节点的auto-config="true"属性删除,并且要通过entry-point-ref指定一个入口  -->
  22.         <security:http use-expressions="true" access-denied-page="/powermiss.jsp" 
  23.      	  	authentication-manager-ref="disuserAuthManager" name="disuserSecurity" 
  24.      	  	entry-point-ref="authenticationEntryPoint">
  25.         	<security:intercept-url pattern="/disuserlogin.jsp"  access="permitAll"/>
  26.         	<!-- 配置自定义的Filter,并且将其放在FORM_LOGIN_FILTER节点,就会替换掉原来的FORM_LOGIN_FILTER节点  -->
  27.         	<security:custom-filter ref="loginProcessFilter" position="FORM_LOGIN_FILTER"/>  
  28.         </security:http>  
  29.            
  30. 	    <security:authentication-manager id="disuserAuthManager" >  
  31. 	        <security:authentication-provider user-service-ref="DisuserserDetailService" />
  32. 	    </security:authentication-manager>   
  33. 		
  34. 		<!-- 登录处理Filter  -->
  35. 		<bean id="loginProcessFilter" class="com.tuanfang.service.DisUsernamePasswordAuthenticationFilter">
  36. 			<property name="loginid" value="loginid" />
  37. 			<property name="yzm" value="yzm" />
  38. 			<property name="usernameParameter" value="username" />  
  39. 			<property name="passwordParameter" value="password" />
  40. 			<property name="filterProcessesUrl" value="/disuserlogin.htm" />
  41. 			<property name="authenticationManager" ref="disuserAuthManager" />
  42. 			<property name="authenticationSuccessHandler" ref="successHandler" />
  43. 			<property name="authenticationFailureHandler" ref="failureHandler" />
  44. 		</bean>		
  45. 		
  46. 		<!-- 登录成功处理 -->
  47. 		<bean id="successHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
  48. 			<property name="defaultTargetUrl" value="/index.jsp" />
  49. 			<property name="alwaysUseDefaultTargetUrl" value="true" />
  50. 		</bean>
  51. 		
  52. 		<!-- 登录失败处理 -->
  53. 		<bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
  54. 		 	 <property name="defaultFailureUrl" value="/disuserlogin.jsp?error=true" />
  55. 		</bean>
  56. 		
  57. 	  <!-- 登录入口 --> 
  58. 	   <bean id="authenticationEntryPoint"  
  59. 	        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">  
  60. 	        <property name="loginFormUrl" value="/disuserlogin.jsp" />  
  61.        </bean>  
  62. </beans>


接下来编写DisUsernamePasswordAuthenticationFilter.java文件,处理用户登录。

spring-security默认的处理登录的类是org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter,可以将其中的代码复制到自己写的DisUsernamePasswordAuthenticationFilter.java文件中。

然后在进行自己的修改,达到验证验证码,与公司登录id的验证。

  1. /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  2.  *
  3.  * Licensed under the Apache License, Version 2.0 (the "License");
  4.  * you may not use this file except in compliance with the License.
  5.  * You may obtain a copy of the License at
  6.  *
  7.  *     http://www.apache.org/licenses/LICENSE-2.0
  8.  *
  9.  * Unless required by applicable law or agreed to in writing, software
  10.  * distributed under the License is distributed on an "AS IS" BASIS,
  11.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12.  * See the License for the specific language governing permissions and
  13.  * limitations under the License.
  14.  */
  15.  
  16. package com.tuanfang.service;
  17.  
  18.  
  19. import javax.servlet.http.HttpServletRequest;
  20. import javax.servlet.http.HttpServletResponse;
  21.  
  22. import org.springframework.security.authentication.AuthenticationServiceException;
  23. import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  24. import org.springframework.security.core.Authentication;
  25. import org.springframework.security.core.AuthenticationException;
  26. import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
  27. import org.springframework.util.Assert;
  28.  
  29.  
  30. /**
  31.  * Processes an authentication form submission. Called {@code AuthenticationProcessingFilter} prior to Spring Security
  32.  * 3.0.
  33.  * <p>
  34.  * Login forms must present two parameters to this filter: a username and
  35.  * password. The default parameter names to use are contained in the
  36.  * static fields {@link #SPRING_SECURITY_FORM_USERNAME_KEY} and {@link #SPRING_SECURITY_FORM_PASSWORD_KEY}.
  37.  * The parameter names can also be changed by setting the {@code usernameParameter} and {@code passwordParameter}
  38.  * properties.
  39.  * <p>
  40.  * This filter by default responds to the URL {@code /j_spring_security_check}.
  41.  *
  42.  * @author Ben Alex
  43.  * @author Colin Sampaleanu
  44.  * @author Luke Taylor
  45.  * @since 3.0
  46.  */
  47. public class DisUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
  48.     //~ Static fields/initializers =====================================================================================
  49.  
  50.     public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";
  51.     public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
  52.     public static final String SPRING_SECURITY_FORM_YZM_KEY = "yzm";
  53.     public static final String SPRING_SECURITY_FORM_LOGINID_KEY = "loginid";
  54.     public static final String USERNAME_LOGINID_SPLIT = "/";
  55.     /**
  56.      * @deprecated If you want to retain the username, cache it in a customized {@code AuthenticationFailureHandler}
  57.      */
  58.     @Deprecated
  59.     public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
  60.  
  61.     private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
  62.     private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
  63.     private String yzm = SPRING_SECURITY_FORM_YZM_KEY;
  64.     private String loginid = SPRING_SECURITY_FORM_LOGINID_KEY;
  65.     private boolean postOnly = true;
  66.  
  67.     //~ Constructors ===================================================================================================
  68.  
  69.     public DisUsernamePasswordAuthenticationFilter() {
  70.         super("/j_spring_security_check");
  71.     }
  72.  
  73.     //~ Methods ========================================================================================================
  74.  
  75.     public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
  76.         if (postOnly && !request.getMethod().equals("POST")) {
  77.             throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
  78.         }
  79.  
  80.         String username = obtainUsername(request);
  81.         String password = obtainPassword(request);
  82.         String loginid = obtainLoginid(request);
  83.         String yzm = obtainYzm(request);
  84.         
  85.         if (username == null) {
  86.             username = "";
  87.         }
  88.  
  89.         if (password == null) {
  90.             password = "";
  91.         }
  92.         
  93.         if (loginid == null) {
  94.         	loginid = "";
  95.         }
  96.         
  97.         if (yzm == null) {
  98.         	yzm = "";
  99.         }
  100.  
  101.         username = username.trim();
  102.         password = password.trim();
  103.         loginid = loginid.trim();
  104.         yzm = yzm.trim();
  105.         
  106.         username = loginid + USERNAME_LOGINID_SPLIT + username ;   //将公司登录id与登录用户名使用 / 连接起来
  107.  
  108.         UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
  109.  
  110.         // Allow subclasses to set the "details" property
  111.         setDetails(request, authRequest);
  112.  
  113.         return this.getAuthenticationManager().authenticate(authRequest);
  114.     }
  115.  
  116.     /**
  117.      * Enables subclasses to override the composition of the password, such as by including additional values
  118.      * and a separator.<p>This might be used for example if a postcode/zipcode was required in addition to the
  119.      * password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The
  120.      * <code>AuthenticationDao</code> will need to generate the expected password in a corresponding manner.</p>
  121.      *
  122.      * @param request so that request attributes can be retrieved
  123.      *
  124.      * @return the password that will be presented in the <code>Authentication</code> request token to the
  125.      *         <code>AuthenticationManager</code>
  126.      */
  127.     protected String obtainPassword(HttpServletRequest request) {
  128.         return request.getParameter(passwordParameter);
  129.     }
  130.     
  131.     //获取验证码
  132.     protected String obtainYzm(HttpServletRequest request){
  133.     	   return request.getParameter(yzm);
  134.     }
  135.     
  136.     //获取公司id
  137.     protected String obtainLoginid(HttpServletRequest request){
  138.     	   return request.getParameter(loginid);
  139.     }
  140.     
  141.     
  142.     
  143.     /**
  144.      * Enables subclasses to override the composition of the username, such as by including additional values
  145.      * and a separator.
  146.      *
  147.      * @param request so that request attributes can be retrieved
  148.      *
  149.      * @return the username that will be presented in the <code>Authentication</code> request token to the
  150.      *         <code>AuthenticationManager</code>
  151.      */
  152.     protected String obtainUsername(HttpServletRequest request) {
  153.         return request.getParameter(usernameParameter);
  154.     }
  155.  
  156.     /**
  157.      * Provided so that subclasses may configure what is put into the authentication request's details
  158.      * property.
  159.      *
  160.      * @param request that an authentication request is being created for
  161.      * @param authRequest the authentication request object that should have its details set
  162.      */
  163.     protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
  164.         authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
  165.     }
  166.  
  167.     /**
  168.      * Sets the parameter name which will be used to obtain the username from the login request.
  169.      *
  170.      * @param usernameParameter the parameter name. Defaults to "j_username".
  171.      */
  172.     public void setUsernameParameter(String usernameParameter) {
  173.         Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
  174.         this.usernameParameter = usernameParameter;
  175.     }
  176.  
  177.     /**
  178.      * Sets the parameter name which will be used to obtain the password from the login request..
  179.      *
  180.      * @param passwordParameter the parameter name. Defaults to "j_password".
  181.      */
  182.     public void setPasswordParameter(String passwordParameter) {
  183.         Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
  184.         this.passwordParameter = passwordParameter;
  185.     }
  186.  
  187.     /**
  188.      * Defines whether only HTTP POST requests will be allowed by this filter.
  189.      * If set to true, and an authentication request is received which is not a POST request, an exception will
  190.      * be raised immediately and authentication will not be attempted. The <tt>unsuccessfulAuthentication()</tt> method
  191.      * will be called as if handling a failed authentication.
  192.      * <p>
  193.      * Defaults to <tt>true</tt> but may be overridden by subclasses.
  194.      */
  195.     public void setPostOnly(boolean postOnly) {
  196.         this.postOnly = postOnly;
  197.     }
  198.  
  199.     public final String getUsernameParameter() {
  200.         return usernameParameter;
  201.     }
  202.  
  203.     public final String getPasswordParameter() {
  204.         return passwordParameter;
  205.     }
  206.  
  207. 	public String getYzm() {
  208. 		return yzm;
  209. 	}
  210.  
  211. 	public void setYzm(String yzm) {
  212. 		this.yzm = yzm;
  213. 	}
  214.  
  215. 	public String getLoginid() {
  216. 		return loginid;
  217. 	}
  218.  
  219. 	public void setLoginid(String loginid) {
  220. 		this.loginid = loginid;
  221. 	}
  222. }


接下来编写提供Disuser的UserDetailsService类

  1. package com.tuanfang.service;
  2.  
  3. import java.math.BigInteger;
  4. import java.util.ArrayList;
  5. import java.util.Collection;
  6. import java.util.List;
  7.  
  8. import javax.annotation.Resource;
  9.  
  10. import org.springframework.security.core.GrantedAuthority;
  11. import org.springframework.security.core.authority.SimpleGrantedAuthority;
  12. import org.springframework.security.core.userdetails.User;
  13. import org.springframework.security.core.userdetails.UserDetails;
  14. import org.springframework.security.core.userdetails.UserDetailsService;
  15. import org.springframework.security.core.userdetails.UsernameNotFoundException;
  16. import org.springframework.stereotype.Repository;
  17.  
  18. import com.tuanfang.dao.impl.DisuserDaoImpl;
  19. import com.tuanfang.dao.impl.SysPowrDaoImpl;
  20. import com.tuanfang.pojo.Disuser;
  21. import com.tuanfang.pojo.SysPower;
  22.  
  23. @Repository("DisuserserDetailService")  
  24. public class DisuserserDetailService implements UserDetailsService{
  25. 	
  26. 	@Resource(name="DisuserDaoImpl")
  27. 	private DisuserDaoImpl disuserDao ;
  28. 	
  29. 	@Resource(name="SysPowrDaoImpl")
  30. 	private SysPowrDaoImpl sysPowrDao ;
  31.  
  32. 	@Override
  33. 	public UserDetails loadUserByUsername(String usernameAndloginId)
  34. 			throws UsernameNotFoundException {
  35. 		//将公司登录id与登录用户名使用/分开
  36. 		String args[]  = usernameAndloginId.split(DisUsernamePasswordAuthenticationFilter.USERNAME_LOGINID_SPLIT);
  37. 		String loginid = args[0];
  38. 		String username = args[1];
  39. 		Disuser disuser =  disuserDao.findByLoginIdAndUserName(loginid , username);
  40. 		UserDetails userDetail = null ;
  41. 		if(disuser != null){
  42. 			userDetail = new User(username, disuser.getPassword(),disuser.getStatus() ==Disuser.ENABLE ,
  43. 					true, true, true, obtainUserPowers(disuser.getId()));
  44. 		}
  45. 		return userDetail;
  46. 	}
  47. 	
  48. 	public Collection<GrantedAuthority> obtainUserPowers(BigInteger userId){
  49. 		Collection<GrantedAuthority> gas = new ArrayList<GrantedAuthority>();
  50. 		List<SysPower> powers = sysPowrDao.findDisuserPowers(userId);
  51. 		if(powers != null && powers.size() > 0){
  52. 			for (SysPower sysPower : powers) {  
  53. 				gas.add(new SimpleGrantedAuthority(sysPower.getCode()));   
  54. 			}
  55. 		}
  56. 		gas.add(new SimpleGrantedAuthority("HAVE_LOGIN"));	//登录    
  57. 		return gas ;
  58. 	}
  59.  
  60. }


登录页面disuserlogin.jsp

  1. <%@ page language="java" contentType="text/html; charset=utf-8"
  2.     pageEncoding="utf-8"%>
  3. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  4. <html>
  5. <head>
  6. <%  
  7. String path = request.getContextPath();  
  8. String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";  
  9. %>  
  10. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  11. <title>DisuserLogin</title>
  12. </head>
  13. <body>
  14.      
  15. 	<form action="<%=basePath %>disuserlogin.htm" method="post">      
  16.         <p> 
  17.             <label for="username">Username</label> <input id="username"    
  18.                 name="username" type="text" />    
  19.         </p>    
  20.     
  21.         <p>    
  22.             <label for="password">password</label> <input id="password"    
  23.                 name="password" type="password" />            
  24.         </p>    
  25.           
  26.     
  27.         <p>    
  28.             <label for="loginid">LoginId</label> <input id="loginid"    
  29.                 name="loginid" type="text" />            
  30.         </p>    
  31.           
  32.     
  33.         <p>    
  34.             <label for="yzm">验证码</label> <input id="yzm"    
  35.                 name="yzm" type="text" />            
  36.         </p>    
  37.           
  38.         <input type="submit" value="Login" /> 
  39.     </form>    
  40. 	
  41. 	  
  42. </body>
  43. </html>




这样就配置好了Disuser的login



接下来配置EtdsUser的login。只需要username与password

spring-etuser-security.xml文件内容如下(使用spring-security默认的方式配置):

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <beans
  3. 	xmlns="http://www.springframework.org/schema/beans"
  4. 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  5. 	xmlns:p="http://www.springframework.org/schema/p"
  6. 	xmlns:context="http://www.springframework.org/schema/context" 
  7. 	xmlns:tx="http://www.springframework.org/schema/tx"
  8. 	xmlns:aop="http://www.springframework.org/schema/aop"
  9. 	xmlns:security="http://www.springframework.org/schema/security" 
  10. 	xsi:schemaLocation="http://www.springframework.org/schema/beans 
  11. 		http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
  12. 		http://www.springframework.org/schema/aop 
  13. 		http://www.springframework.org/schema/aop/spring-aop-3.0.xsd 
  14. 		http://www.springframework.org/schema/tx 
  15. 		http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
  16. 		http://www.springframework.org/schema/context
  17. 		http://www.springframework.org/schema/context/spring-context-3.0.xsd
  18. 		http://www.springframework.org/schema/security   
  19.         http://www.springframework.org/schema/security/spring-security-3.1.xsd">
  20.         
  21.         <security:http auto-config="true" pattern="/admin/**" use-expressions="true" access-denied-page="/powermiss.jsp" 
  22.         authentication-manager-ref="etuserAuthManager" name="etuserSecurity">
  23.         	<security:intercept-url pattern="/admin/etuserlogin.jsp"  access="permitAll"/>
  24.         	<security:form-login login-processing-url="/admin/j_spring_security_check" authentication-failure-url="/admin/etuserlogin.jsp?error=true"  login-page="/admin/etuserlogin.jsp" 
  25.         		 default-target-url="/index.jsp" />
  26.         </security:http>  
  27.            
  28.         
  29. 	    <security:authentication-manager id="etuserAuthManager" >  
  30. 	        <security:authentication-provider user-service-ref="EtuserDetailService"/>
  31. 	    </security:authentication-manager>   
  32. 		
  33. 	
  34. </beans>

Etdsuser的UserDetailsService类如下: 

  1. package com.tuanfang.service;
  2.  
  3. import java.math.BigInteger;
  4. import java.util.ArrayList;
  5. import java.util.Collection;
  6. import java.util.List;
  7.  
  8. import javax.annotation.Resource;
  9.  
  10. import org.springframework.security.core.GrantedAuthority;
  11. import org.springframework.security.core.authority.SimpleGrantedAuthority;
  12. import org.springframework.security.core.userdetails.User;
  13. import org.springframework.security.core.userdetails.UserDetails;
  14. import org.springframework.security.core.userdetails.UserDetailsService;
  15. import org.springframework.security.core.userdetails.UsernameNotFoundException;
  16. import org.springframework.stereotype.Repository;
  17.  
  18. import com.tuanfang.dao.impl.EtdsuserDaoImpl;
  19. import com.tuanfang.dao.impl.SysPowrDaoImpl;
  20. import com.tuanfang.pojo.EtdsUser;
  21. import com.tuanfang.pojo.SysPower;
  22.  
  23. @Repository("EtuserDetailService")  
  24. public class EtuserDetailService implements UserDetailsService{
  25. 	
  26. 	@Resource(name="EtdsuserDaoImpl")
  27. 	private EtdsuserDaoImpl etdsuserDao ;
  28. 	
  29. 	@Resource(name="SysPowrDaoImpl")
  30. 	private SysPowrDaoImpl sysPowrDao ;
  31.  
  32. 	@Override
  33. 	public UserDetails loadUserByUsername(String username)
  34. 			throws UsernameNotFoundException {
  35. 		EtdsUser etuser =  etdsuserDao.findUserByLoginName(username);
  36. 		UserDetails userDetail = null ;
  37. 		if(etuser != null){
  38. 			userDetail = new User(username, etuser.getPassword(),etuser.getStatus() ==EtdsUser.ENABLE ,
  39. 					true, true, true, obtainUserPowers(etuser.getId()));  
  40. 		}
  41. 		return userDetail;
  42. 	}
  43. 	
  44. 	public Collection<GrantedAuthority> obtainUserPowers(BigInteger userId){
  45. 		Collection<GrantedAuthority> gas = new ArrayList<GrantedAuthority>();
  46. 		List<SysPower> powers = sysPowrDao.findEtuserPowers(userId);
  47. 		if(powers != null && powers.size() > 0){
  48. 			for (SysPower sysPower : powers) {  
  49. 				gas.add(new SimpleGrantedAuthority(sysPower.getCode()));   
  50. 			}
  51. 		}
  52. 		gas.add(new SimpleGrantedAuthority("HAVE_LOGIN"));	//登录   
  53. 		return gas ;
  54. 	}
  55.  
  56. }

然后在applicationContext.xml中导入spring-disuser-security.xml与spring-etuser-security.xml


<import resource="spring-etuser-security.xml"/>
<import resource="spring-disuser-security.xml"/>




声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/菜鸟追梦旅行/article/detail/481612
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号